Overview
Bernadette Broccolo and Daniel Gottlieb stated that the EU’s new General Data Protection Regulation (GDPR) has “direct extraterritorial reach” to personal data collected and/or processed by a US organization per certain criteria. The lawyers urged US health care providers to “revisit security risk assessments performed for HIPAA compliance purposes to determine whether they assess the risks relative to the security of Personal Data (and not only electronic protected health information).”
