You are viewing a single comment's thread from:
RE: BIG Things! @ned at Consensus 2018 - The Legality of Content Takedowns (GDPR) & SMT Communities That Don't Use Stake Weighted Voting!
Wouldn't they have already been prepared for this under HIPAA?
Wouldn't they have already been prepared for this under HIPAA?
I am not an expert on the differences between the two standards, but my understanding is that they are not the same. I was advised by the British government that US companies who are not specifically GDRP certified need to use an agreement such as Privacy Shield to process data from the EU in the meantime.
HIPAA is not the same, and much much older, it's the Healthcare Privacy Act, which means your health care data must be protected - and thus removable...
Since the rights involved are not the same between the two pieces of legislation, being HIPAA compliant does not equate to being GDRP compliant.
Didn't say "equivalent" I said "similar" and "prepared" - the HIPAA work I've done, including building an audit tool for heath care companies to determine HIPAA compliance, included sections on data removal readiness as far back as 2009 or 10.
Fair enough, but from the perspective of, say, a clinic in the EU - being HIPAA complaint is not enough for them to be able to 'legally' work with a data processor in the US.
Yeah, but that's because of a myriad of other regulations, such as pharmaceutical dispensary controls and such. If they are HIPAA they are HIPAA, and that box is checked.