American Law is Just as Relevant in Europe as the USA

Blog / American Law is Just as Relevant in Europe as the USA

table of contents icon

Table of Contents

    Leonardo Koshoni
    Leonardo KoshoniNovember 1, 2021

    Head of Business Analysis

    HIPAA in Europe may sound as oxymoronic as a curved straight line or easy to understand compliance rules. Although its’ a US law, the truth is that HIPAA in Europe is a major driver in both Health Tech and technology in general. To give a little background, HIPAA refers to an American law that came into effect in 1996 and covers how the patient data of American citizens can be processed with and without consent of that patient.

    Why should European companies care about HIPAA? 

    HIPAA in Europe: Why American Law Applies to European Tech Companies 

    While HIPAA is not overtly extraterritorial, meaning it is not written to apply outside, it is written to protect the data of US citizens no matter where those citizens are in the world. So, to use another legal term, it is the de facto case that HIPAA applies outside the US. 

    Because HIPAA was written to protect the data of US citizens, it comes into effect when companies process or store the medical data of any US citizen. So, if your health tech company stores or processes the data of even one US Citizen, HIPAA applies, and you need to come into compliance with it. 

    HIPAA in Europe

    What HIPAA fines do EU Health Techs Face? 

    Getting an exact dollar figure on the potential fines is a challenge. They can range between $25,000 and $50,000 per individual record and can grow into multimillion dollar fines. There can also be both fines at the federal and US state level, so it gets very challenging. However, those fines don’t consider the reputational damage that a health tech would face for a HIPAA fine. If a European company even wants to go to the US or get US investment, a HIPAA fine could kill those hopes. 

    How to Comply with HIPAA in Europe? 

    Complying with HIPAA not only mitigates the risk of fines and negative PR, but it also is a unique selling point. If your health tech wants to work with US companies or wants to work in the US, then you need to comply with HIPAA. So, by coming into compliance, you are opening the door up to a new market and to new business deals with American companies. 

    The good news is that some of what you need to do to comply with GDPR applies to HIPAA as well. You will need to tweak your privacy policy, how you gather consent and most importantly how you process and store the data. We offer a compliance audit and are happy to work with you to build a roadmap to come into compliance. 

    HIPAA in Europe is very much a piece of regulation that health techs need to comply with not so much because of the risk of fines but more so because of the opportunities that complying with HIPAA opens for EU Companies.    


    You may also like

    Sheraz Sarwar

    Blockchain's Affect on the Healthcare Sector

    Blockchain as a system of recording information is, theoretically, unhackable. Because every time a trans...

    Sheraz SarwarNovember 8, 2021
    Leonardo Koshoni

    HIPAA Breach Notification Rule: What you Need to Know

    HIPAA breaches do occur, in all areas of healthcare. That's why the HIPAA breach noticiation rule advises...

    Leonardo KoshoniMarch 8, 2022
    Leonardo Koshoni

    HIPAA Risk Assessments for Digital Health Developers

    Risk assessments are an effective tool in any business. However, digital health companies handle personal...

    Leonardo KoshoniFebruary 27, 2022


    facebook share
    facebook share
    facebook share
    facebook share
    facebook share