Rune Mehlum, industry lead for healthcare at EMC, explains how the sector can learn from master pickpockets when it comes to protecting patient data
When travelling, people use a range of different strategies to reduce the risk of pickpocket theft. One is to place cash and valuables in different locations around their bodies and clothing – to spread the risk. Others prefer to keep all their valuables in one place – like a moneybelt – where they can keep an eye on them.
When it comes to protecting healthcare data, the options are much the same.
It was recently revealed that, for the first time, criminal attacks are the number one cause of healthcare data breaches – with this growing by 125% in the last five years – with 91% of healthcare organisations having experienced a data breach
We often have our health records spread out across multiple hospitals, paper archives, your GP’s PC etc, each with differing levels of security and, as such, prone to interception at each point along the way.
The other option is to have a centralised architecture, perhaps even cloud-based, for our national health records, utilising best-of-breed security technologies such as intrusion detection systems, audit trail logging, 24/7 monitoring, back-ups and so forth. The question is, is data easier to protect in a consolidated health record - the money belt equivalent - or when held in a range of different locations?
Couple this with the recent news that high street pharmacies will be given access to NHS medical records, which is set to be rolled out in the next few months; and it’s no surprise that patients are worried about the privacy of their sensitive data. Campaigners are also already voicing their concerns over data privacy as medical confidentiality is currently corroding trust in the NHS.
There is a strong case for integration and for one, consolidated health record. Although we currently lack the political and legal support for this at a national level, the good news is that we are heading in the right direction. We are now seeing online GP services and new technologies like wearable devices driving the digital health revolution to help manage our health in the future.
For those wanting to get it right, here are my top five tips to avoid becoming a target for pickpockets in the healthcare arena:
- 1. Consolidate your valuables - Just like the money belt, you can only keep your eye on one thing at a time. It’s also much easier to protect that way, but only as long as you take the necessary precautions
- 2. Use the appropriate protection - Use the most-suitable infrastructure to keep this sensitive data safe. A high-quality, professional IT infrastructure will not only act as a safeguard for your information to stop other people getting hold of it; it will also act as a deterrent to keep others, such as commercial chains who may exploit that data, out
- 3. Control your personal devices - Loss of mobile devices and laptops with sensitive data on them could be as valuable to a perpetrator as your other valuables. This is why it’s important to have valuable tools like remote wiping and encryption for an increasingly-mobile workforce
- 4. Remember to check at regular intervals if your valuables are still there Checking frequently to make sure health records are up-to-date and safe will turn the once-laborious task into an everyday habit and gives everyone a peace of mind that the data is in good hands
- 5. If stolen report it immediately – Similar to if you had your wallet or phone stolen, you would report it to the police straight away. The same applies to healthcare information. The quicker it is reported, the quicker the data can often be retrieved and the situation handled
Superdrug is a perfect example of a pharmacy here in the UK that is ensuring all team members have completed enhanced data protection training so that patients’ sensitive personal data is handled appropriately. Patient care and information security both need to be high priorities in order for organisations to put their trust in the system, with 79% of people saying it is important for healthcare providers to ensure the privacy of their health records.
A high-quality, professional IT infrastructure will not only act as a safeguard to stop people getting hold of your information; it will also act as a deterrent to keep others out, such as commercial chains who may exploit that data
What’s also important is to make sure your employees know how to handle a data breach. This would allow for a systematic means of follow-up to prevent further exploitation of personal health data.
It was recently revealed that, for the first time, criminal attacks are the number one cause of healthcare data breaches – with this growing by 125% in the last five years – with 91% of healthcare organisations having experienced a data breach.
The study by the Ponemon Institute discovered that cyber criminals recognise two critical facts about the healthcare industry; one being that healthcare organisations manage a treasure trove of financially-lucrative personal information and, two, they currently do not have the resources, processes, and technologies to prevent and detect attacks and adequately protect healthcare data.
We are now seeing online GP services and new technologies like wearable devices driving the digital health revolution to help manage our health in the future
It appears that every time we get closer to a more-consolidated approach, we have issues with the security of such a record system similar to the industry’s recent concerns over pharmacies handling people’s medical records. But, surely, like in the money belt scenario, patient data is far easier to protect in one, consolidated record than if that data is held at multiple sites and in multiple locations.
Putting these strategies in place could help prevent the majority of data thefts and would increase consistency in the handling of breaches, and thus build up citizens’ trust in the NHS. After all, medical records are easier to handle if the NHS has a secure, but consolidated, money belt
