The European Union (EU) has enacted global sweeping security regulations in the form of the Global Data Protection Act (GDPR), which becomes effective in May 2018. Healthcare entities in the U.S. are scrambling to answer some key questions about how GDPR may or may not impact their own information security and privacy compliance posture.

Join us for this informative session which will address pressing questions facing healthcare organizations as they size up the new GDPR requirements. Specifically, we will speak to the following considerations:

·         What is the scope of GDPR and how does it apply to U.S.-based healthcare entities?

·         What data types and categories of information are covered by GDPR?

·         Do compliance obligations vary depending on whether I am a provider, payer, or vendor (Business Associate) servicing the healthcare industry?

·         What are the security controls required for GDPR and how do they align with HIPAA, NIST, HITRUST, and other U.S.- based regulations and standards?

·         How is GDPR enforced and what are the potential penalties for noncompliance?

·         Do I need to allocate resources and FTEs to GDPR compliance?

·         What should I do next?

Brian Selfridge – Partner, Meditology Services