General Data Protection Regulation: What Does It All Mean?

Every day more and more electronic devices are “connected” and medical devices are no exception. Medical devices are connected to network servers for many end outcomes including, preventative diagnostics, patient-care management, medication adherence, and remote health monitoring. While connectivity is revolutionizing the healthcare industry, protecting patient privacy and safeguarding data against obvious and non-obvious adversaries has been challenging. Free market economies have a history of under-valuing user privacy aspects to improve user convenience. In response to this, the European Union (EU) introduced GDPR (General Data Protection Regulation), effective May 25, 2018, to increase the user’s role in data protection and provide users with autonomy regarding how their data is handled and safe-guarded. All companies fielding devices in the EU who store and control or process patient data are required to adhere to the GDPR and not adhering will result in financial penalties. Below are GDPR highlights for awareness and consideration for medical device manufacturers. GDPR outlines the following three categories for clinical data: Personal data concerning physical or mental health of a person Personal data relating to inherited or acquired genetic characteristics of a person (genetic data) Biometric data For all data collection/processing methods, specific opt-in consent from the user/patient must be obtained. GDPR also ...
Source: MDDI - Category: Medical Devices Authors: Tags: Software Source Type: news