Nearly a Third of Healthcare Organizations Still Aren’t Compliant with GDPR

June 21, 2018

A recent study shows that many healthcare providers do not meet EU standards for data security, but the industry is working to increase protection for patients.

It’s been nearly a month since the original General Data Protection Regulation (GDPR) deadline of May 25th, but many industries are still working toward compliance. According to a survey of nearly 4,000 IT leaders by Harvey Nash and KPMG, approximately one third of healthcare organizations are still “on the journey” to comply with the EU regulation.

On one hand, around 67% of organizations are already in compliance, which puts healthcare ahead of other major industries. However, healthcare providers still have a way to go before achieving widespread compliance.

Fortunately, the healthcare industry is responding to this initiative with increased investment in IT and data solutions. These measures present opportunities to reexamine digital strategies and ultimately provide a higher quality experience for patients.

Privacy in Healthcare

GDPR gives individuals the right to access information about where their personal data is being kept and how it is being used. Any business or organization that collects or processes the data of users within the EU is required to comply with this regulation.

GDPR has prompted healthcare professionals to take greater responsibility for protecting patient data and private medical information. Under the new requirements, providers must get clear consent from EU data subjects to have their data handled and processed. They must also include information in consent forms about why the data is being collected and processed. Patients can request that healthcare providers delete their information at any time.

Addressing Patient Concerns

While progress may be slower than anticipated, healthcare organizations are actively addressing concerns about the privacy of medical information. Many are increasing IT budgets and placing an emphasis on developing a comprehensive digital strategy.

The Harvey Nash and KPMG survey reports that nearly half of healthcare IT leaders are expecting a budget increase in the next 12 months, while only 14% expect a decrease. Approximately 39% of healthcare IT leaders say that their organization now has an enterprise-wide digital strategy. These investments show that the value placed on data protection is increasing as the industry responds to the new EU regulations.

This commitment to securing medical data is in line with the industry-wide move toward patient centricity. Providers are focused on boosting privacy protections, as well as providing patients with easier access to their information through mobile applications and patient portals. In fact, 55% of survey respondents listed “enhancing the customer experience” as one of their organization’s top three goals.

When implemented correctly, GDPR compliance should feel like a patient-centric improvement to the healthcare system. For example, clear communication between patients and providers is part and parcel of GDPR compliance – regulations state that data collectors must clearly explain why and how they will be using patient information. But communicating effectively has its benefits, as patients who trust that providers are using their data responsibly may have better outcomes in the long run.

Healthcare organizations should be thinking about:

Communicating the ways in which patient data is being used.
Ensuring that patients understand their rights and that they have easy ways to opt into data collection.
Effectively explaining the purpose and benefit of data collection.
Meeting patients’ level of understanding.

Healthcare providers can also continue their path toward GDPR compliance by focusing on protected and streamlined data processing models. As they consider ways to improve their security, they may want to partner with industry experts to ensure that their protocols meet GDPR standards and inspire patients’ trust.