Written by: Sharon Janssens and Luc Van Ruysevelt

We use smartphones and smartwatches to track weight loss, map our runs and evaluate our sleep. When combined with specific devices, health signals such as heart rate, glucose levels and body temperature can be monitored, and not just by us; healthcare professionals (HCP) can track and treat their patients from a distance, dramatically increasing access to a huge amount of personal data.

These HCPs create of course their own data too: scheduling appointments, consulting lab and scan results, sending emails, looking up reference values… All this is 24/7 accessible. The cloud is everywhere.

All these new technologies generate a huge amount of valuable data, making security of data storage more and more important. People get worried about what happens with their data. And they should. What happens when a doctor loses his/her smartphone? Or when someone’s medical record is hacked? Or if personal health data are shared with let’s say insurance companies? Personal data are very valuable and may be misused. More than ever protection is relevant.

General Data Protection Regulation or short GDPR

Since 25 May 2018, everybody that uses personal data must be GDPR compliant. Those 4 letters were all it took to cause sleepless nights for everybody storing, processing and transmitting personal data.

GDPR is the most important advancement in the regulation of data privacy in 20 years. The goal of GDPR? To give people in the European Union more control about their own data and how they are used. It doesn’t only apply to organisations within Europe but to every person, business or organisation that handles personal data of EU residents.

People now have more rights about their own data such as the right to access and correct their personal data, the right to data portability, and the right to be forgotten or to withdraw their consent.

GDPR in healthcare

Healthcare data has a special mention under the GDPR; it is subject to higher protection standards because of its sensitive nature. And because people must give explicit consent for handling their personal data, a lot of healthcare organisations fear the loss of a lot of valuable information. Or fear that they will not be able to gather information at all.

Still, the best way to ensure that people keep sharing their valuable personal data is to make it clear. Clear to understand that they can decide to share their data and have more control on how their data is being handled, by whom and for what purpose.

Because of GDPR, people are more aware, and this awareness can be used to get people more involved with their own health or let people know how their data can help other people. That’s a good thing.

But healthcare is not only about patient data; it’s also about the HCP treating his patients. Information gathered on HCPs is considered an important asset in tailoring medical communication, education, advertisement etc. But is the amount of HCPs email contacts and profiles in your database really so crucial to reach the desired goals? Of course, but you need to be transparent and obtain consent on what data you store and why you process them.

Quality, in the long run, will always prevail over quantity, and HCPs who are interested will always find you by genuine interest giving active consent to be contacted, educated, profiled. Cleaning up the mass of data and getting it transparent for all parties can only improve the quality of interaction.

GDPR in healthcare

So, is GDPR a blessing or a curse?

Everybody keeps talking about the burden of GDPR and the measures that must be taken to ensure the safety of personal data. But it can also be seen as an advantage. In the digital world we are living now, data will become more and more important. And ensuring its safety must be a priority for every organisation in order to maintain and further improve correct usage of these data.

Because of GDPR, organisations are more aware than ever of the importance of keeping personal data secure. It is the perfect opportunity to update or implement processes related to data safety. Or perform data protection impact assessments within an organisation to identify security risks which can then be eliminated. But also, to minimize which data is collected. Is it necessary to ask for a phone number or a date of birth if you only want to contact people through email?

Organisations that are compliant with GDPR will show customers, clients or patients that their data will be handled secure and with care. It creates confidence and reliability.

And on top of that, organisations now have a database that is up-to-date and accurate. Data is stored no longer than necessary, and it is protected from loss, damage and unauthorised use and processing.

How do we handle GDPR?

As a medical communication agency, we have always respected the data privacy and protection rights of all our stakeholders. Whether it concerns industry clients, medical experts or others, we don’t collect personal information that we don’t need and what we store is stored in a structured, transparent, secured and meaningful manner.

Nevertheless GDPR compliance was one of our priorities for the past year as we saw it as an opportunity to further strengthen our commitment towards clients and partners.

By contracting an external GDPR expert, appointing an internal data protection officer, cleaning our databases, collecting only relevant data, improving transparency towards customers and raising awareness within the company about appropriate and secure data handling, we are ready for the future.

And we feel good about it.