GDPR enforcement in healthcare

GDPR is a call to healthcare industry to improve paper problem


After four years of extensive preparation and debate, the European Union’s General Data Protection Regulation (GDPR) will go into effect on May 25, 2018. U.S. healthcare systems globally expanded or actively marketing and delivering care to EU patients will need to comply. While few U.S. healthcare providers have expanded globally, those that have include prominent organizations such as Johns Hopkins Medicine, Cleveland Clinic Foundation, Mayo Clinic and UPMC. Other healthcare systems are likely to follow suit in the coming years as demand for U.S. healthcare expertise grows worldwide, and the EU emerges as a prime target market.

Healthcare systems needing to comply with GDPR are likely focused on the two most pressing requirements – securing patient consent to use their personal data for business purposes not directly related to care and ensuring the ability to erase all instances of personal patient data upon a patient’s request. While that may sound reasonable, GDPR is a large, complex bill with vines reaching into often overlooked corners of the healthcare enterprise, specifically paper documents. What are the top document management priorities for healthcare providers striving to become GDPR compliant?

Digitize paper

More than 40 percent of healthcare organizations report having paper reduction initiatives in place, according to research from IDC. Despite this, paper remains prevalent in the healthcare enterprise. Even hospitals that have achieved late-stage Meaningful Use continue to process high paper volumes. In many cases, paper and print volumes have increased. One reason for this is because people naturally prefer absorbing long, complex information from paper as opposed to on a screen.

Many hospitals have accumulated filing cabinets full of paper and the prospect of digitizing it all is daunting. However, digital documents are inherently more secure and support greater levels of consumer data protection and privacy than paper – giving them the advantage in a GDPR world.

Automate Workflows

Hospitals continue to rely on paper to support a wide range of work processes, including admissions, prescriptions and discharges. When workflows are paper-based, they are less secure and more time-consuming than digital processes. Advantages of automated workflows include the ability to access a complete, verifiable audit trail of what data is sent to whom, and where it resides in the funnel at any given point in time. This augments a hospital’s ability to locate personally identifiable information quickly and accurately, even within in-transit data, and ensure data is not being routed for any business purpose other than patient care.

Secure the Printer

Information security initiatives are often focused on mitigating cyber security threats, server hacks and database vulnerabilities, ensuring data both at rest and in flight is protected. Numerous industry sources have found that paper documents are often overlooked. However, with the GDPR’s intense focus on data privacy, paper documents represent a newly rediscovered security risk.

The multifunction printer (MFP) is a standard piece of office equipment but is a hub for sensitive personal data as it transitions from digital to paper and back again. If it is not properly addressed, it has the potential to become a major data security and GDPR compliance blind spot. To alleviate the security risk at the MFP, healthcare organizations can apply a variety of device-level controls. Two examples include user authorization, which releases print jobs only when an authorized worker validates at the device; and file destination control, which restricts scanned documents to pre-approved destinations.

GDPR Opens the Door

Improved document management – particularly efforts to reduce paper – offers many benefits. These include greater data security aligning with the governing rules of GDPR (and HIPAA), and improved operational efficiency. Whether or not U.S. healthcare organizations find themselves reckoning with GDPR compliance, the bill’s mandates present a valuable opportunity for all healthcare systems to digitize and automate their document management processes.

Gain control over your paper problem

Nuance solutions help healthcare organizations gain control over their paper problem. Visit this page to learn more.

Learn more
Chris Click

About Chris Click

Chris Click is the Sr. Healthcare Solutions Marketing Manager for Nuance’s Document Imaging division where he is responsible for driving the world-wide print and capture marketing strategy for the division’s healthcare solutions. Prior to his current role, Chris worked as the Nuance Healthcare Division solutions marketing director and previously headed up sales and marketing at Client Outlook Inc. a provider of healthcare enterprise imaging applications sold through a global partner network. Chris graduated with B.S. in Computer Science from Dallas Baptist University.