Feature

Could European data privacy rules cost you big?


 

U.S. health providers who treat foreign patients may want to take a closer look at their privacy policies to make sure they comply with new European Union data protection rules.

May 25 heralds the enforcement of the European Union’s General Data Protection Regulation (GDPR), a set of rules designed to strengthen and harmonize record protection for EU citizens and tighten how their data privacy is managed. The regulations protect various forms of electronic data including basic identity information, health and genetic data, and biometric information.

Cynthia J. Larose, a privacy and data security attorney based in Boston

Cynthia J. Larose

Penalties for violating the GDPR are steep. Whether a violation occurs by noncompliance or through data breaches, a mistake could cost providers up to 4% of their annual gross revenue.

Knowing when and how the regulations are triggered during medical care of EU patients is essential, experts say. Treating a vacationing EU patient who needs unplanned treatment in the states is not likely to subject physicians to the GDPR, said Cynthia J. Larose, a privacy and data security attorney based in Boston.

“In general, the GDPR should not impact U.S. doctors who may incidentally treat an EU patient while that patient is here in the U.S.,” Ms. Larose said in an interview … If the EU patient presents at a U.S. health care provider for treatment, then the GDPR does not apply to her personal data in the possession of the U.S. health care provider – HIPAA applies. While the [GDPR] does have extraterritorial reach, you have to be doing something in the EU for the GDPR to apply.”

But other scenarios that could prove problematic, such as U.S. researchers studying patients in the EU, U.S. physicians providing telemedicine care to EU patients, and doctors who continue to monitor EU patients following treatment in the United States once patients return to their home country.

About 200,000 international visitors fly to the United States yearly for health treatment, of whom about 25% are from Europe, according to a 2015 report by the United States International Trade Commission.

Pages

Recommended Reading

MDedge Daily News: Avoid warfarin’s polypharmacy perils
MDedge Cardiology
Podcasts
MDedge Cardiology
‘Right to try’ bill passes House
MDedge Cardiology
MDedge Daily News: Treating H. pylori slashed new gastric cancers
MDedge Cardiology
Statin use is uniformly low in adults with dyslipidemia disorders
MDedge Cardiology
MDedge Daily News: Is kratom the answer to the opioid crisis?
MDedge Cardiology
MDedge Daily News: Why most heart failure may be preventable
MDedge Cardiology
Thousands mistakenly enrolled during state’s Medicaid expansion, feds find
MDedge Cardiology
MDedge Daily News: Can androgen therapy improve male frailty?
MDedge Cardiology
Ranking points physicians toward South Dakota
MDedge Cardiology