Gestão de compliance adequada à Lei Geral de Proteção de Dados na área da saúde

Abstract

This article aims to discuss about the relationship between Compliance and the General Data Protection Law (LGPD) in the health care area. For the development of this text, the general aspects of the LGPD and its guiding principles will be analyzed, discussing the effects and main provisions of the referred law. In addition, the economic and business impacts of the LGPD will be addressed, correlating them with the Compliance system. Initially, the concept of personal data and treatment will be presented in the light of the General Law for the Protection of Personal Data, with an overview of the aforementioned regulation. Next, privacy and data protection applied to the health area will be addressed, with structural analyses, followed by the inclusion of data protection in compliance and corporate governance systems.Concrete measures will be suggested for the implementation of such policies in the health care area, with the assessment of risk in the health care sector and the application of data protection. At the conclusion, we seek to present an answer to the following question: how to adapt a company or office in the health care area to the LGPD standards in accordance with Compliance? Finally, mechanisms for implementing the LGPD on this sector are pointed out, through which health companies will manage to consolidate a more responsible system in regard to personal data sharing. It is concluded that it is mandatory to adopt general conducts within organizations that can generate concrete effects in order to safely protect personal data in the health care area. Also, to strengthen the implementation of the General Data Protection Law, simultaneous data compliance work is suggested, which should take place in a multidisciplinary, preventive manner and with daily checklist procedures. Thus, there is a need for data protection to be part of the corporate culture, and its importance must be understood by all segments. However, it is not possible to speak of a single Compliance program model, as its effectiveness depends on observing the specificities of each organization and the constant review of the risks involved in the business. The challenge for companies is precisely to build a tailored model, suited to their specificities and without neglecting the guidelines of the law. The new Brazilian scenario is aimed at companies with safer, more ethical and transparent cultures