I dive into the HIPAA weeds each day, and am typically requested about similarities and variations between HIPAA and the European Union’s Common Information Safety Regulation (GDPR). Fox colleague Nate Williams provoked me to assume extra about this subject. Nate took a detailed take a look at key definitions and provisions in these privateness legal guidelines to look at how they examine in a superb article printed by OneTrust DataGuidance.
A key distinction between the legal guidelines is the breadth of their applicability. GDPR applies to nearly anybody who handles information that identifies or can be utilized to determine a person. But HIPAA is extra restricted — it HIPAA applies solely to coated entities (typically, well being plans and well being care suppliers) and their enterprise associates and subcontractors and their dealing with of health-related information that identifies or can be utilized to determine a person.
To make the evaluation extra of an apples-to-apples comparability, Nate focuses on GDPR’s necessities associated to “information regarding well being.” Regardless of variations in scope and breadth, each legal guidelines are primarily based on very comparable underlying ideas. Some examples: the lawfulness and equity of assortment and retention; the safety of particular person rights (authorization, restriction, and information entry); the transparency of goal and use; the duty to attenuate information collected, used, disclosed, and maintained; and the accountability for information accuracy, integrity, and confidentiality.
These ideas needs to be thought-about by any entity amassing individually identifiable data, no matter applicability of HIPAA and/or GDPR.