The General Data Protection Regulation (GDPR) is a European Union (EU) legal framework that specifies how personal data of EU citizens and residents should be used and protected. As long as the data of a single EU citizen is being handled by a system, that system and its legal entity must be compliant with EU GDPR. Breach of compliance would see penalties of up to 4% of worldwide turnover or €20 million, whichever is higher. Big or small, within or outside the EU, many have been fined from GDPR enforcement. Even if an insurer or medical service provider never serves an EU citizen, other jurisdictions such as the USA or China are expected to release similar regulations for privacy protection. The era for lax attitudes towards is over.
Unlike incumbent medical systems, Mediflow is designed from day one with data privacy in mind. This means insurers and medical service providers do not store unnecessary patient data. Patients are in custody of their own data, and decide when and how it will be used. Besides adherence to GDPR, this reduces the risk of catastrophic compromising of health data.
Unlike incumbent medical systems, Mediflow is designed from day one with data portability in mind. This means health and insurance data will not be stuck to the Mediflow system, improving reconciliation between different parties. Besides adherence to GDPR, this means insurers and medical service providers are not slaved to the Mediflow system and can easily leave at any time.
Unlike incumbent medical systems, Mediflow is designed from day one with data access and consent management in mind. This means patients, insurers, and medical service providers understand exactly what data is being used and for what purposes. Besides adherence to GDPR, this means patients, insurers, and medical service providers have full control over their data without expose to the liability of others.