Regulation from Across the Pond: GDPR's Implications for United States Health Care Organizations