Business planning for incorporation of the GDPR (General Data Protection Regulation) in Hospital Units

Postgraduate Thesis uoadl:2898954 140 Read counter

Κατεύθυνση Σχεδιασμός και Διοίκηση Υπηρεσιών Υγείας
Library of the School of Health Sciences
Deposit date:
Delimani Georgia
Supervisors info:
Αποστολάκης Ιωάννης, Ε.ΔΙ.Π., Ιατρική Σχολή, ΕΚΠΑ, Επιβλέπων
Τούντας Ιωάννης, Καθηγητής, Ιατρική Σχολή, ΕΚΠΑ
Καντζανού Μαρία, Επίκουρη Καθηγήτρια, Ιατρική Σχολή, ΕΚΠΑ
Original Title:
GDPR: Επιχειρησιακός σχεδιασμός για την ενσωμάτωση του σε Νοσοκομειακές Μονάδες
Translated title:
Business planning for incorporation of the GDPR (General Data Protection Regulation) in Hospital Units
This thesis is entitled "GDPR: Business Planning for its Integration into Hospital Units" and is intended to study how the GDPR (General Data Protection Regulation) - as a single legislative framework for the processing of personal data - can be integrated into the operation and culture of public hospitals by changing or adding actions to their business planning.
The point is to make a simple proposal that is easy to understand and easy to use by all healthcare professionals and all administrative staff. This proposal will address the incorporation of GDPR (General Data Protection Regulation) into the business plan of each public health sector, and will focus on the standards given by the GDPR for the patient.
A literature review of relevant articles was initially conducted on Medline / PubMed and Google Scholar databases, as well as e-books, journals, and websites using keywords. The search was done through the university's internal network where access to several digital sites and digital libraries was free. We were able to have the necessary knowledge on the articles of the GDPR as well as to build a business plan.
Using the above we first provided a brief description of the articles of the GDPR and then critical elements for business planning. We also made a general suggestion on how GDPR compliance could be monitored and promoted, easily and at no cost. Finally, we presented patient-focused data on GDPR.
So we have come to the conclusion, that by doing some simple actions we can accomplish our purpose very easily and quickly. First of all, it is important to have proper training and full knowledge of the GDPR, in order to have a foundamental basis. Second, it is substantial to be able to use all the tools we have in our disposal (e.g. information systems). Last but not least, we have created some precautionary actions, based on the training that we have on the GDPR standards, so that we are ready to manage situations that have already been foreseen in GDPR regulation.
Main subject category:
Health Sciences
GDPR, Business planning, Action plan, Hospital Units, Public health sector
Number of index pages:
Contains images:
Number of references:
Number of pages:

Delimani Georgia Master.pdf
1 MB
File access is restricted only to the intranet of UoA.