Jeremy Shapiro-Barr has authored an article titled, ‘The GDPR’s Impact in the U.S.: Considerations for the U.S. Health Lawyer,’ which has been published in the October 2018 issue of the American Health Lawyers Association’s Journal of Health and Life Sciences Law. The article provides an in-depth analysis of various aspects of the GDPR, including its applicability to U.S. organizations in the health care and life sciences industries. Below is an abstract of the article. To access the full article, please visit

The GDPR’s Impact in the U.S.: Considerations for the U.S. Health Lawyer

What is the issue?

The European Union’s General Data Protection Regulation has broad reach, and the U.S. health attorney may find that his or her U.S.-based clients—be they physician groups, pharmaceutical companies, or medical device manufacturers—are subject to the GDPR if their activities involve the processing of personal data of an individual located in the EU.

What is at stake?

Non-compliance with GDPR requirements could expose U.S.-based provider-clients to enforcement not only by data protection authorities in the EU, but also by the Federal Trade Commission and Department of Transportation, two federal agencies that have both publicly expressed their intention to cooperate with EU data protection authorities and to undertake enforcement initiatives on their own.

What should attorneys do?

Health attorneys should become knowledgeable about the interplay between the requirements of the GDPR and the Health Insurance Portability and Accountability Act. The differences in scope, enforcement, and the rights of the data subject as outlined in each set of regulations are vast, but some similarities exist.