I work in a digital health company that will likely save personal Health information.
I am conflicting what certification I best get in order to best meet the needs of business partners from Europe.
Of course there are different requirements for different businesses.
I rather Not save American PHI in US servers and European PHI in European server.
My company is already Hippa complaint but that is good for American businesses (am I right?).
Currently all my data is stored on a self installed db (Mongodb) in google's cloud platform.
google is both Hippa complaint and EU-US privacy shield certified What does that mean about my company?
I know that my company should implement these 3 mechanisms :
- Consent of patients to have their data stored
- Disclosure in case of breach
- Right to be Forgotten for any patients
Other than that, What certificate should we acquire to show our potential clients ? should we encrypt the data ? if yes, is it required to encrypt per partner or can we use one encryption key for the whole db ?
I've head of the GDPR framework but there is no organization to certify us for that, right ?
