“Protecting someone else’s data protects all of us.” Tim Cook, CEO of Apple
By: Shobha Lizaso
We are in the age of electronic data and heightened data privacy. New laws to strengthen individuals’ privacy rights and to strengthen data protection are evolving worldwide. The General Data Protection Regulation (GDPR) establishes protections for the privacy and security of personal data about residents of the European Union. This new law affects US healthcare providers and organizations that provide services to residents of any of the EU countries, that collect data from EU residents or monitors EU residents through the use of cookies and the like, and practitioners involved in medical tourism programs and other clinical activities. GDPR imposes more restrictions on the collection, use, processing, storage, disclosure, and disposition of patient data than HIPAA.
GDPR became effective on May 25, 2018, and there will not be a compliance grace period, so healthcare providers should meet with their healthcare technology attorney to determine whether they are subject to the GDPR, to update their online Terms of Use & Privacy Policies, and to audit internal data handling procedures to prevent any violations.Continue reading