Europe’s GDPR privacy law is coming: Here’s what US health orgs need to know

The European Union General Data Protection Regulation (GDPR) will come into effect on May 25th, requiring healthcare organizations that treat patients from EU nations to comply with the new law. GDPR is more stringent than HIPAA and requires organizations to gain affirmative consent for data collection and process data requests from EU patients more quickly. The law also expands the definition of personal data and mandates the right to erasure. Organizations must strengthen their security measures and inform EU patients of a breach within 72 hours.