General data protection regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). It came into force on May 25, 2018, providing EU citizens with greater rights and control regarding the processing and distribution of their personal data. It replaces the Data Protection Act 1998 and addresses the export of personal data outside the EU.
The primary objectives of the GDPR are to give citizens and residents back control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
According to study, “General Data Protection Regulation (GDPR) in the Healthcare Industry: Implications for Healthcare – H1 2018” some of the major key players that are currently working in the general data protection regulation are Data Subject, Controller, Data Processors, Data Protection Officers.
There are many terms are involved in healthcare industry due to GDPR, which are; protecting all data pertaining to the health status of a data subject past present or future physical & mental health status of data subject, information about the natural person collected in the course of registration, a number-symbol-particular assigned to a natural person to a natural person to uniquely identify the natural person, information derived from the testing or examination of a body part or bodily substance and any information on a disease (disability, disease risk, medical history, clinical treatment or physiological/biomedical state) of the data subject.
Some of the key GDPR requirements in health care industry such as data subject, controller, data processors and data protection officers. Data subject is used to refer to individuals, who are within the EU and whose data is processed. Controller is responsible for collecting personal data & determining the legal basis: it includes implementing adequate data protection policies, conducting a privacy impact assessment and demonstrating compliance with regulation. Data processors are natural or legal persons, public authorities or other bodies and organizations that process personal data on behalf of the controller. Data protection officer (DPO) is a guarantor of compliance with the data protection regulations, without replacing the functions carried out by the supervisory authorities.
Steps are involved to GDPR compliance in healthcare industry, which are; identification of personal data & content to ensure lawfulness, fairness and transparency, limiting purpose & data minimization by collecting information, connecting data & content to get a unified view for better control, portability & deletion, using metadata to ensuring privacy by design & defaulting compliance, applying retention management to limit storage, using encryption at transit and at rest to ensure integrity & confidentiality and using accessing control list & permission management. Moreover, GDPR imposes a penalty structure of 20 million EUR or 4% of global turnover.
There are many security requirements are involved in healthcare industry of GDPR, which are; privacy by design, analog with medical devices and pseudonymisation etc. In GDPR health care industry, and many draft policies such as data subject access request protocols, data breach protocols, security policies, data retention policies, data subject notifications, incident response plans, data transfer & data sharing agreements and data processing agreements. GDPR also gives regulators unprecedented power to impose fines, which requiring wide-scale privacy changes across organizations. It also represents a broad opportunity to transform approach to privacy harness and ensure organization for upcoming digital economy.
In upcoming years, there are many ways from which the GDPR will be affects the healthcare industry such as safer personal data, detailed patients profiles, putting patients in control, using new data sources and data insights prevention.
For more information, click on the link below:
Ankur Gupta, Head Marketing & Communications