The HIPAA Privacy Rule and the EU GDPR: Illustrative Comparisons

Authors

Stacey A. Tovino, University of Nevada, Las Vegas -- William S. Boyd School of Law

Document Type

Article

Publication Date

2017

Abstract

In this Article, Professor Tovino compares and contrasts three illustrative concepts and rights in the Privacy Rule and/or the GDPR, including the concepts of authorization and consent, the rights of amendment and rectification, and the right to erasure. Identified similarities reflect the core values of HHS and the EU with respect to maintaining the confidentiality and privacy of personal data and protected health information, respectively. Identified differences reflect the Privacy Rule's original, narrow focus on health industry participants and individually identifiable health information compared to the GDPR's broad focus on data controllers and personal data. Other differences reflect, perhaps, the U.S. health care industry's significant experience with heavy regulation, the health care industry's willingness to accept additional regulation in furtherance of the course of business, and specific concerns about the ways in which employers, insurers, and other institutions have used individuals' health information to their detriment.

Publication Citation

47 Seton Hall L. Rev. 973 (2017).

Recommended Citation

Tovino, Stacey A., "The HIPAA Privacy Rule and the EU GDPR: Illustrative Comparisons" (2017). Scholarly Works. 1066.
https://scholars.law.unlv.edu/facpub/1066