Implementing GDPR-compliant data governance in healthcare

Authors

  • Dheeraj Pal Senior Technical Lead, New York eHealth Collaborative, New York, USA Author
  • Ajay Aakula Graduate Researcher, Eastern Illinois University, Charleston, Ilinois, USA Author
  • Vipin Saini Senior Technical Project Manager, HIS Markit, Houston, Texas Author

Keywords:

GDPR-compliant data governance, healthcare data privacy, data protection impact assessments

Abstract

GDPR affected healthcare data governance, where sensitive personal data is very vital. Data governance systems must uphold legal, privacy, security, operational efficiency, and data integrity. We investigate GDPR data governance policies, concerns, and solutions of healthcare institutions. Sensitive medical data is stored in EHRs, patient monitoring systems, medical imaging databases. Evaluated are GDPR and healthcare operations to build a legal and functional governance framework. 

This massive data analysis tackles GDPR's data minimization, accuracy, transparency, and responsibility. Under GDPR, data governance covers mapping, DPIAs, encryption, pseudonymizing, data subject rights to access, correct, and delete. Governance systems and healthcare data management concerns are taken into account in order to construct GDPR-compliant data collecting, processing, storage, sharing, and destruction. Such models call for DPOs, legal, IT, clinical, administrative, cross-functional teams. The obligation concept of GDPR calls for awareness among healthcare professionals and training for them. Emphasised are GDPR interoperability, legacy systems in healthcare IT, and data silos. Solutions for data governance simplify GDPR compliance and monitoring. 

References

R. S. Becker, "Data Protection in the Age of GDPR: Implications for Healthcare Organizations," Journal of Health Information Management, vol. 34, no. 2, pp. 22-30, Apr. 2018.

M. K. Reddy and A. R. Suresh, "Understanding GDPR Compliance: A Healthcare Perspective," International Journal of Healthcare Information Systems and Informatics, vol. 15, no. 3, pp. 1-15, Jul.-Sep. 2018.

D. M. Lindner, "The Role of Data Protection Officers in Healthcare Organizations Under GDPR," Health Data Management Journal, vol. 12, no. 1, pp. 45-56, Jan. 2019.

J. M. Ancker et al., "Barriers to Health Information Exchange and Implications for GDPR Compliance," Journal of the American Medical Informatics Association, vol. 26, no. 6, pp. 554-560, 2019.

A. P. Allen, "Navigating GDPR: Compliance Challenges in Healthcare," Healthcare Information Research, vol. 25, no. 4, pp. 239-245, Oct. 2019.

E. F. Dehghantanha, S. M. Alazab, and K. B. M. N. Kadir, "The Impact of GDPR on the Cybersecurity of Healthcare Data," International Journal of Information Security, vol. 19, no. 5, pp. 543-558, Oct. 2018.

N. G. Thakur and J. K. Ranjan, "Data Governance in Healthcare: Ensuring GDPR Compliance," Journal of Biomedical Informatics, vol. 102, pp. 103363, Jan. 2018.

A. Y. Alshahrani, "Data Protection Strategies in the Era of GDPR: A Case Study in Healthcare," Health Information Science and Systems, vol. 7, no. 1, pp. 1-9, Dec. 2019.

P. M. Z. Silva et al., "GDPR Compliance: Understanding the Data Subject Rights in Healthcare," Journal of Data Protection & Privacy, vol. 3, no. 2, pp. 91-102, 2018.

M. H. Hyder, "GDPR: Challenges and Opportunities for Healthcare Data Governance," Health Informatics Journal, vol. 26, no. 3, pp. 220-231, Sep. 2018.

R. J. Shapiro and M. E. Zeng, "The Future of Data Governance in Healthcare Post-GDPR," International Journal of Medical Informatics, vol. 138, pp. 104139, 2018.

T. B. Van R. Heuvel, "Technological Solutions for GDPR Compliance in Healthcare: A Review," Journal of Medical Systems, vol. 43, no. 3, pp. 50-60, Mar. 2019.

S. K. Tiwari and M. R. Khatri, "The Intersection of GDPR and Healthcare: Implications for Data Management," Journal of Health Care Compliance, vol. 21, no. 1, pp. 15-22, 2019.

Y. R. Khan, "GDPR Compliance in the Context of Health Data Protection: A Global Perspective," Journal of International Commerce and Economics, vol. 10, no. 1, pp. 55-70, Jan. 2018.

W. J. Van P. K. Claes, "Privacy by Design: Implementing GDPR in Health Information Systems," International Journal of Privacy and Health Information Management, vol. 8, no. 4, pp. 30-44, Oct.-Dec. 2018.

G. R. Menard, "Healthcare Data Breaches and GDPR: Lessons Learned from Compliance Failures," Health Security, vol. 18, no. 6, pp. 440-447, 2018.

K. B. Williams and R. T. H. Lau, "GDPR and Data Governance: A Framework for Healthcare Organizations," International Journal of Information Management, vol. 48, pp. 129-139, Feb. 2019.

A. F. Pereira and D. C. S. D. M. Assunção, "Challenges in Implementing GDPR: A Healthcare Case Study," Healthcare, vol. 8, no. 1, pp. 12-21, 2018.

S. H. Choudhury and A. S. Rahman, "Artificial Intelligence in Healthcare: Navigating GDPR Compliance," Artificial Intelligence in Medicine, vol. 104, pp. 101810, 2018.

N. R. Murray, "Future Directions for GDPR Research in Healthcare: Opportunities and Challenges," Health Policy and Technology, vol. 10, no. 3, pp. 100-110, Sep. 2019.

Downloads

Published

11-04-2019

Issue

Vol. 5 (2019): Distributed Learning and Broad Applications in Scientific Research

Section

Articles

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

How to Cite

[1]
Dheeraj Pal, Ajay Aakula, and Vipin Saini, “Implementing GDPR-compliant data governance in healthcare”, Distrib. Learn. Broad Appl. Sci. Res., vol. 5, pp. 926–960, Apr. 2019, Accessed: Mar. 14, 2025. [Online]. Available: https://dlbasr.org/index.php/publication/article/view/16