A brief overview of the requirements for the patients' data protection in Europe, USA, and Russia

general data protection logo

Protecting patients' medical information in countries of Europe and the US is a complex legal issue. It so happened that in this industry there are more difficulties with observing normative acts and ensuring data privacy than in other spheres. And the participants of the medical tourism market also have to understand the nuances of the legislation of different countries. Further, in this review, we list three data protection standards affecting the performance of Russian companies in the field of medical tourism: the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR) and the Federal Law on Personal Data.

HIPAA is an American standard developed to protect patients' data. It was adopted in 1996. This is not a law, but rather a set of requirements, mandatory for execution in US medical institutions. Failure to comply with these requirements entails serious penalties up to large fines and criminal prosecutions. The clinics of some other countries actively working with American patients are oriented to the same standard.

The European GDPR standard has the status of a law mandatory for any company that processes personal data of European citizens, regardless of where the company is located. Any citizen of the EC may request all their data from the operator and request deleting the data if needed.

The Russian Federal Law, in addition to complying with the conditions for comprehensive protection, requires the licensing of data centers storing and processing personal data. According to the law, both data and data centers should be located in Russia. The operator of personal data is required to take consent from the client, as well as to delete personal data if they are not needed anymore.

Attention to clinics, medical tourism agents and insurance companies working with patients:

The EasyCase service was developed taking into account the requirements of HIPAA, GDPR and the Russian Federal Law. Therefore, working in the service with the patient's medical data, you can be sure of compliance with all of the three standards.

Subscribe to the IMTAA News

We write about the most useful medical tourism news 2 or 3 times per month

Enter name
Enter correct email
Enter correct phone number



Membership in IMTAA is free