Healthcare organizations have focused on HIPAA compliance when crafting security and privacy policies. But now those that handle the data of European citizens will also have to comply with the European Union's General Data Protection Regulation, which will be enforced beginning next May. And that could be a game changer for healthcare, says Mitchell Parker, executive director of information security and compliance at Indiana University Health.
"GDPR is going to take us to a different level for a lot of organizations," Parker says in an interview with Information Security Media Group. "It's going to be just as significant, if not more, than HIPAA because it's going to require organizations to really think about their data flows, about how they handle data and monitor it to make sure they are in compliance with the regulation."
In this interview (see audio link below photo), Parker, who will be a featured speaker at ISMG's upcoming Healthcare Security Summit, slated for November 14-15 in New York, also discusses:
- The first steps for a deep look at content policy and flow in preparation for GDPR;
- Whether regulations go far enough to safeguard patient data,
- Where healthcare organizations can look for guidance on regulatory compliance.
Parker, executive director of information security and compliance with Indiana University Health, previously served as the CISO at Temple University Health System.