HIPAA focuses on healthcare organizations and how personal health information is used in the US. GDPR, on the other hand, is broader legislation that supervises any organization handling personally identifiable information (PII) of an EU or UK citizen.

GDPR governs the use of and applies to all personal data of persons within its scope. In contrast, HIPAA’s narrower scope only applies to HIPAA-protected health information (PHI).

GDPR sets compliance standards for all entities within its scope. HIPAA sets standards for covered entities and business associates (BAA).

Regarding consent, GDPR requires explicit consent for processing personal health data (which falls under sensitive data). However, the data may be processed without consent if it meets one of the processing conditions in Article 9 of GDPR and a legal basis applies.

A HIPAA authorization is consent obtained from an individual that permits a covered entity or business associate to use or disclose that individual’s protected health information to someone else for a purpose otherwise not permitted by the HIPAA Privacy Rule. HIPAA allows disclosure of some PHI for 12 national priority purposes, including treatment purposes, without the individual’s consent (authorization).

We’ve written some posts to help you understand GDPR requirements and how they might apply to you:

Be sure to also read our HIPAA-related content:


  • The combined benefits of using Piwik PRO and Cookie Information Consent Management Platform

    The combined benefits of using Piwik PRO and Cookie Information Consent Management Platform

    If you’re using Piwik PRO for privacy-friendly analytics, you’re already ahead in responsible data practices. But if you’re still relying on a basic consent manager, you could be missing opportunities to improve compliance, capture better data, and simplify your team’s workload. That’s where the combination of Piwik PRO and Cookie Information CMP comes in. This…

  • GDPR

    Global data centers: secure, GDPR-compliant analytics hosting with Piwik PRO

    As digital privacy regulations tighten and performance expectations rise, organizations are rethinking how and where their analytics data is hosted. Data centers play a central role in this shift, providing the infrastructure that powers secure, compliant and high-performance analytics solutions across the globe. Piwik PRO makes it easy to align your data strategy with local…