Are you protecting your patient’s health records?
As digital transformation increasingly becomes a part of everyday healthcare, patient data security and privacy remain critical concerns for both patients and healthcare providers in Australia.
Protecting the patient experience
According to MedicalDirector’s latest Patient Engagement Survey 2018, conducted in partnership with online appointment and eHealth platform, HotDoc, patients value both privacy and security as a top priority in healthcare.
In fact, when it comes to accessing medical health records, over 90% of respondents agreed both security (availability, accuracy, safety and integrity of data) and privacy (confidentiality and appropriate use of data) are extremely important.
Meanwhile the Medical Board of Australia’s Good Medical Practice Code of Conduct confirms all medical professionals have a fundamental duty to ensure medical records are held securely and are not subject to unauthorised access. Medical professionals must also respect patients’ right to access information contained in their medical records and facilitating that access.
MedicalDirector’s CEO, Matthew Bardsley, stresses an innovative healthcare ecosystem that drives better digital experiences for patients needs to be developed with a security-first mindset.
“We take universal sentiments about security being everything to patients very seriously, which is why we support that innovation through our partner ecosystem, and our solutions leverage the market-leading secure platform Microsoft Azure,” he says.
HotDoc’s CEO and Founder, Dr Hurst, agrees, and stresses security and confidentiality of patient data is critically important to developing a system of secure doctor-patient communication channels, while secure transmission of results is imperative to the patient experience. This, in turn, means clinics should be careful when selecting a vendor to achieve a more trusted, secure environment in which to communicate with their patients.
“Following the recent Facebook scandal regarding data leakage, patients are unsurprisingly cautious around the transmission of their data,” Dr Hurst says. “If clinics use a provider that stores or securely transmits patient data, they should conduct due diligence to ensure that the vendor is a trusted provider and abides by the latest privacy principles.”
Be compliant-ready
The new NDB scheme, requires entities with obligations to secure personal information under the Privacy Act 1988 to notify individuals when their personal information is involved in a data breach that is likely to result in serious harm.
It’s also important to stay on top of patient privacy laws: The OAIC’s patient privacy factsheets outline a number of key points you need to know about patient rights to their health information.
Understanding healthcare cloud security
More than ever before, healthcare organisations are taking advantage of the new, compliance-ready, secure cloud environments to extend and distribute their healthcare ecosystem.
This because cloud-based healthcare technology has evolved leaps and bounds compared to traditional server-based infrastructure, meaning healthcare providers are able to control the ebb and flow of sensitive data across multiple devices using one, robust software solution.
Security virtualisation and data loss
Healthcare providers now have more options when it comes to adopting virtual appliances capable cutting edge security capabilities including firewall and advanced security services, data loss prevention and IPS/IDS. Meanwhile new VM-based security solutions allow you to monitor internal traffic and integrate with APIs to let you proactively manage VM changes dynamically.
Is your health software updated?
Having the latest healthcare applications are absolutely critical when it comes to combatting security breaches, and prudent healthcare providers and practice managers need to ensure all software systems are updated regularly.
In fact, one of the main reasons for installing the latest update is to stay protected from security threats. Older versions of software may not provide the same level of security, potentially leaving your practice data at risk.
For more complex updates, you will need to speak to your software solution provider to ensure all updates are carried out on time and seamlessly, while ensuring all sensitive data is protected.
Monitor and manage data access
New tools around application firewalls and application-centric security are now allowing healthcare providers to have greater control over data security. At the same time, new security tools can allow you to monitor who is actually accessing the data, what kind of data is being accessed and from where. This is particularly crucial in the age of cloud-based mobility and IoT application access.
Give your IT framework a health check
In the age of ransomware, government data breaches and bolder, more nimble attackers, there’s no room for data management complacency in healthcare. In order to ensure sensitive data remains protected, it’s critical to constantly stay proactive with your security framework, tools and policies.
Periodically test out your own systems and ensure your security architecture is evolving at the same pace as digital healthcare demands. The right IT professionals can help set up a robust, secure network for you and your staff.
Educate your team
Take time to train your practice team on data security and preventing security breaches, including rolling out policies and procedures. Training yourself and your staff to identify unsafe emails and avoid unsafe downloads is good practice.
Use common sense
Manage your passwords, change them regularly and avoid common passwords that hackers can easily guess. Add two-factor authentication where possible.
Read emails carefully and twice before taking action. Think twice before clicking on potentially malicious links in unsafe emails or downloading free software from websites, which are common ways for viruses, malware, trojans or bloatware to infect your computer.
And be careful what you plugin to your computer, avoid plugging in personal devices, portable hard drives, or flash thumb drives that might harbor viruses.