General Data Protection Regulation (GDPR) Act and the U.S. Healthcare

By May 4, 2018Uncategorized

In 2018 so far, the United States has already reported several critical data breaches of healthcare data, such as breaches in UnityPoint Health System, Florida Medicaid, and Hancock Health. The systems were hacked in several ways. The most common mechanism that hackers used to gain illegal entry into the data system was sending phishing emails to healthcare system employees. Phishing emails are designed to mimic those sent from official system email addresses. Moreover, hackers also gained entry to heavily protected health systems by capitalization on unsecured Wi-Fi networks or misconfigured servers, reflecting the lack of a current focus on data security in the U.S. healthcare system.

The United States government has intensified its punitive measures on data breaches specific to health-based personal information. However, a soon-to-be enacted European Union (EU) legislation will impact this objective. The General Data Protection Regulation (GDPR) Act of 2016 is intended to advocate for consumer ownership of individual personal information by implementing specific procedures for ensuring data security at the institutional level. As per the language of the act, personal data will encapsulate data on one’s personal, private, and/or professional life and could include health information, social media, bank details, or one’s computer IP address. Healthcare information is evidently a topic of interest to the public, as this will heavily influence how sensitive health data is managed post-2018 at the global level.