The U.N. recognizes privacy as a fundamental human right, and nowhere is this more important than in medical data. That’s why both the U.S. and the EU have regulations in place that govern the collection, storage, and use of patient data in healthcare.

In the U.S., there is the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In the EU, the broader General Data Protection Regulation (GDPR) also covers patient health information.

When medical device companies begin clinical trials for their devices, they invariably come into possession of subjects’ personal data, which means they may be required to comply with either (or both) of these regulations, depending on where the studies take place and who participates.

The penalties for failing to comply with these regulations can be steep, so it’s essential that you understand what’s required of your company while handling patient health data.

Let’s start in the U.S. with HIPAA.

 …