GDPR Update: Privacy Across the Pond

Brian Selfridge, Partner, Meditology Services, LLC. Nadia Fahim-Koster, Partner, Meditology Services.

April 9, 2019

  • U.S.-based firms (including healthcare, health plans and business associates servicing healthcare) must determine if their organization is required to meet the GDPR compliance requirements

  • GDPR impact to U.S. health organizations includes controls around Consent, Privacy Notices and Breach Notification; Data Protection Officer assignment; client communication on Rights to Access; and Cross-Border Data Transfer protocols

  • An analysis of data security frameworks, such as HITRUST and Privacy Shield, are discussed; specifically, around how these certifications line up with GDPR requirements

This document is only available to subscribers