According to iaap.org the GDPR covers all personal data defined as any data from which a living individual is identified or identifiable, whether directly or indirectly. This broad definition includes data outside the scope of HIPAA, but GDPR includes specific requirements relating to “sensitive personal data” such as racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation. GDPR’s “data concerning health” and HIPAA’s “protected health information” are very similar.
PHI is defined under HIPAA as any individually identifiable information relating to past, present or future physical or mental health condition, the provision of health care or the payment of health care. The U.S. Department of Health and Human Services has indicated that PHI includes names, addresses and demographic information if in a context that indicates that the individuals named were patients of a health care provider, even if no specific diagnostic or payment information is included.
Organizations governed by GDPR that collect or use sensitive personal information may only process such information in certain circumstances. The term “process” is extremely broad and generally covers anything that is done to or with personal data (this may include collecting, recording, organizing, structuring, storing, adapting, altering, retrieving, using, disclosing, disseminating or making available, restricting, erasing, or destroying data). Similarly, HIPAA permits covered entities and business associates to “use” or “disclose” PHI under limited conditions. HIPAA defines use to mean, with respect to PHI, “the sharing, employment, application, utilization, examination, or analysis of such information within an entity that maintains such information.” Disclosure means “release, transfer, provision of access to, or divulging in any manner of information outside the entity holding the information.” source
Absolute majority of organizations, falling under the jurisdictions of both HIPAA and GDPR use cloud mailing and document systems, mainly Office 365 and G Suite. From both HIPAA and GDPR derives the absolute inevitability to backup either of them and UpSafe provides an outstanding solution for both cases. Upsafe Backup provides the best backup solution for Google G Suite (corporate Gmail backup) and Office 365 backup. It helps you ensure the critical data from your SaaS application and allows you to focus on what really matters for your business & projects. In a few clicks you can set up the solution and just start your Google G Suite backup and Office 365 backup. Then, when necessary, just restore the files you need through granular or full recovery.
Moreover, we provide SPECIAL DISCOUNTS applicable for healthcare and other socially impactful insitutions.
We work for your security
UpSafe Team