Are you familiar with the European Union (EU) regulation of GDPR? There may be some confusion over this policy and those who believe it to be the counterpart to the United States’ HIPAA regulation. While there may be some overlap, they are not the same. As a US-based business that is a covered entity or business associate, do you need to follow the guidelines for your patients?
What is GDPR?
General Data Protection Regulation was put into effect on May 25, 2018. It was established to protect a user’s personality identifiable information (PII). It sets high standards for businesses to follow when collecting, storing and using a person’s data. The goal was to give EU citizens control over their personal data and change organizations’ data privacy tactics.
Does It Apply to Your Business?
If you are collecting personal data from a patient that is located in an EU country at the time of data collection, GDPR stipulations apply. If you have a patient who is a citizen of an EU country but they are receiving care in your US-based office, the guidelines are not applicable. Today, there is no US equivalent to GDPR. And unless your patients live in the EU, the rules are not applicable to you or your business.
Is GDPR the Same As HIPAA?
Both policies were created to protect individuals and the security of their information. But HIPAA only applies to protected HEALTH information (PHI). PHI includes patient identifying information such as their name, birthdate, bank details, address, SSN, or insurance information. PII includes ANY information that can directly or indirectly identify an individual when they are in the European Union. That may include race or religion and a range of other data. Covered entities and business associates are subject to HIPAA guidelines. All organizations that deal with personal data are subject to GDPR in the EU.
If you have a strong cybersecurity program in place along with your HIPAA compliance, you are steps ahead of healthcare businesses that focus only on HIPAA. If you need assistance understanding how your business can become more secure (or compliant) let us know – HIPAA Secure Now can help to secure your business and your patient’s data!