General Data Protection Regulation

The EU GDPR is a data privacy regulation which will fundamentally reshape the way in which data is handled across every sector, from healthcare to banking and beyond. Stronger rules on data protection mean people have more control over their personal data and businesses benefit from a level playing field.

It doesn’t apply to the processing of personal data of deceased persons or of legal persons.

Know who are?
  • Data Subject
    (Ex. Patient)
  • Controller
    (Ex: Hospitals, Clinics, Doctors, etc.)
  • Processor
    (Ex: 1st level IT Service Provider)
  • Sub processor
    (Ex: 2nd level IT Service Provider)
Healthcare Core Functions
Handling personal data Data protection impact assessment Data transfers Audits and logs Accountability Data breach notification Remote support authorization
Do's
  • Capture required patient data only.
  • Anonymise, Encrypt & Pseudonymise all Personal Data.
  • Get controller’s consent through email for remote support.
  • Notify data breach immediately to controllers or DPAs.
  • Consider HTTPS/OAUTH/Basic authentication for data portability and secured communications.
  • Make sure sessions, cookies expire and are destroyed after logout.
  • Change cookie policies as per GDPR requirement.
  • Include accessed user accounts in logs and audits.
  • Delete complete patient data after contractual period ends.
Don'ts
  • Cookies undestroyed.
  • Writing personal identifiable information in logs.
  • Using unauthorized softwares to access remote machine(s).
  • Leaving the stored personal data in remote machine(s).
  • Performing unintended tasks in remote machine(s).
  • Transferring patient’s data for training or other purposes.
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

of 27 April 2016

On the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - Read more



Key Articles

040506091213151617181920212224252830323334374546
Reach us

EMD SYSTEMS SOFTWARE PRIVATE LIMITED
2nd FLOOR (NORTH WING), GAMMA BLOCK, SSPDL - “ALPHA CITY”, OMR, NAVALUR, CHENNAI - 603 103.

Ph: +91 - 044-4744 7787 | Email us:contactus@emdsys.com