The Next Chapter on Data Privacy06/04/2018
AnalyticsCultureData GovernanceDeploymentEventsRevenue Cycle All posts

How many emails have you received in your inbox over the past month mentioning GDPR?  While it seems like a new marketing slogan, it is actually a groundbreaking European Union Law that may change how we all think about data privacy.  There is a lot of buzz today about General Data Protection Regulation (GDPR) in the business and technology media as global firms make a mad dash to ensure their compliance by May 25.  What is it exactly?  How are you impacted?

 

What is GDPR?

GDPR went into effect on May 25, 2018 after two years of preparation. Consumers around the world are starting to see impacts through notices on updated privacy policies, email requests to opt in to communication and billboards offering legal advice and action on failure to comply with GDPR.

GDPR outlines comprehensive privacy protections for persons that are subjects of the EU and goes as far as to state that these protections are a fundamental right. It applies to any firm that uses (or “processes”) EU subject data. The regulation gives people more control over their personal data. This control grants the right to:

GDPR is also opt-in rather than opt-out – meaning that a person must consent to their data being processed in accordance with GDPR guidelines, that consent needs to be plain and transparent, and the person can withdraw their consent at any time. The regulation stipulates that the use of data by firms must be “lawful, fair, transparent, and relevant to reasons why consent was given” (EUR-Lex 2016). Noncompliance with GDPR may result in reprimands, penalties, or administrative fines. Those penalties may be criminal depending on the EU country.

 

How Does GDPR Impact the US Healthcare Industry?

Although GDPR only applies to firms that process EU subject data, there are a number of ways that GDPR could impact US healthcare. Any business, healthcare organization or otherwise, that stores or uses the data of EU subjects is impacted. GDPR compliance can be a lengthy and challenging process for businesses undertaking advanced data protections, quality, and risk management for the first time. US healthcare providers such as large health systems, hospitals, and clinics could see some impact based on how their vendors react to GDPR compliance, if those vendors operate in Europe.

In addition, although many aspects of GDPR overlap with HIPAA requirements, GDPR has exclusive components as well. There is some speculation that a US general data production regulation may come in the near future and be modeled on EU law. If that happens all US healthcare providers will be heavily impacted as well and may need to look to advanced data governance processes and technologies in addition to creating new FTE positions to manage long-term compliance.

If you are a US healthcare business or a healthcare provider and you have questions about how GDPR impacts you directly, please contact us to set up a conversation.

 

Source: EUR-Lex: Access to European Law

Recent Posts
In the United States, we are fortunate to have one of the best quality health care delivery systems in the world.  Unfortunately, even in a country w…
We often talk about the work we do at Prominence which includes a focus on emerging technologies, because we get a lot of questions in these areas. W…
HIMSS ’18 has come and gone, but there was one topic that really stood out from the rest – culture. Culture isn’t always the first, or even second…
Governed data. Whether your operational leaders recognize it or not, governed data is the path to understanding, trusting, and using the wealth of in…
Data Governance is more than centralized data access, metadata management, and governance.  It is taking these high-level concepts and embedding it i…