Home » Cybersecurity » Governance, Risk & Compliance » Privacy Law Is Growing More Extensive – Here’s What That Means For Healthcare

Privacy Law Is Growing More Extensive – Here’s What That Means For Healthcare

Regulations like the GDPR are changing both how we do business and how customers engage with their data. Healthcare is no exception to that rule. Even in light of strict frameworks like HIPAA, health organizations face a number of unique challenges where privacy laws are concerned. Here’s why – and how you can overcome them.

The European Union’s General Data Protection Regulation (GDPR) puts ownership over personal information directly into the hands of the consumer, and introduces harsh penalties for any business that doesn’t meet its duty of care to protect and enable that ownership. And this is just the beginning.

Already, countries like Australia and the United Kingdom have implemented their own versions of the GDPR, while Canada is not far behind. I do not doubt that at one point or another we will see a similar framework in place for the United States.

Suffice it to say, no matter your industry, your business cannot afford to ignore what’s happening in the world. This is especially true in healthcare.

Virtually all data you work with is privileged in some way – patient information that’s protected by HIPAA. What’s more, the GDPR specifically references three types of PHI:

• Data concerning health
• Genetic data
• Biometric data

The good news is that healthcare providers in the U.S. are in an advantageous position when it comes to regulations like the GDPR. They should already have strong data governance practices and processes in place with regular reviews performed by a dedicated compliance officer. They should already know where all PHI is stored, how it is accessed, by whom it is accessed and how it is used.

Compliance with the bulk of the GDPR should, therefore, pose no threat to healthcare entities that are on top of their HIPAA compliance efforts. But (Read more...)