Table 1.
Data privacy laws in the European Union and the United States.
| Source and guideline | Summarized text | |
| General Data Protection Regulation Article 5 |
|
|
|
|
“data minimisation” | Personal data collection is limited to what is necessary |
|
|
“lawfulness, fairness and transparency” | Personal data are processed in a transparent manner |
|
|
“purpose limitation” | Personal data are collected with an explicit purpose, and further processing adheres to the initial purpose |
|
|
“accountability” | Third parties are responsible for adhering to privacy laws |
|
|
“integrity and confidentiality” | Personal data are securely processed and there are protections against unauthorized use |
| Health Insurance Portability and Accountability Act Privacy Rule |
|
|
|
|
Limits who can view and share an individual’s health information | Health information cannot be used for purposes not directly related to providing health treatment without an individual’s consent (with exceptions) |
| Health Information Technology for Economic and Clinical Health Act Subtitle D | ||
|
|
Data security of digital health information | Electronic medical records must be secured, and data breaches must be reported |