How will EU’s new data protection law, GDPR affect digital health sector?

GDPR affect digital health sector

GDPR affect digital health sector in Europe

GDPR’s new regulations are aimed at setting up a standardized set of protection laws to come into force from 25th May 2018.

The European Union’s much-awaited General Data Protection Regulation, or simply called as GDPR will come into force on the 25th of May, 2018. This new regulation is expected to create new necessities for USA and Canada based health firms to comply with when treating patients from the EU. In case a firm fails to comply with these norms, heavy fines shall be imposed on them.

The GDPR regulation deals more profoundly with the processing of data by organizations, individual or a company. This data is of individuals who belong to the European Union Area.

The main feature of this regulation is that it also applies to the regions outside of the EU as well and is automatically applied to any organization, regardless of its size and stature.

The passing of this bill now means that healthcare institutions need to comply with the regulation with immediate effect. The rule mostly focuses on 2 important areas. First, healthcare institutions dealing with patient data must ensure that proper security is provided to the data and must secure the consent of the patient before using any of it as well.

Secondly, if in case a patient requests that the data be deleted, the healthcare institution must without any hesitation comply with that request.

Despite it sounding rather simple in words, it still is a very complicated bill which targets certain areas of healthcare which are often overlooked, with proper documentation concerning patient data being one of those areas of concern.

This regulation applies to any type of healthcare institution and failing to comply rot the norms set by the GDPR means that you can now attract fines which can reach up to USD 24 Million or 4 percent of your company’s annual global revenue.

Hospitals which treat any patient whose nationality is amongst the 28 nations of the EU are the ones which need to comply with the regulations. Critical patient-related data which includes genetic data along with biometric data will need to be protected by the consent of the patient. Certain identifiable information such as photographs, credit card related data along with IP addresses too must be protected.

However, the question arises “How does this regulation apply to healthcare institutions outside the European Union region?” The healthcare firm must fall under one of the following categories in order to mandatorily comply with the GDPR. They are:

  • In case the healthcare firm has already established operations in the European Union
  • In case the firm is catering services and goods to the citizens belonging to the European Union
  • In case the healthcare institution is given the responsibility to study the health of the citizens of the European Union.

The penalties along with the wide range of organizations which will fall under the banner of the GDPR once it’s in force are immense. If caught, it could spell hefty fines and could have long-lasting impacts in the future.

Any potential target firms must make sure that a thorough analysis is conducted in their respective organizations and in case they do fall under the red zone, must make amends to make sure they’re in the green zone.

Image credit:


Leave a reply

Your email address will not be published. Required fields are marked *


© 2018 Dr. Hempel Digital Health Network

Dr. Hempel Digital Health Network is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to


Log in with your credentials

Forgot your details?