This article first published in the IAPP’s Privacy Tracker blog.
In this Privacy Tracker series, we look at laws from across the globe and match them up against the EU General Data Protection Regulation. The aim is to help you determine how much duplication of operational effort you might avoid as you move toward GDPR compliance and help you focus your efforts. In this installment, Sean Baird examines the similarities and differences in the requirements for the collection, use and protection of information subject to the U.S. Health Insurance Portability and Accountability Act, and the treatment of health information as “sensitive personal data” under the GDPR, including “data concerning health” — namely the scope of information covered, the entities covered and the permissible uses of the covered data.
Read the full analysis here.