For nearly two decades, healthcare providers, suppliers, distributors, and group purchasing organizations have been entrusting their supply chain data to Global Healthcare Exchange, LLC and its subsidiaries (collectively, GHX). As the enforcement date for the European Union General Data Protection Regulation (GDPR) approaches, GHX continues to work with our customers, vendors, and others to comply with GDPR and other applicable data privacy laws.
What Types of European Personal Data Does GHX Process?
GHX customers rely on the GHX Exchange and our services to conduct their supply chain business electronically with their transaction partners. In this context, GHX may process two general categories of European personal data: 1) business contact data of customer personnel and of their business partners and 2) data that customers or their business partners choose to include in transactions related to payment.
Most of the European personal data GHX receives falls into the first category. It may include data elements like names, business telephone numbers, business email addresses, job titles, and IP addresses. These are needed to carry out the obligations of GHX and our customers under our customer agreements.
GHX also processes a limited amount of data in the second category, consisting of data that customers or their trading partners decide are needed to complete electronic supply chain transactions. For example, a customer or trading partner might require that invoicing for an implanted hip include a patient record number. It is the responsibility of customers and their trading partners to determine that processing this data is necessary, and to limit the data appropriately.
What is GHX Doing to Comply with GDPR?
As a trusted platform for the healthcare industry, GHX is committed to the privacy and security of the data in our care. GHX has been preparing and continues to strengthen our controls to meet increasingly stringent legal and regulatory requirements. Some highlights for GDPR include:
Whom Do I Contact About GDPR?
For information about our GDPR compliance efforts, please email us at GDPR@ghx.com.
This document is for informational purposes only. It does not create any warranties, representations, contractual commitments, conditions, or assurances of GHX or any of its affiliates, representatives, agents, or suppliers. It is not part of, nor does it modify, any agreement between GHX and its customers or any of their respective affiliates.
© Global Healthcare Exchange, LLC.
GHX GDPR Statement - V031218