These standards provide patients with access to their medical records and more control over how their personal health information is used and disclosed. They represent a uniform, federal floor of privacy protections for consumers across the country. HIPAA took effect on April 14, 2003.
In the UK, private providers that operate in the US must adhere to HIPAA too, but in the public sector the National Health Service has security policies for England, Wales and Scotland. While not law, these policies are aimed at safeguarding patient data and ensuring organisations within the NHS adhere to the Data Protection Act 2018 (DPA).
There is a cross over between the DSP Toolkit, ISO 27001 and HIPAA. So, a start-up MedTech organisation in the UK may decide to adopt of compliance strategy of first submitting DSP Toolkit then gaining HIPAA compliance before moving on to the largest certification which is ISO 27001.