GDPR vs. HIPAA: A paradigm shift?

Jay P. Anstine (janstine@bluebirdhealthlaw.com) is the President of Bluebird Healthlaw Partners in Fort Collins, CO.

Effective May 25, 2018, the General Data Protection Regulation (GDPR) became applicable to the European Union (EU) and countries in the European Economic Area (EEA). The GDPR regulates the collection, use, disclosure, and other processing of a data subject’s personal data by controllers and processors. A data subject is an identifiable person in the EU at the time of processing. A controller is an entity that determines the purpose and means of the processing of personal data. A processor is an entity that processes the personal data on behalf of a controller. Some US companies (e.g., medical device company with a global market) now must comply with GDPR and HIPAA.

This document is only available to members. Please log in or become a member.


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field