And they couldn't demand that the provider deletes it in EU either, because maintaining medical records is a legal requirement, which overrides the right to be forgotten.
But it does require you to document that requirement and make sure that the data isn't shared beyond that requirement without consent.
HIPAA and GDPR aren't conflicting, they're orthogonal and cover different things.
But it does require you to document that requirement and make sure that the data isn't shared beyond that requirement without consent.
HIPAA and GDPR aren't conflicting, they're orthogonal and cover different things.