The General Data Protection Law (LGPD) has just been extended for 1 year. Law 14,010/2020 was published on June 12th, postponing the possibility of applying the administrative sanctions provided for in the LGPD to 08/01/2021. Even with this extra time, companies need to adapt as soon as possible, because depending on each company's situation, this time may even be short to review and/or implement the processes necessary for full adaptation.
In this post we will clarify some important points, which need special attention so that your healthcare provider is in compliance with the General Data Protection Law. Happy reading and make the most of this content! ; )
Sanctioned in 2018, the LGPD provides for severe penalties for institutions that fail to comply with its rules aimed at protecting personal data, which can generate fines of up to R$ 50 million.
The LGPD in healthcare is something expected by the sector which, in 2017, saw the information of patients registered on the National Health Card being leaked and sold to a North American company.
How to ensure patient data security
To ensure that the establishment is up to date with LGPD health standards, services must be contracted from cutting-edge technology companies that offer the best methods for protecting patient data.
Among the initial measures that institutions must take is the importance of hiring an information security and data protection professional to carry out an audit of the company's systems, in order to find out whether or not they are up to date with the Law. The DPO (data protection office) must have legal and regulatory knowledge and be able to provide specialized services in data protection”.
In the case of a negative result, the responsible manager needs to hire professionals and software, database and hosting suppliers who comply with the new rules and update the system in the health network, needs to review internal processes and applied governance.
However, the work to ensure data security within the stipulations of the LGPD in healthcare does not end there.
Healthcare security analysts also advise medical institutions with a large flow of patients to inform them about the new registration procedures, as a way of generating confidence that their data will be protected.
The importance of data integration in healthcare providers
Authorization of data sharing with the LGPD in healthcare
The exchange of information will also need to undergo changes to adapt to the LGPD in healthcare.
It is common for medical clinics to share patient data with hospitals in cases of hospitalization, the same can happen between a laboratory and a doctor's office.
Practice is vital so that exam procedures or hospitalization are less time-consuming and the patient can enjoy the benefits.
With the LGPD in healthcare, this will still be possible, however, organizations must ask for the patient's consent in advance.
The request must also state the reason for sharing data, where or to whom it will be passed on and for what purpose. If the patient refuses, even if it is a request for hospitalization, the collection must be carried out by the other establishment and in the presence of the holder of the information.
Some laboratories and practices use WhatsApp and other messaging applications to schedule appointments and exams, this process also deserves to be reviewed by managers.
Even if it is not prohibited by law, any incorrect sending of information may subject your operator to LGPD sanctions. To avoid problems, it is recommended that your operator only implements 100% processes and systems in compliance with the requirements of the LGPD, which until further notice should be put into practice in August 2021.
Visit our website and learn about SAUDI, the most awarded system for care cost management from Brazil. If you liked this content, we also suggest reading others exclusive articles for health plan operators on our blog! ; )