What GDPR Means for Healthcare Providers

Illustration showing key elements of GDPR (effective 25 May 2018) - DPOs, Compliance, Data Breaches and Personal Data

New privacy laws put into place by the European Union continue to impact any company that has an online presence and does business in Europe. That also extends to the healthcare industry.

However, at the same time Europe seeks to protect residents’ data, large datasets also are being used to prevent healthcare fraud through the use of data analytics. For this reason, these new regulations also aim to educate consumers on why their data is being collected and how it is being used.

The General Data Protection Regulation, or GDPR as it is known, put in place by the European Union provides strong protections for consumers in Europe and substantial fines for companies that violate the regulations. That’s why Facebook, Amazon, Google and many other companies have raced to make sure they have those protections in place.

The Basics of GDPR

GDPR is designed to give European Union citizens more control over their personal data. It also provides regulations for the safe storage of that data. The regulation applies to any company that sells products or services to citizens of Europe or stores personal information about them. That includes companies on other continents.

The new law gives Europeans a number of new rights in regard to data privacy, including:

  • Right to be forgotten. Consumers can withdraw consent from companies that collect their information and have the right to get that information deleted at any time.
  • Right to access. European residents have access to their personal data stored by a business and can find out how their information is used – free of charge.
  • Right to be informed. Citizens must give explicit permission to allow companies to gather data on them, and they must be informed about exactly what data is gathered and how it is used.

GDPR also gives consumers the right to not have data used for direct marketing of any kind. The law requires that companies notify consumers within 72 hours after a data breach has occurred.

Impact on Healthcare

Clearly, any healthcare company marketing its services to Europeans will need to comply with GDPR regulations.

Regardless of the intent of a website, if it collects data and uses a country’s language or makes references to the European Union, it would likely fall under the regulations.

But, it also could have an impact in other ways.

For example, any European resident who gets medical treatment while in the U.S. will have their information stored with that medical operation – in which case, the rules will apply on issues such as data breaches or requesting the erasure of all data.

Also, cloud-service providers based in the U.S. but who work for European healthcare operations will have to assess how they fall under the new regulations.

Some industry experts advise that companies with any business in Europe meet with their legal departments to go over the GDPR in detail (it has 99 regulations). That includes any work done for clients in Europe or any subcontractors hired from Europe.

Healthcare Fraud

While concerns over privacy certainly fueled GDPR’s creation, there are issues with healthcare fraud in which data is proving helpful.

Healthcare fraud is a major problem. In the United States alone, an estimated $68 billion annually is lost to healthcare fraud. Often times, fraud cases can cost millions of dollars and take years to resolve.

Healthcare analytics, however, is increasingly being used to address healthcare fraud. By analyzing datasets, analytics programs can spot irregularities in areas such as overbilling, billing for unnecessary procedures, the sudden appearance of new names (often used in healthcare fraud) and other red flags.

The federal government already is moving into using analytics to help prevent healthcare fraud. The Veterans Administration and Health and Human Services have formed a partnership this year to fight fraud cases that involves sharing data and using analytical tools for fraud detection.

healthcare informatics
YES! Please send me a FREE guide with course info, pricing and more!
Facebook
Twitter
LinkedIn

Academic Calendar

SUMMER I – 2024

Application Deadline April 12, 2024
Start Date April 29, 2024
End Date June 23, 2024

SUMMER II – 2024

Application Deadline June 7, 2024
Start Date June 24, 2024
End Date August 18, 2024

FALL I – 2024

Application Deadline August 2, 2024
Start Date August 19, 2024
End Date October 13, 2024

FALL II – 2024

Application Deadline September 27, 2024
Start Date October 14, 2024
End Date December 8, 2024

SPRING I – 2025

Application Deadline December 13, 2024
Start Date January 6, 2025
End Date March 2, 2025

SPRING II – 2025

Application Deadline February 14, 2025
Start Date March 3, 2025
End Date April 27, 2025

SUMMER I – 2025

Application Deadline April 11, 2025
Start Date April 28, 2025
End Date June 22, 2025

Get Our Program Guide

If you are ready to learn more about our programs, get started by downloading our program guide now.