Skip to main content

On May 25, the European Union put into effect a far-reaching regulation to protect the privacy and personal data of EU residents. Because the General Data Protection Regulation (GDPR) purports to apply to healthcare organizations in the United States that handle personal information for EU residents, UW Medicine is taking steps — in concert with the UW Privacy Office — to understand what changes may be necessary in our own data protection and privacy policies.

Under GDPR, people generally have broader rights than under HIPAA (Health Insurance Portability and Accountability Act) to access, correct or erase their personal data. This information can include biographical and location markers (name, address, phone number and birth date); online identifiers (email and IP address, social and online identities); and other information related to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

UW Medicine is following the lead of the UW in taking a risk management approach to meeting GDPR requirements. High-priority areas include updating policies and procedures, as needed, for providing notifications to individuals about our use of their personal data, securing consent in certain circumstances, monitoring website and online activities, developing contractual agreements for sharing or transferring personal data, and managing incidents appropriately.

For more information on GDPR, please refer to the following UW resources:

UW Privacy Office: EU GDPR

UW Privacy Office: UW Standard for European Union General Data Regulation

UW Advancement: GDPR FAQ (UW Net ID required)


Leave a Reply