The past year was an active one for data privacy and security legislation and enforcement. Protection for certain personal data was enhanced internationally by the EU General Data Protection Regulation (GDPR) and in the United States at the state level. Notable new state legislation includes the California Consumer Privacy Act of 2018 (CCPA) and developments in a number of state data breach notification laws that may affect organizations that handle health information. At the same time, the US federal government sought ways to reduce the regulatory burden on health care industry participants and increase the flow of data to promote interoperability.
This report highlights the notable actions and guidance that will shape the data privacy and security landscape for health care providers, digital health companies and other health care industry stakeholders in the coming year.