Data protection and IT security are two important areas that doctors, nurses and therapists need to deal with, even if that does not fall into their field of expertise. In today’s blog article, we are focusing on data protection in the health care sector. In a later post, we will look more closely at the digital threats that hospitals and other medical facilities are exposed to - keywords: IT security in hospitals and the prevention of cyber-attacks.
Legal regulations on data protection in the health care sector
Data protection means the protection of the people about whom data is collected and processed, according to the principle of letting them decide who is allowed to know what. Actually, quite simple one would think, and yet it is a very complex area, which is regulated by numerous laws.
In Germany, it is the Federal Data Protection Act. Each country has their own laws to regulate the protection of personal data: in the US, it is the Health Insurance Portability and Accountability Act (HIPAA), in the Netherlands it is Wet Bescherming Persoonsgegevens (Data Protection Act), and in the United Kingdom the Data Protection Act.
When the General Data Protection Regulation (GDPR) comes into force in May 2018, these national laws will be made obsolete and the GDPR will regulate the data protection of all EU citizens. It will apply to companies and institutions inside and outside the EU that manage data concerning EU citizens. In the case of wrongdoing, penalties of millions of dollars might be enforced – even against medical facilities.
Data Protection in Health Care
But how is our data dealt with in practice? Doctors, whether they are general practitioner in the suburbs or the head physician in a private clinic or the state run health care provider - they all deal with large amounts of data every day, which can always be identified to a person. Chip cards and electronic data exchange are used every day in the health care system.
Because patient records are classified as data with increased protection requirements, they must be handled with particular care and need to be protected (from any unauthorized access). The records contain name, address, date of birth, health insurance number, diagnoses, laboratory results, drug dosing and treatment recommendations. In order to analyze them, evaluate them and suggest follow-up treatment, they are passed on inside and outside of medical institutions. It is sensitive, personal information, which patients would not want to show to anyone and would by no means send by postcard.
However, this happens in many cases with patient data during the electronic data exchange. The reasons are often lack of knowledge or uncertainty in dealing with the processing of (electronic) data. In addition, there are no or not precisely defined compliance guidelines and often a lack of suitable tools. Where does that leave data protection, let alone the medical confidentiality?
How to exchange data of patients safely and in a compliant manner
Personal data such as medical records, medical evidence and treatment recommendations, which need particular protection, can be exchanged with Cryptshare in a simple, secure and compliant manner. The solution supports numerous healthcare institutions around the world helping to design their electronic communications procedures securely, simply and above all according to the compliance guidelines, specifically through:
- E-mail encryption
- User defined data classification with organisation designed policies
- Encrypted data transfer
- Logging of all transfer steps
- Control of exchanged data
- Virus scan for transfers
The secure exchange of extensive sensitive data can be made simply and safely, in practice, in accordance with legal requirements.