Is Your Medical Billing Process GDPR Compliant?

4 min readJul 19, 2018


Use a HITRUST Certified medical billing service to help you stay compliant at all times

GDPR has caused quite a stir in many organizations that handle sensitive information. In the medical industry, GDPR once again brought the concern over the protection of patient information to the forefront.

What’s GDPR and Why Should You Care?

GDPR stands for the General Data Protection Regulation and is enforced by the European Union (EU) to protect the personal data of its citizens.

It’s one of the most rigorous data protection policies and designed to give EU citizens more control over their personal data.

If you’re a medical provider in the US, you may wonder if you have to worry about GDPR.

Even though you’re not required to adhere to GDPR if your patients are living in the US (even if they’re EU citizens,) you’ll be affected if just one of your patients moves (or returns) to the EU.

Given the hefty penalties associated with non-compliance — a fine as much as 10 million euros or 4% of the company’s annual global turnover (whichever is greater) — it pays to err on the safe side and make sure your medical practice is adhering to GDPR’s data processing requirements.

Image source

GDPR and Healthcare Billing

Healthcare data breaches have been and will continue to be a major concern in the cybersecurity scope. In fact, 2017 brought a total of 477 breaches that effected 5.6 million patient records. These staggering statistics are the result of healthcare systems failing to implement the necessary safe-guards that protect sensitive patient information.

Based on these numbers, it may seem safer to keep your patient health records offline and out of reach of cybers-hackers.

In reality, this is far from the truth.

By upgrading your billing process and implementing an online patient portal, you can consolidate patient information and improve data security. In addition, accepting payment online can help you streamline your operation and ensure the safety of your patient’s information.

However, it’s not as simple as installing any payment system. It’s becoming increasingly complex and costly to stay compliant to the many rules and regulations, such as HIPAA and GDPR, when processing medical payment that involves confidential information.

Processing billing in-house is labor-intensive and can expose sensitive patient data to potential breaches if you don’t have the right security measures in place.

That’s why more and more medical practices are relying on third-party services to handle their billing process. You can stop spending valuable time and resources on tackling paperwork and rest assured that your patient information is properly protected.

Of course, you’ll need to select a provider that has the best security protocols in place and is committed to continually updating its processes to stay compliant.

As one of the first HITRUST certified printing, mailing and payment vendors, MailMyStatements helps you streamline billing while staying compliant to major regulations at all times.

“GDPR signals a move towards a more international standard for information privacy. With this new version, we have modified the HITRUST CSF controls to meet the requirements for a comprehensive assessment of GDPR risk posture. This is critical given that GDPR is one of the key compliance issues currently facing privacy officers worldwide.”

– Anne Kimbol

Associate General Counsel and Chief Privacy Officer, HITRUST.

For example, the latest release of the HITRUST CSF® Integrates GDPR and New York State Cybersecurity Requirements. When you have us process your medical billing, you don’t have to worry about updating your operation — which could take up a lot of time and cause quite a bit of a headache.

See how you can outsource your medical billing and stay compliant with our payment solution here.


Hugh Sullivan is the CEO of MailMyStatements, an industry-leading healthcare billing, and payments company. He has over 25 years of experience as a seasoned healthcare executive, was the co-founder of ENS Health — a highly successful national healthcare electronic data interchange company, and has served in various leadership roles within Optum, a UnitedHealth Group company. Considered as an industry thought leader, Hugh is an expert in using health IT to improve healthcare information exchange, which can enhance the quality of care, improve efficiency, and reduce costs.


You can follow Hugh on Twitter @hughdsullivan




MailMyStatements is a technology-driven statement, payment, and collection vendor that specializes in simplifying the client billing process. #patientstatements