The year of GDPR is upon us. On May 25, 2018, the European Union’s new laws regarding the privacy and protection of individual data will go into effect. While these laws are far-reaching, they will have particular impact on the healthcare industry.
What is GDPR?
According to the GDPR resource site, these new regulations were designed to “harmonize data privacy laws across Europe, to protect and empower all EU citizens and to reshape the way organizations across the region approach data privacy.”
Essentially, GDPR is designed to improve the way that companies collect, handle, process, and archive personal data. Personal data that needs to be protected under the GDPR is any information regarding an individual that can be identified from that data, such as names, address, job, etc. Sensitive data includes information like racial origin, sexual orientation, political opinions, etc. This also includes biomedical, genetic, and other forms of healthcare data.
How it Affects Healthcare in the U.S.
If you think the GDPR is a concern only for companies based in the EU, you’d be wrong. In fact, one of the primary distinctions of these new privacy laws is their extended jurisdiction. These laws will apply to any company working with the data of any EU citizen, regardless of whether or not that company is in the EU. That means that U.S. healthcare companies that have operations or deployments in the EU will certainly have to comply with GDPR laws.
And the penalty for non-compliance could be steep. Organizations in breach of GDPR could be fined up to 4% of annual global turnover or €20 million.
Working Toward GDPR Understanding
As a development partner for clients in the healthcare industry, we’re steadily working to understand the GDPR requirements so we advise our clients and help them make informed development decisions based on these new laws. Just as we’ve become experts at building SaaS and solutions that are HIPAA compliant, we’re confident that we’ll soon be able to offer similar expertise with GDPR.
In that vein, we’re already working with our friends at ClearDATA – the only Cloud-based infrastructure that’s already GDPR compliant – to understand the challenges and opportunities of GDPR, so we can bring that information to our clients and partners.
We’re excited to see how GDPR affects the U.S. healthcare technology market in the coming years. For more information about our work in healthcare join us at our January 23rd event: Healthcare's Innovation Tipping Point!
SAFe SPC4 certified consultant, proud dad, and former CU Buffs lineman.