'Embrace' GDPR With Compliance Framework Already In Place for HIPAA Privacy, Security

Beginning this month, health care privacy and security officers have more than just the HHS Office for Civil Rights (OCR), the Federal Trade Commission and the various state attorneys general to worry about when it comes to protecting patient data: GDPR.

The compliance date is May 25 for GDPR, the acronym for the General Data Protection Regulation, although it’s likely many HIPAA compliance officials know it simply as GDPR. And chances are they don’t actually know a whole lot about the law, even though the effective date was two years ago following adoption by the European Parliament and Council of the European Union (EU).

If they haven’t already, covered entities (CEs) and business associates should take some time to understand the specifics and implications of GDPR on their organizations. When it comes to GDPR, experts who spoke at the Health Care Compliance Association’s (HCCA) recent annual Compliance Institute say the foundation that should be in place for HIPAA compliance will serve them well (hint: “should be in place” is key).

This document is only available to subscribers. Please log in or purchase access.


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field