How to Prepare for the New, Fast-Approaching General Data Protection Regulations

Rob Faix

Rob Faix, VP Technology Services, and Shefali Mookencherry, Principal Advisor, Impact Advisors LLC. The General Data Protection Regulation (GDPR) is going to take US healthcare organizations to a different level for privacy and security practices. These organizations will need to think beyond the Health Insurance Portability Accountability Act (HIPAA) and other US regulations. The GDPR will require organizations to think about data flows, handling data, cross-border data transfer, data privacy, security monitoring and overall policy compliance for international patients. The new obligations pertain to any organization that handles EU residents’ data whether that organization is in the EU or not. GDPR non-compliance fines could be higher than HIPAA non-compliance fines. Alignment of data handling practices with GDPR is mandatory and time is critical, and the compliance date of May 25, 2018 is just around the corner! In this teleconference Rob and Shefali reviews these GDPR requirements, why US healthcare organizations should care, timelines, and what can be done to ensure compliance.