The General Data Protection Regulation (GDPR) of the EU and the Health Insurance Portability and Accountability Act (HIPAA) of the United States are two critical government acts that were created to protect personal and sensitive information and data. These two pieces of regulative guidelines have contributed a considerable amount to the global data security field. Continue reading to find out how these two protections differ, and what each has to offer.
What is GDPR?
The General Data Protection Regulation (GDPR) was enacted by the European Parliament, the European Commission, as well as the Council of the European Union on April 27, 2016, and will go into effect on May 25, 2018. According to the EU GDPR website, the GDPR replaced a previously enacted data protection act and was designed to consolidate data privacy laws across Europe to protect the data security of all EU citizens and to reimagine the way companies and industries across Europe approach data collection and security. According to its website, the GDPR is considered to be one of the most significant changes in data privacy regulation in twenty years.
The GDPR regulation is comprised of 91 articles. Here are some of the benefits of this new set of provisions:
- Individual consent is required before any data can be collected or processed.
- Individuals will be notified promptly if their data is breached or interfered with.
- All data will be made and remain anonymous.
- International data transfers will be managed more securely.
- Some companies will be required to appoint a data protection officer (DPO) to streamline and more seriously protect client data.
- Any company that provides a service or product to residents of the EU is required to comply with the GDPR.
- Companies that do not comply with the GDPR regulations will be subject to hefty fines.
What is HIPAA?
The Health Insurance Portability and Accountability Act is an American law that was enacted in 1996. The law was designed to protect sensitive medical information that is electronically transferred and received. The law was initially created to help patients retain proper insurance in the case of job loss or change. HIPAA also helps to decrease medical costs by allowing healthcare administrators to use electronic documentation and records, which are more secure and more efficient than paper documentation. HIPAA was regulated and continues to be enforced by the United States Department of Health and Human Services.
The Health Information Technology for Economic and Clinical Health Act (HITECH) is a subset of the American Recovery and Reinvestment Act (ARRA) of 2009. The HITECH act broadened the scope of what HIPAA was able to do and expanded the privacy and security protections offered under the act, and increased the legal actions available for non-compliance. Systems that are affected by HIPAA laws are required to notify patients of any data breach and are subject to substantial fines and penalties for violations. Privacy requirements that are protected under HIPAA include:
- Patient identity and social security number
- Patient diagnosis and condition
- Record of care or treatment provided to a patient
- Payment information that could potentially be used to identify the patient