The Next Chapter on Data Privacy06/04/2018
AnalyticsCultureData GovernanceDeploymentEventsRevenue Cycle All posts

How many emails have you received in your inbox over the past month mentioning GDPR?  While it seems like a new marketing slogan, it is actually a groundbreaking European Union Law that may change how we all think about data privacy.  There is a lot of buzz today about General Data Protection Regulation (GDPR) in the business and technology media as global firms make a mad dash to ensure their compliance by May 25.  What is it exactly?  How are you impacted?

 

What is GDPR?

GDPR went into effect on May 25, 2018 after two years of preparation. Consumers around the world are starting to see impacts through notices on updated privacy policies, email requests to opt in to communication and billboards offering legal advice and action on failure to comply with GDPR.

GDPR outlines comprehensive privacy protections for persons that are subjects of the EU and goes as far as to state that these protections are a fundamental right. It applies to any firm that uses (or “processes”) EU subject data. The regulation gives people more control over their personal data. This control grants the right to:

GDPR is also opt-in rather than opt-out – meaning that a person must consent to their data being processed in accordance with GDPR guidelines, that consent needs to be plain and transparent, and the person can withdraw their consent at any time. The regulation stipulates that the use of data by firms must be “lawful, fair, transparent, and relevant to reasons why consent was given” (EUR-Lex 2016). Noncompliance with GDPR may result in reprimands, penalties, or administrative fines. Those penalties may be criminal depending on the EU country.

 

How Does GDPR Impact the US Healthcare Industry?

Although GDPR only applies to firms that process EU subject data, there are a number of ways that GDPR could impact US healthcare. Any business, healthcare organization or otherwise, that stores or uses the data of EU subjects is impacted. GDPR compliance can be a lengthy and challenging process for businesses undertaking advanced data protections, quality, and risk management for the first time. US healthcare providers such as large health systems, hospitals, and clinics could see some impact based on how their vendors react to GDPR compliance, if those vendors operate in Europe.

In addition, although many aspects of GDPR overlap with HIPAA requirements, GDPR has exclusive components as well. There is some speculation that a US general data production regulation may come in the near future and be modeled on EU law. If that happens all US healthcare providers will be heavily impacted as well and may need to look to advanced data governance processes and technologies in addition to creating new FTE positions to manage long-term compliance.

If you are a US healthcare business or a healthcare provider and you have questions about how GDPR impacts you directly, please contact us to set up a conversation.

 

Source: EUR-Lex: Access to European Law

Recent Posts
From our founding, we’ve lived as a completely remote company. Among the advantages, we’ve found this to be pivotal in our ability to hire the right …
We’ve all heard the saying that when one door closes, another one opens. But how do you find the open door? How do you find the opportunity in the ch…
We’re back with another example of our work with interesting and meaningful data challenges. Today, we’re reflecting on a recent webinar and project …
 Chicago, IL— Out of 519 nominees, Prominence has been selected as one of the Top 100 Finalists still in the running for the 17th annual Chicago Inno…
Prominence was proud to sponsor our favorite golf tournament, Tri 4 Schools Golf Classic, this past weekend in Madison, WI.  Who doesn't want to spen…