New privacy laws put into place by the European Union in May of this year continue to impact any company that has an online presence and does business in Europe. That also extends to the healthcare industry.
However, at the same time Europe seeks to protect residents’ data, large datasets also are being used to prevent healthcare fraud through the use of data analytics. For this reason, these new regulations also aim to educate consumers on why their data is being collected and how it is being used.
The General Data Protection Regulation, or GDPR as it is known, put in place by the European Union provides strong protections for consumers in Europe and substantial fines for companies that violate the regulations. That’s why Facebook, Amazon, Google and many other companies have raced to make sure they have those protections in place.
The Basics of GDPR
GDPR is designed to give European Union citizens more control over their personal data. It also provides regulations for the safe storage of that data. The regulation applies to any company that sells products or services to citizens of Europe or stores personal information about them. That includes companies on other continents.
The new law gives Europeans a number of new rights in regard to data privacy, including:
- Right to be forgotten. Consumers can withdraw consent from companies that collect their information and have the right to get that information deleted at any time.
- Right to access. European residents have access to their personal data stored by a business and can find out how their information is used – free of charge.
- Right to be informed. Citizens must give explicit permission to allow companies to gather data on them, and they must be informed about exactly what data is gathered and how it is used.
GDPR also gives consumers the right to not have data used for direct marketing of any kind. The law requires that companies notify consumers within 72 hours after a data breach has occurred.
Impact on Healthcare
Clearly, any healthcare company marketing its services to Europeans will need to comply with GDPR regulations.
Regardless of the intent of a website, if it collects data and uses a country’s language or makes references to the European Union, it would likely fall under the regulations.
But, it also could have an impact in other ways.
For example, any European resident who gets medical treatment while in the U.S. will have their information stored with that medical operation – in which case, the rules will apply on issues such as data breaches or requesting the erasure of all data.
Also, cloud-service providers based in the U.S. but who work for European healthcare operations will have to assess how they fall under the new regulations.
Some industry experts advise that companies with any business in Europe meet with their legal departments to go over the GDPR in detail (it has 99 regulations). That includes any work done for clients in Europe or any subcontractors hired from Europe.
Healthcare Fraud
While concerns over privacy certainly fueled GDPR’s creation, there are issues with healthcare fraud in which data is proving helpful.
Healthcare fraud is a major problem. In the United States alone, an estimated $68 billion annually is lost to healthcare fraud. Often times, fraud cases can cost millions of dollars and take years to resolve.
Healthcare analytics, however, is increasingly being used to address healthcare fraud. By analyzing datasets, analytics programs can spot irregularities in areas such as overbilling, billing for unnecessary procedures, the sudden appearance of new names (often used in healthcare fraud) and other red flags.
The federal government already is moving into using analytics to help prevent healthcare fraud. The Veterans Administration and Health and Human Services have formed a partnership this year to fight fraud cases that involves sharing data and using analytical tools for fraud detection.
