European Union Member States will be soon mandated to comply with the rules that will enter into force in May 2018 with the General Data Protection Regulation (GDPR). GDPR, adopted on 27 April 2016, is a new regulation by which the European Commission intends to strengthen and unify data protection for individuals within the European Union (EU). It also addresses export of personal data outside the EU.
European healthcare providers, need to review their existing policies, procedures and practices to ensure compliance with this new regulation that aims to bolster privacy rights. At the same time, providers have also to ensure a simple clinical workflow enabling fast and secure access to patient data. In the recent years, the increased adoption of 3rd Platform technologies – which IDC defines as the convergence of mobile computing, cloud computing, big data and analytics, and social media – has offered new opportunities to digitally transform care delivery models, by making information sharing between care settings, as well as professionals and patients, essential to optimize patient outcomes and quality of care.
Being GDPR-compliant is an extensive task for healthcare providers as well as IDC vendors. CIOs and hospital management should regard this task as high on their strategic agendas in 2017-2018, and they should initiate a compliance project as soon as possible. It can be relevant to cooperate with other providers in the healthcare ecosystem across a region or between hospitals to leverage synergies and save direct project and implementation costs.
Healthcare providers that will have to implement the new GDPR by May 2018 should consider the following steps:
- Identify the differences between the existing regulation and the new one to evaluate the key focus areas that require time and money.
- Engage with industry experts such as IDC to help with key tasks such as readiness assessment and assessment of major vendors.
- Engage with software vendors and suppliers to determine their ability to support the change.
- Arrange a fit-for-purpose team made up of healthcare professionals, IT executives, business managers, legal experts, and patient representatives to work regularly on GDPR implementation.
- Inform employees about the regulation and what it means for their roles through ad hoc workshops and regular newsletters.
- Initiate an IT portfolio assessment in order to map the location of patient data. Evaluate the best digital strategy and solution to support continued overview of where data is stored, its purpose, and which users have access. The strategy could, for example, be a platform strategy by acquiring an enterprise content management system or an index strategy, where a patient master index is implemented.
IDC Health Insights just released a PlanScape study which provides insights into the adoption of the GDPR for healthcare organizations, to help them define a compliant information management strategy, including the data governance mechanisms and the desired technology architecture that can enable its implementation.
The research provides guidance on the information strategy implementation by identifying the roles and the responsibilities of different stakeholders. The adoption of GDPR need to be aligned with integrated processes, organizational aspects and governance policies.
IDC Health Insights has also designed a GDPR readiness assessment tool, for Healthcare providers to assess their GDPR readiness and maturity before and during implementation. The tool can also be applied on a national as well as regional level, in order to monitor progress of the hospitals involved from one year to the next.
Please reach out to IDC Health Insights if:
- You are about to design and execute a GDPR compliance project within healthcare
- You need input and guidance to conduct a GDPR readiness assessment
- You need insights in how to govern and organize a GDPR compliance project
- You would like to know more about IDC latest research on GDPR.
- You are a ICT vendor doing or are preparing to do business in Europe
Read more here: IDC PlanScape: EU General Data Protection Regulation (GDPR) Compliance for IT Security in Healthcare or contact Health Insights directly.