The New EU-US Data Protection Framework’s Implications for Healthcare: Third Time’s the Charm?

Research output: Contribution to journalJournal articlepeer-review

In July 2023, the United States and European Union debuted the third iteration of cross-border agreements, the Data Protection Framework (DPF), designed to facilitate personal information transfer between the EU and the US. In healthcare, where cross-border healthcare and research initiatives are highly desirable and increasingly essential, this new framework could create new possibilities for streamlining the transfer of patient and research participant data. Although many DPF requirements may be familiar to US organizations required to comply with HIPAA, a failure to address health privacy requirements in individual EU countries or a lack of understanding where full General Data Protection Regulation (GDPR) compliance is actually needed may complicate compliance goals. In addition to outlining key DPF requirements, we offer alternatives that can improve the likelihood of reliable data transfer between the U.S. and EU and call on officials to consider the DPF’s impact for health and research organizations.
Original languageEnglish
JournalJournal of Law and the Biosciences
ISSN2053-9711
Publication statusSubmitted - Jan 2024

    Research areas

  • Faculty of Law - data protection, data sharing, collaboration, medical research, privacy

ID: 374787779