European perspective: How hospitals should be approaching GDPR compliance

[InfoSec News <alerts () infosecnews org>]

https://www.healthcareitnews.com/news/european-perspective-how-hospitals-should-be-approaching-gdpr-compliance

By Mike Miliard
Healthcare IT News
December 11, 2018

Since the European Union enacted its General Data Protection Regulation 
law this past May, it's probable that many healthcare organizations in the 
U.S. have been trying hard not to think much about it.

But most should be paying a lot more attention to the rules since, even if 
the exact mechanisms of U.S. enforcement are still somewhat unclear, it's 
likely they're expected to follow they law if they handle any data of EU 
residents.

GDPR has a higher compliance threshold than HIPAA, since it defines 
personal data as anything connected to an "identified or identifiable 
natural person" – and that could be a photograph or an IP address, not 
just protected health information as most U.S. hospitals think of it.

Stateside health systems are on the hook for GDPR if they have European 
patients, and could face fines exceeding and could face fines exceeding 
€20 million. And, as we've shown this week, those who are curious about 
trying their hands at more advanced projects such as blockchain should 
also be aware of the privacy law's ins and outs.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_