I dive into the HIPAA weeds on a daily basis, and am sometimes asked about similarities and differences between HIPAA and the European Union’s General Data Protection Regulation (GDPR). Fox colleague Nate Williams provoked me to think more about this topic. Nate took a close look at key definitions and provisions in these privacy laws
Dutch Hospital Fined Under GDPR for Medical Records Access Lapses
The Dutch Data Protection Authority has levied a fine of 460,000 euros on Haga Hospital for insufficient security following an investigation revealing that dozens of hospital staff had unnecessarily checked the medical records of a well-known Dutch person.
In addition, if the hospital has not improved security before October 2, 2019, it must pay 100,000
Dutch Data Protection Authority Issues Advisory On Medical Records Under GDPR
“The right to be forgotten does not apply in principle to medical records. However, as a patient, you may ask your health care provider to remove data from your medical record,” according to the Dutch Data Protection Authority, Autoriteit Persoonsgegevens (AG), which has issued a guidance on GDPR and medical records.
Key takeaways:
- For medical
UK Data Protection Authority Advises Doctors on Patient Requests for Access to Health Information
Data subject access rights and your medical practice: The UK Information Commissioner’s Office (ICO) issues advice.
Medical practices have reported a significant rise in subject access requests (SARs) since the GDPR came into effect in May last year, which is a similar trend in other sectors. Here are some points of advice from the ICO:
Join Top Cybersecurity Pros at Fox’s Privacy Summit
Fox Rothschild’s Minneapolis Privacy Summit on November 8 will explore key cybersecurity issues and compliance questions facing company decision-makers. This free event will feature an impressive array of panelists drawn from cybersecurity leaders, experienced regulatory and compliance professionals and the Chief Division Counsel of
When HIPAA Compliance Is Not Enough: The Territorial Scope of GDPR
The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Whereas HIPAA applies to particular types or classes of data creators, recipients, maintainers or transmitters (U.S. covered entities and their business associates and subcontractors), GDPR applies much more generally – it applies to personal data itself. Granted, it doesn’t apply