May 2020 Volume LV Number 3


Litch's Law Log: Legal Issues for your Practice Website

November 2014 Volume L Number 6

You've probably had a practice website running for the past 15 or 20 years, albeit with many new features and creative designs added along the way as website technology became more sophisticated. Other than keeping the site's content up to date, there is not much else to worry about, right? Well, there are at least a couple of relevant laws to be aware of.


Children's Online Privacy Protection Act

Here is a brief summary from the Federal Trade Commission's (FTC) website:

"Congress enacted the Children's Online Privacy Protection Act (COPPA) in 1998. COPPA required the Federal Trade Commission to issue and enforce regulations concerning children's online privacy. The Commission's original COPPA Rule became effective on April 21, 2000. The Commission issued an amended Rule on Dec. 19, 2012. The amended Rule will become effective on July 1, 2013.
The primary goal of COPPA is to place parents in control over what information is collected from their young children online. The Rule was designed to protect children under age 13 while accounting for the dynamic nature of the Internet. The Rule applies to operators of commercial websites and online services (including mobile apps) directed to children under 13 that collect, use, or disclose personal information from children, and operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13. The Rule also applies to websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed to children. Operators covered by the Rule must: 
  1. Post a clear and comprehensive online privacy policy describing their information practices for personal information collected online from children;
  2. Provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting 
  3. Provide parents access to their child's personal information to review and/or have the information deleted;
  4. Give parents the opportunity to prevent further use or online collection of a child's personal information;
  5. Maintain the confidentiality, security, and integrity of information they collect from children, including by taking reasonable steps to release such information only to parties capable of maintaining its confidentiality and security; and
  6. Retain personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected and delete the information using reasonable measures to protect against its unauthorized access or use."
 As you can see, COPPA is aimed at websites directed at children under age 13. Your first reaction might be that your practice website is aimed at parents and guardians, but not their children. That is most likely the case but it is possible there are sections of a website that might cater to younger children—perhaps a game or graphic encouraging them to learn more about good oral hygiene habits. If you are collecting any information from children, such as biographical information to accompany a great check-up recognition, you must obtain consent from the parent or guardian. Personal information covered would be items such as first and last name, home or other physical address, online contact information, a screen or user name, a telephone number, or a social security number. This could also include a video or audio file with the child's image or voice. Whether a website would be considered "directed to children" is based on the subject matter, visual content, use of animated characters, music or other audio content, age of models, presence of child celebrities, language, and whether the advertising on the site is directed to children. If your website or a portion thereof falls into this category, and you collect such information, follow the notification steps listed above. Of course, you could also decide not to collect such information. The FTC also provides the following guidance about general audience websites that contain a specific children's section:
Give parents the choice of consenting to the operator's collection and internal use of a child's information, but prohibiting the operator from disclosing that information to third parties (unless disclosure is integral to the site or service, in which case, this must be made clear to parents);
I operate a general audience website that contains a specific children's section. May I post a single privacy policy for the entire site that combines information about my children's and general information practices, or must I have a separate privacy policy for children's data? 

In the 1999 Statement of Basis and Purpose, the Commission noted that "operators are free to combine the privacy policies into one document, as long as the link for the children's policy takes visitors directly to the point in the document where the operator's policies with respect to children are discussed, or it is clearly disclosed at the top of the notice that there is a specific section discussing the operator's information practices with regard to children." See 64 Fed. Reg. 59888, 59894 n.98. This advice remains in effect under the amended Rule. Operators should also ensure that the link for the children's portion of the privacy policy appears on the home page or screen of the children's area of the site or service, and at each area where personal information is collected from children. See 16 C.F.R. § 312.4(d)."

For more information see this FTC FAQ at


Americans with Disabilities Act

You should also ask your website vendor about compatibility under the Americans with Disabilities Act (ADA), since that law does require websites to be usable for people with visual impairments, auditory impairments, or limited manual dexterity. A dental practice is a public accommodation under Title VIII of the ADA. To make matters more complicated, there is a legal requirement but no current regulations for website accessibility. There is a potential risk because it is very easy for plaintiff attorneys to surf the Internet and file successful Web accessibility lawsuits—it has already to happed to some large corporations.

While the Department of Justice has yet to issue regulations in this area, this recent consent decree provides some indication of where things might be headed: http://www.

In the meantime, the best available guidance for website designers is the Web Content Accessibility Guidelines (WCAG) 2.0 from 2008 at WCAG20/.

For further information contact Chief Operating Officer and General Counsel C. Scott Litch at (312) 337-2169 ext. 29 or