GDPR and Healthcare GetReferd
29 Jan 2019

5 ways GDPR is changing Healthcare

The health sector by its very nature collects masses of personal data to deliver services to patients. 

GDPR Healthcare

But how patient data is managed has been radically updated, as the European Union’s General Data Protection Regulation (GDPR) came into action on 25th May.

The GDPR will affect every industry, but in health the new regulations give every patient more control over the personal data that is being collected and stored about them, as well as how this information is used. Included in these changes are heavy penalties, another core component, with a maximum fine of €20m or 4% of turnover for noncompliance.

What do these changes mean for healthcare and patients? We have compiled five ways that the GDPR will affect the healthcare industry over the coming years. 

Personal data is safer

Under new regulations, healthcare organizations must be more diligent in how they collect and store patient information. To do this, they must better understand how their patient information is collected and where it is stored. This is a standard change for digital data, but this also includes paper data.

Under the new GDPR, it mandates that data breaches must be reported within 72 hours. Naturally, this will drive healthcare professionals and organizations to take better care of the data they hold and, of course, the higher fines in play will act as another incentive to dramatically improve data security.

More detailed patient profiles

Multiple data points are collecting data on patients, ranging from doctor’s surgeries, specialized healthcare facilities and to wearable health tracking technology. But this data footprint on an individual is usually highly fragmented.

The GDPR has a few core components, one of these is to ensure that there is more available information about the purpose and location of any data that is collected. What this should lead to is a more detailed view of a patient, which in turn should lead to better and more accurate diagnosis, with targeted treatments, therefore, a lower cost for both patient and healthcare organizations.

However, there is a counterpoint to this, the GDPR ensures the right to be forgotten, which could prove to be a barrier to improved diagnosis and create fragmented data.

Mandating that patient data has more structure could be hugely beneficial to HealthCare Providers. The GDPR places a framework around how this data can be collected, used and in which scenarios it must be deleted, but individual patient care should benefit from reduced fragmentation.

Putting patients in control

Healthcare is the one area of our lives that has remained highly sensitive and private. But test results are often shared widely to reach a diagnosis, with the patient having little insight into how this information is collected, who has access to it and how it is stored. GDPR places individuals firmly in charge of their data. Giving customers control can help to shape relationships in a positive way.

The framework is there to give the user control but how? How are people going to be educated? How will this be facilitated? GDPR goes part of the way in definition but there is no easy way for the individual to control their data. In short the potential is there but how successful it will be is yet to be seen.

New data sources

According to Future Health Index data, 57% of patients own or use a connected care device to monitor various health indicators, but only one-third of these individuals (33%) have ever shared this information with their doctor. Furthermore, FHI research found that healthcare is the industry the general public most trusts with its personal data. There is, therefore, a strong foundation from which to make health data collection part of more peoples’ lives.

On the Healthcare Provider side, technologies from social networking are increasingly being used to deliver patient care and support. Healthcare professionals regularly use networks such as Whatsapp to send patient data to each other. As this information moves across the network, this could mean sensitive data is held outside of the EU, breaching GDPR regulations.

Better prevention to data insights

The masses of data that healthcare organizations have been collecting for decades is still often unstructured and inaccessible. The ideas behind big data and how it can unlock the insights contained with healthcare information is a major reason why GDPR could offer the healthcare industry a huge opportunity. The insights that come from the drive to structure and integrate data could accelerate new therapies and bolster moves to improve prevention.


Overall, the GDPR is a reason for the health sector to be excited, it could help unlock the potential in huge stores of data that have remained dormant for decades.

About Author

Craig Ellis

Head of Sales Engineering, with a passion for Healthcare, CRM, Business Development, New Technology, Marketing and Gadgets. Business Technology Professional, working in the SaaS Industry for GetReferd, Healthcare Software - Closed Loop Referral Management. Helping healthcare organisations to connect General Practioners to Healthcare Organisations, for referring their patients in real-time, scheduling appointments and creating a better patient experience.

Related posts

Blockchain in Healthcare - GetReferd
31 Jan 2019

How Blockchain can change Healthcare

There are many challenges for the US healthcare system, from multiple-step data sharing procedures, clinical trials and medical research to complex billing and less-than-optimal patient experience. The stakeholders involved in Healthcare organizations are under increasingly heavy pressure to both control costs and continue to provide high-quality care to patients....

Read More
%d bloggers like this: