Hi kreid,
Well, the obvious thing is that we have to abide by it.
The interesting thing is that patient data protection has its own separate regulations in the US and EU markets and that evidence for compliance is not part of the submission process.
I believe FDA was the pioneer of patient data protection through HIPAA and HITECH acts, and the rest of the major markets will follow.
From an RA prospective you need to do the best you can not to include patient health information in your device (~information that identified the patient), but as the digital era and wirelesses communiction expands - it will become more and more a must to include a set of SOPs, WI, and forms as part of your QMS in order to protect patient privacy. It's a big deal. I'm doing one myself right now.
There will be a constant challenge to keep up with all the changes and updates with respect to cybersecurity.
Cheers,
Shimon