General data protection regulation (GDPR) is a
legal framework that sets guidelines for the collection and processing of
personal information of individuals within the European Union (EU). It came
into force on May 25, 2018, providing EU citizens with greater rights and
control regarding the processing and distribution of their personal data. It
replaces the Data Protection Act 1998 and addresses the export of personal data
outside the EU.
The primary objectives of the GDPR are to give
citizens and residents back control of their personal data and to simplify the
regulatory environment for international business by unifying the regulation
within the EU.
According to study, “General
Data Protection Regulation (GDPR) in the Healthcare Industry: Implications for
Healthcare - H1 2018” some of the major key players that are currently
working in the general data protection regulation are Data Subject, Controller,
Data Processors, Data Protection Officers.
There are many terms are involved in
healthcare industry due to GDPR, which are; protecting all data pertaining to
the health status of a data subject past present or future physical &
mental health status of data subject, information about the natural person
collected in the course of registration, a number-symbol-particular assigned to
a natural person to a natural person to
uniquely identify the natural person, information derived from the testing or
examination of a body part or bodily substance and any information on a disease
(disability, disease risk, medical history, clinical treatment or
physiological/biomedical state) of the data subject.
Some of the key GDPR requirements in health
care industry such as data subject, controller, data processors and data
protection officers. Data subject is used to refer to individuals, who are
within the EU and whose data is processed. Controller is responsible for
collecting personal data & determining the legal basis: it includes
implementing adequate data protection policies, conducting a privacy impact
assessment and demonstrating compliance with regulation. Data processors are
natural or legal persons, public authorities or other bodies and organizations
that process personal data on behalf of the controller. Data protection officer
(DPO) is a guarantor of compliance with the data protection regulations,
without replacing the functions carried out by the supervisory authorities.
Steps are involved to GDPR compliance in
healthcare industry, which are; identification of personal data & content
to ensure lawfulness, fairness and transparency, limiting purpose & data
minimization by collecting information, connecting data & content to get a
unified view for better control, portability & deletion, using metadata to
ensuring privacy by design & defaulting compliance, applying retention
management to limit storage, using encryption at transit and at rest to ensure
integrity & confidentiality and using accessing control list &
permission management. Moreover, GDPR imposes a penalty structure of 20 million
EUR or 4% of global turnover.
There are many security requirements are
involved in healthcare industry of GDPR, which are; privacy by design, analog
with medical devices and pseudonymisation etc. In GDPR health care industry,
and many draft policies such as data subject access request protocols, data
breach protocols, security policies, data retention policies, data subject
notifications, incident response plans, data transfer & data sharing
agreements and data processing agreements. GDPR also gives regulators
unprecedented power to impose fines, which requiring wide-scale privacy changes
across organizations. It also represents a broad opportunity to transform
approach to privacy harness and ensure organization for upcoming digital
economy.
In upcoming years, there are many ways from
which the GDPR will be affects the healthcare industry such as safer personal
data, detailed patients profiles, putting patients in control, using new data
sources and data insights prevention.
For more information, click on the
link below:
Contact Us:
Ken
Research
Ankur
Gupta, Head Marketing & Communications
+91
9015378249