There have been several high-profile data breaches in the healthcare sector in recent months. Since January 1st of this year, Capital Health of New Jersey, North Kansas City Hospital (NKCH), and Fallon Ambulance Service in Massachusetts have been hit.
Those are just the ones we know about. These attacks have affected hundreds of thousands of patients and cost the organization tens of millions of dollars. The long-term ramifications and cost will take years to know fully.
With that in mind, here is a quick overview of healthcare data security laws worldwide.
United States HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) law of 1996 is a United States privacy regulation covering physical, verbal, and digital health information assets.
Canada’s Personal Health Information Protection Act. There may also be local and provincial privacy laws regarding management, like Ontario’s Personal Health Information Protection Act (2004).
The European Union developed the General Data Protection Regulation to protect all EU countries, including specific regulations to protect the PHI of EU citizens. The GDPR applies broadly to any business that processes, holds, or uses European PHI, regardless of the organization’s location.
The United Kingdom Data Protection Regulation (DPA) of 2018 establishes rules for how personal data, including PHI, can be collected, used, stored, and disposed of. It also requires that they specify to each individual how they intend to use their personal health data.
The Chinese Personal Information Protection Law includes specific stipulations about PHI, including obtaining consent for processing it, limiting the purposes for which they use that PHI, storing and communicating it, etc.
The Health Records Act (2002) governs the collection, use, and disclosure of health information in Australia. The Act applies to all PHI organizations, including public and private hospitals, medical practices, and health insurance companies.
Many global data privacy laws are based on the same fundamental principles of transparency, fairness, and accountability. This harmonization of principles makes it easier for organizations to comply with multiple data privacy laws and for individuals to understand their rights under different data privacy laws.
In short, it helps your organization work on contracts abroad because many of the requirements and controls are the same in these regulations.
Some global data privacy laws even have mutual recognition agreements in place, allowing organizations to transfer personal data between countries without obtaining additional consent. Cooperation between global data privacy regulators also helps enforce these laws more effectively.
Global data privacy laws are becoming increasingly important as more data is collected, used, and shared across borders. By working together, global data privacy regulators can help ensure that individual’s privacy is protected, regardless of where they live or where their data is processed.
It takes more than a village to keep our data safe and secure—it takes the entire world!
At Commonwealth Sentinel, we understand how important it is to keep yourself and those around you safe and secure. That’s why we offer a range of services to help reduce risks and promote well-being. Our team of experts is here to support you with software and hardware solutions, training, and policy implementation. We care about your concerns and are happy to provide a complimentary and confidential consultation with our advisors to discuss them. This service is completely free and could give you valuable insights. To schedule a consultation, click here or contact us at (502) 320-9885.