An EU General Data Protection Regulation enforcement action against a hospital in Portugal demonstrates for U.S. healthcare entities that complying with GDPR may be even tougher than complying with HIPAA.
Portugal's supervisory authority Comissão Nacional de Protecção de Dados levied fines totaling 400,000 euros ($458,000) against a hospital, Centro Hospitalar Barreiro Montijo, for three violations of GDPR. That enforcement action - which was reportedly levied last July but only recently made public - apparently was Portugal's first since GDPR's compliance deadline on May 25, 2018.
David Holtzman’s comments are featured in this article.