GDPR and Why U.S. Healthcare Providers Should Care

The following is a guest blog post by Steven Marco, CISA, ITIL, HP SA and President of HIPAA One®. The European Union (EU) has drafted guidance to give citizens more control over their personal data, so what does this mean for U.S. based healthcare providers? On May 25, 2018, the EU will roll out General Data Protection Regulation (GDPR), a new set of rules that is similar in nature to HIPAA compliance for EU countries. The effort to create GDPR started years ago in January 2012, when the European Commission began working on plans to create data protection reform across the EU so that European countries would have greater controls in place to manage information in the digital age. Additionally, GDPR aims to simplify the regulatory environment for businesses so both European citizens and businesses can benefit from a digital economy. Being that GDPR has not yet taken effect, there are aspects to this new framework that are difficult to fully understand and define at this time yet we do know that U.S. companies DO NOT need to have business operations in one of the 28-member states of the EU to be impacted by GDPR. The new set of rules will require organizations around the world that hold data belonging to individuals who live in the EU to a high level of protection and must be able to account for where every bit of data is stored. The good news is a large majority of U.S. based healthcare providers will be relatively safe in terms of complying with GDPR. If your organization i...
Source: EMR and HIPAA - Category: Information Technology Authors: Tags: Healthcare HealthCare IT HIPAA General GDPR Healthcare Compliance HIPAA Risk Assessment HIPAAOne Steven Marco Source Type: blogs