GDPR stands for General Data Protection Regulation. It’s a one year old European Union law that governs the issue: What/how EU’s companies and organizations can actually use someone’s personal data. The questions for European healthcare providers: what data do you hold? How may data be stored? Who should you share it with? When don’t you need it anymore? How do you securely dispose of it? The “Lawful Basis” will determine for each types of data held, how may a company or organization hold it and process it. GDPR gives a person more control over how their personal data is collected and used. This law forces European companies and organizations to justify everything they do with someone’s data. Under GDPR, personal data is anything that can identify an individual, such as name, phone number, etc. Tighter regulations apply to sensitive personal information such as sexual orientation, health information and political opinions. European organizations and companies not complying with GDPR can face fines of up to $ 20,000,000 (twenty millions dollars). Health organizations often get the freedom of information requests relating to the medical records; clinicians in healthcare, more than ever, need to protect patient’s data correctly. Under GDPR, The EU Patient have rights to see and access their personal information, request to have their data deleted-“Right to be forgotten”, the right to data portability, and the right to restrict processing.
Though a European law, GDPR affects everyone and getting it right will be everyone’s business. Global, mass adoption of these new privacy standards is foreseeable as technology makes leaps and bounds in healthcare.
