Rune Mehlum of EMC gives his top tips for protecting patient data in the healthcare sector
Rune Mehlum, industry lead for healthcare at EMC, explains how the sector can learn from master pickpockets when it comes to protecting patient data
When travelling, people use a range of different strategies to reduce the risk of pickpocket theft. One is to place cash and valuables in different locations around their bodies and clothing – to spread the risk. Others prefer to keep all their valuables in one place – like a moneybelt – where they can keep an eye on them.
When it comes to protecting healthcare data, the options are much the same.
It was recently revealed that, for the first time, criminal attacks are the number one cause of healthcare data breaches – with this growing by 125% in the last five years – with 91% of healthcare organisations having experienced a data breach
We often have our health records spread out across multiple hospitals, paper archives, your GP’s PC etc, each with differing levels of security and, as such, prone to interception at each point along the way.
The other option is to have a centralised architecture, perhaps even cloud-based, for our national health records, utilising best-of-breed security technologies such as intrusion detection systems, audit trail logging, 24/7 monitoring, back-ups and so forth. The question is, is data easier to protect in a consolidated health record - the money belt equivalent - or when held in a range of different locations?
Couple this with the recent news that high street pharmacies will be given access to NHS medical records, which is set to be rolled out in the next few months; and it’s no surprise that patients are worried about the privacy of their sensitive data. Campaigners are also already voicing their concerns over data privacy as medical confidentiality is currently corroding trust in the NHS.
There is a strong case for integration and for one, consolidated health record. Although we currently lack the political and legal support for this at a national level, the good news is that we are heading in the right direction. We are now seeing online GP services and new technologies like wearable devices driving the digital health revolution to help manage our health in the future.
For those wanting to get it right, here are my top five tips to avoid becoming a target for pickpockets in the healthcare arena:
Superdrug is a perfect example of a pharmacy here in the UK that is ensuring all team members have completed enhanced data protection training so that patients’ sensitive personal data is handled appropriately. Patient care and information security both need to be high priorities in order for organisations to put their trust in the system, with 79% of people saying it is important for healthcare providers to ensure the privacy of their health records.
A high-quality, professional IT infrastructure will not only act as a safeguard to stop people getting hold of your information; it will also act as a deterrent to keep others out, such as commercial chains who may exploit that data
What’s also important is to make sure your employees know how to handle a data breach. This would allow for a systematic means of follow-up to prevent further exploitation of personal health data.
It was recently revealed that, for the first time, criminal attacks are the number one cause of healthcare data breaches – with this growing by 125% in the last five years – with 91% of healthcare organisations having experienced a data breach.
The study by the Ponemon Institute discovered that cyber criminals recognise two critical facts about the healthcare industry; one being that healthcare organisations manage a treasure trove of financially-lucrative personal information and, two, they currently do not have the resources, processes, and technologies to prevent and detect attacks and adequately protect healthcare data.
We are now seeing online GP services and new technologies like wearable devices driving the digital health revolution to help manage our health in the future
It appears that every time we get closer to a more-consolidated approach, we have issues with the security of such a record system similar to the industry’s recent concerns over pharmacies handling people’s medical records. But, surely, like in the money belt scenario, patient data is far easier to protect in one, consolidated record than if that data is held at multiple sites and in multiple locations.
Putting these strategies in place could help prevent the majority of data thefts and would increase consistency in the handling of breaches, and thus build up citizens’ trust in the NHS. After all, medical records are easier to handle if the NHS has a secure, but consolidated, money belt