The Next Chapter on Data Privacy06/04/2018
AnalyticsCultureData GovernanceDeploymentEventsRevenue Cycle All posts

How many emails have you received in your inbox over the past month mentioning GDPR?  While it seems like a new marketing slogan, it is actually a groundbreaking European Union Law that may change how we all think about data privacy.  There is a lot of buzz today about General Data Protection Regulation (GDPR) in the business and technology media as global firms make a mad dash to ensure their compliance by May 25.  What is it exactly?  How are you impacted?

 

What is GDPR?

GDPR went into effect on May 25, 2018 after two years of preparation. Consumers around the world are starting to see impacts through notices on updated privacy policies, email requests to opt in to communication and billboards offering legal advice and action on failure to comply with GDPR.

GDPR outlines comprehensive privacy protections for persons that are subjects of the EU and goes as far as to state that these protections are a fundamental right. It applies to any firm that uses (or “processes”) EU subject data. The regulation gives people more control over their personal data. This control grants the right to:

GDPR is also opt-in rather than opt-out – meaning that a person must consent to their data being processed in accordance with GDPR guidelines, that consent needs to be plain and transparent, and the person can withdraw their consent at any time. The regulation stipulates that the use of data by firms must be “lawful, fair, transparent, and relevant to reasons why consent was given” (EUR-Lex 2016). Noncompliance with GDPR may result in reprimands, penalties, or administrative fines. Those penalties may be criminal depending on the EU country.

 

How Does GDPR Impact the US Healthcare Industry?

Although GDPR only applies to firms that process EU subject data, there are a number of ways that GDPR could impact US healthcare. Any business, healthcare organization or otherwise, that stores or uses the data of EU subjects is impacted. GDPR compliance can be a lengthy and challenging process for businesses undertaking advanced data protections, quality, and risk management for the first time. US healthcare providers such as large health systems, hospitals, and clinics could see some impact based on how their vendors react to GDPR compliance, if those vendors operate in Europe.

In addition, although many aspects of GDPR overlap with HIPAA requirements, GDPR has exclusive components as well. There is some speculation that a US general data production regulation may come in the near future and be modeled on EU law. If that happens all US healthcare providers will be heavily impacted as well and may need to look to advanced data governance processes and technologies in addition to creating new FTE positions to manage long-term compliance.

If you are a US healthcare business or a healthcare provider and you have questions about how GDPR impacts you directly, please contact us to set up a conversation.

 

Source: EUR-Lex: Access to European Law

Recent Posts
Let’s talk about your provider data. Is it complete? Is it accurate? Is it consistent? Like most health systems, the answer to at least one of the…
Since our founding, Prominence has been proud to work with so many great charities and to give back to our community. Every year, we donate tens of t…
There are a number of steps involved with increasing the effectiveness of your revenue cycle. First, the processes in place are assessed and recommen…
With $262 billion of claims being denied in 2016, data transparency is critical to help identify the reasons for these denials and to prevent similar…
Health care providers are focused on providing the best possible quality of care to patients and maximizing reimbursement for said care. While advanc…