Healthcare Information and Technology in the Age of GDPR
2:30pm - 3:30pmWednesday, February 13
Orlando - Orange County Convention Center
The new EU General Data Protection Regulation (GDPR) became law starting May 25, 2018, and healthcare providers started to implement this regulation. This session will summarize the GDPR implementation in the largest university hospital in Germany and one of the largest medical institutions in Europe: the Charité. First, we will focus on an implementation plan, which is the first step in every GDPR project. Defining an implementation plan requires that it is known which elements of the GDPR are already in place at an organization and which are not. These are identified by executing a gap assessment. Secondly, we highlight which are typical gaps in hospitals and we outline which have been identified in the Charité. Thirdly, we will describe the Privacy Transformation Program of the Charité to implement GDPR. This program implements different layers, e.g. a strategy, privacy governance, policies and procedures, culture and awareness, privacy operations and a privacy inventory.