GDPR came into effect across Europe (EU) on May 25, 2018
GDPR compliance is essential when choosing which video call system to use when meeting EU clients online.
The Effect of GDPR Worldwide
As the EU GDPR (General Data Protection Regulations) seems to be the most restrictive but equally the most protective for EU citizens, it makes sense to start thinking that the GDPR will apply to virtually all organisations.
Data security professionals need to assess their environments and ensure that if they do business with the EU or employ someone from the EU, GDPR will apply to them.
US based healthcare practitioners already have HIPAA (Health Insurance Portability and Accountability Act) as a healthcare regulation, so let’s first clarify the differences and similarities between GDPR and HIPAA.
What is GDPR?
GDPR is the General Data Protection Regulation (GDPR).
It’s a legal framework that sets guidelines for the collection, storing and sharing of personal information of individuals within the European Union (EU). GDPR covers all companies that deal with data of EU citizens, so it is a critical regulation.
GDPR applies only to the EU, but given the scale of the market, many companies (but not all, so check first) are deciding it’s easier to apply its terms globally.
What is HIPPA?
HIPAA is a US federal law that is limited to protecting the privacy of your personal health information.
HIPAA includes several rules and provisions that set guidelines and requirements for the administration and enforcement of HIPAA.
However, HIPPA does not mandate any specific technology. It specifies the policies, procedures, services and mechanisms that must be in place but it leaves the underlying technology choices to the individual organisation.
Australia Based Businesses
The Australian parliament has also been doing some due diligence to update its privacy regulations in 2018, in order to get a little closer to the EU change.
See below for Australian government guidance on data protection regulation. to help people in business understand the new requirements of the EU General Data Protection Regulation and how they can comply with Australian and EU privacy laws.
Key differences between HIPAA and GDPR
- GDPR covers citizens of the EU while HIPAA covers American citizens
- GDPR is a consumer-centric regulation while HIPAA is an organization-centric regulation
- GDPR has a broader scope than HIPAA. GDPR is designed to set standards for all sensitive personal data.
- HIPAA is limited to dealing with Protected Health Information (PHI), (Name, address, DOB, bank/credit card details, social security number, photos and insurance information etc.)
- The data that relates to a person’s health is where HIPAA and GDPR overlap.
There will be a lot of change in the EU data privacy sphere in 2018 and the term ‘a work in progress’ does get used a lot.
However, warnings about heavy fines have already been affirmed, so the general consensus is that all countries will end up complying with these frameworks to satisfy business requirements and contractual obligations.
Therefore, with healthcare practitioners in mind, GDPR and HIPAA must certainly be first and foremost in our minds in order to keep us, and our clients / patients secure and safe.