3 Challenges to Protecting Patient Data

A patient’s medical data may contain some of the most highly sensitive information possible. And while there are legal provisions for medical professionals to share this information for clearly specified purposes, if it were to end up in the wrong hands the consequences are serious.   New technology makes information sharing simpler than ever but also carries inherent risks — so this means that there may always be a place for traditional paper records. Here are three current challenges to protecting patient data that medical professionals must overcome.

The Data Protection Act 1998 provides the current UK regulatory framework for ensuring personal information is protected. But it will be superseded in part by the EU General Data Protection Regulation (GDPR) which comes into force in May 2018.

This new legislation means that all organisations will be held to a higher standard of accountability.

And it clearly enshrines an individual’s right to request that information held by data controllers is provided to them upon request — and to a tighter timescale than is currently the case for Subject Access Requests.
So medical establishments must ensure that systems are embedded that allow patient information to be easily located and collated.

Recent large-scale cyberattacks to Britain’s NHS are well-documented — but the vulnerabilities of healthcare systems present a global problem.
Theresa Meadows manages cybersecurity for 7,000 employees in medical facilities across Texas.

She recognises that as hospitals migrated patient paper records to electronic systems, their cybersecurity provisions didn’t keep pace with increasingly sophisticated threats.

And that means that hackers can not only delete or destroy records, but potentially shut down lifesaving medical equipment.
There seems to be little financial gain for hackers determined to disrupt medical facilities — organisations like the NHS have backup systems that can aid recovery.

Digital Transformation Consultation

But some observers speculate that healthcare has become a target because it’s part of any nation’s critical infrastructure— disruption causes chaos and also offers gateways into targets like transportation in the wider network.
So, fully integrating cybersecurity into existing IT strategies could help hospitals combat attacks in the future.

Paper records
A successful and sustained attack on electronic record systems could mean that some patients’ medical records are lost permanently. So it’s wise for medical facilities such as GP surgeries to retain some paper records and ensure that they’re stored safely and securely.

This might mean going back to basics and investing in simple physical storage solutions like cabinets with lockable drawers. And when a patient requests their personal information as part of a Subject Access Request, they’re entitled to physical as well as electronic records — so efficient physical storage is still essential.

Staff should also ensure that their policy for the retention, sharing and destruction of patient’s records is legally complaint.And data controller organisations should be sure that contracts with external data processor firms clarify the remits and responsibilities of both parties.

Most medical organisations are well aware of the importance of protecting patient data. But advances in technology, as well as more stringent regulations, mean challenges are constantly evolving.

Is your data protection policy robust? Share your advice in the comments section below.

Arrange a Conversation 


Article by channel:

Read more articles tagged: Featured, GDPR