When the European Union’s General Data Protection Regulation (GDPR) goes into effect on May 25, healthcare organizations that treat patients from any of the 28 EU countries will need to comply with a privacy law that’s even more stringent than HIPAA.
GDPR uses a broader definition of personal data, includes more types of data and more requirements for securing it, and requires explicit notice of consent about data sharing and collection. But that’s not all. GDPR also limits how long organizations can retain data about EU patients — a huge shift for US healthcare providers, which ordinarily store patient data indefinitely — and requires them to be able to completely erase patient data on request. In addition, it shrinks the amount of time in which organizations must notify EU patients of a data breach from the US standard of 60 days to just 72 hours.
If your healthcare organization isn’t ready for the May 25 GDPR compliance deadline, contact Xantrion for help right away. Every day counts.