How GDPR applies to medical devices

PARCA eNews – July 5, 2018 – With the European Union’s General Data Protection Regulations (GDPR) going into effect last May, much of the attention has been on its impact on Internet websites and applications that gather personal information, but in terms of medical devices, while the new regulations primarily impact device makers, users of such devices also may need to know how the regulations impact their organizations.

Such devices as CT scanners, MRIs and ultrasound equipment that collect personal data are considered "high risk" under the provisions of GDPR, and while many people working in healthcare in the US feel that compliance with HIPAA will satisfy GDPR, it is important to know that being compliant with HIPAA does not guarantee compliance with GDPR.

In an article in the HIPAA Journal some of the differences are explained with regard to data covered, and breach notification requirements, as well as data protection assessments that need to be documented.

The article also offers a "free" GDPR checklist for American Companies. To receive the PDF download you need to provide name, email and phone number, but you can opt out of receiving further emails.

Read more …