Session ID: 

The Policy Aspects of International Data Protection Laws: A HIMSS Multi-National Session

11:30am - 12:30pm Wednesday, February 13
Orlando - Orange County Convention Center


Safeguarding an individual’s protected health information has taken on increased importance in recent years as the use of digital health tools has proliferated across the healthcare ecosystem.  This session will discuss how the Health Insurance Portability and Accountability Act of 1996 (HIPAA)  and the European Union’s (E.U.’s) General Data Protection Regulation (GDPR) are working within their jurisdictions to protect the confidentiality, integrity, and availability of patient data.  As healthcare delivery becomes more global, the panel will also consider where further guidance is needed as we move closer to cross-jurisdiction and geographic alignment between HIPAA and GDPR. 

Learning Objectives: 

  • Differentiate the scope and jurisdiction of HIPAA and GDPR, discuss where they intersect and diverge, as well as what patient access rights exist under each law
  • Describe consent requirements and permissible disclosures without consent under each law, and compare expectations around consent and secondary uses of data in the U.S. and E.U.
  • Hypothesize about potential changes to HIPAA regulations, as well as how the U.S. may use GDPR to guide broader changes in data privacy laws


Bradley Arant Boult Cummings
Humanitas Research Hospital
Chief Privacy and Regulatory Officer,
Omada Health