What is the General Data Protection Regulation (GDPR)?

  by Scott Peterson, V.P. of New Product Development


The General Data Protection Regulation (GDPR) is a new regulation for protecting patient data in the European Union (EU). Starting in May 2018, businesses based in EU will be required to support these regulations when handling patient data. 

This article will provide a brief overview on what GDPR is and how it may affect the way hearing care professionals use and manage data in Noah System.

What is GDPR?

The primary objectives of GDPR are to provide EU citizens with more control of their personal data and to unify data regulations within the EU.

GDPR is a broad regulation, affecting all types of personal data, including non-medical data from companies such Google, Microsoft and Facebook. 

For this article however, we will concentrate on how GDPR affects data management in the hearing care industry. 

Who is responsible for GDPR?

For European hearing care professionals, GDPR serves a similar purpose to the U.S. HIPAA (Health Insurance Portability and Accountability Act) security regulations. Ultimately, it is the professional's responsibility to ensure that patient data is handled according to the GDPR. 

In brief:

  • Patients will have new rights that will require changes in data processing by hearing care professionals
  • Professionals may need to document that they are GDPR compliant
  • Patients can recover damages from a professional if their data is not processed according to GDPR

What are the new requirements?

GDPR is a large and complex set of regulations with many potential ramifications. However, here are some main requirements that will need to be implemented by hearing care professionals dealing with EU citizens.

  • Right to be Forgotten / Erasure: Patients have the right to request that their personal data be erased. A professional is then required to permanently remove the patient’s data with a few exceptions. In specific cases, the data can be saved but must not be actively used any further.
  • Data Portability: With GDPR, patients will now have the right to ask for a copy of their record in a commonly used form or machine readable format so that it can be transferred to another professional. Patients can also required that the data be transferred directly to another provider.
  • Documentation and Accountability: Some organizations may be required to implement measures to prove that they have considered data compliance measures into daily activities. This documentation process was designed to challenge companies to think about the topic of security.

Will there be any changes to Noah System?

Last year, HIMSA began investigating GDPR requirements and we continue to consult with GDPR experts. 

The results so far tell us that most of the tools necessary for GDPR compliance for Noah data already exist in the current Noah System version! However, some new GDPR tools will still be needed to ensure that GDPR compliance is as complete and intuitive as possible in Noah System. 

Planning is underway for a new version of Noah System in early 2018, in time for the GDPR implementation date of May 25th 2018. HIMSA News will keep you up to date on our progress in future newsletters.