What is GDPR?
The General Data Protection Regulation is a new piece of legislation to strengthen the protection of personal data for citizens across the Europe Union. Before you dismiss this article, because you’re not based in the EU–it’s important to note that this not only applies to all organizations that conduct business with the EU but in particular “data concerning health,” “genetic data”, and “biometric data” will be subject to a higher standard of protection than personal data in general. Non-compliance of the rules set out by the GDPR can result in severe fines.
What can you do to get ready?
With a little less than a year to be compliant ready, many healthcare organizations are asking themselves what they need to do to be prepared by May 25, 2018. Automation and innovative technological tools that can help bring consistency, efficiency, and simplicity to your day-to-day work will provide a strong foundation no matter which way the tide of change brings us. Here are three “to-dos” before these rules take effect:
- The good news is, organizations that have automation tools in place for incident response to support HIPAA compliance are already in pretty good shape as the two share many commonalities. Otherwise, it’s a good time to put in the legwork to get a system in place not only to streamline your compliance efforts but to make but also to eliminate the risk of costly fines.
- More than ever it’s becoming increasingly important to run proper checks on business associates, employees and contract workers. Doing your due diligence to research and run background checks before hiring or choosing a business associate is a great first step, but it isn’t enough! Having a tool on hand that will help you perform continuous integrity checks and audits so that you’re always the first to know if your organization’s security might be at risk and stays compliant while you do.
- While automation tools like the ones mentioned above will take care of a lot of the legwork, it alone isn’t enough to get the job done. As you ramp up to the May 2018 deadline, you’ll want to develop a strategy that will outline the workflow within your team to ensure the organization does all it can to protect itself and to achieve success.If you’re not sure where to start, take a peek at our “5Ws and a How on avoiding costly OIG/OCR Fines” blog where we outline how to build a solid foundation to a winning strategy.
If privacy and compliance at your hospital are already in tip-top shape then the incoming GDPR should have minimal impact on your day-to-day business. However, if your organization is currently lagging behind, especially in the technology department, now is the time to equip yourself before you find yourself scrambling to meet compliance requirements.