A New EU Data Privacy Regulation Could Impact U.S. Patient Care Organizations Serving Large Numbers of International Patients

Though few healthcare leaders in the United States are aware of it, a new regulation promulgated by the European Union (EU) could impact them, if they treat more than a handful of patients every year who come from any of the 28 nations in the European Union. Indeed, the General Data Protection Regulation (GDPR) is due to go into effect on May 25, 2018.

So, to begin with, what is the GDPR? A good, basic explanation of the GDPR can be found on the website of the Spiceworks virtual IT community. The website explains that “GDPR, or the General Data Protection Regulation, is a set of rules designed to protect the privacy and personal data of European Union residents. The implications of GDPR are far reaching, as it impacts all organizations worldwide that collect personal information about EU residents. Non-compliance with GDPR can carry serious financial consequences, with some proposals calling for damages of up to 4% of a company's annual revenue or 20 million euros — whichever is higher. The regulation was approved in 2016 and is set to become effective on May 25, 2018.”

https://www.healthcare-informatics.com/article/privacy/new-european-union-data-privacy-regulation-could-impact-us-patient-care