Protecting patient data is patient care
Written by Chief Technology Officer, Dominique Powis. Originally appeared on LinkedIn, reposted here with permission.
Trust is critical to any successful relationship and even more so for healthcare professionals and their patients. At its core, trust is the belief that something is safe and reliable. It’s about having confidence in someone’s ability, and an expectation that they’ll conduct themselves with transparency and integrity.
Typically, trust in healthcare has been primarily based on skills and qualifications – the patient knowing they’re in ‘good hands’. Having confidence in the medical knowledge and expertise of their healthcare professional, on whom they are dependent for their treatment and recovery.
Trust is also connected to the vulnerability of the patient, who often has to disclose their personal history and information about their health. Without trust, the patient may not be inclined to provide all medically relevant information, or even access healthcare services, potentially resulting in incorrect care or no care at all.
A high level of trust between a patient and their healthcare professional can lead to better health outcomes as well. A 2017 study concluded that patients experienced higher satisfaction and more improved health and symptom-related subjective outcomes when they trusted their healthcare professional.
The evolution of patient trust
Has patient trust evolved over the years?
Trust in healthcare professionals remains very high. In a 2019 Ipsos poll, Australians still regarded doctors as the most trustworthy profession.
However, in the era of digital health records, telehealth and wearable devices, trust in technology and the ability for data to be kept secure and private, remains an issue for many people.
High profile data breaches, from Facebook to Microsoft to Victorian hospitals, have brought cyber security front of mind for many people.
All too frequently, unauthorised individuals are gaining access to healthcare data, placing patients at risk. In fact, the health sector remains the highest reporting industry sector (23% of all breaches).
Healthcare is a target for cyber criminals because sensitive personal and medical information holds high value – higher value than credit card details. Stolen health records can be sold to fund criminal activity and facilitate identity theft, blackmail or extortion. Valuable health-related data is generally accompanied by personally identifiable information which can be bought and sold on the dark web.
So, in 2021, I would argue that trust is also gained through the patient knowing their personal information is secure: if I’m going to trust you with my information, I want to be confident that you’re treating it with extreme care – from when I check in at reception, to how you share medical details with specialists, to the clinical software and security framework in your practice.
Traditionally, data hasn’t always been treated as an integrated part of a patient’s wellbeing or safety, but that’s becoming more and more relevant.
Security and confidentiality of patient data is critically important to developing a system of secure doctor-patient communication channels, while secure transmission of results is imperative to the patient experience and the care they are and going to receive.
OAIC’s Australian Community Attitudes to Privacy Survey reports that 70% of Australians consider privacy protection to be a major concern in their lives, with the top two risks identified as identify theft and fraud (76%) and data security and data breaches (61%).
A data breach can negatively impact an organisation’s reputation for privacy protection. If a practice is seen to be mishandling personal information, patients will turn to other options and the resulting reputational damage (and, consequently, loss of income) can be devastating. The latest Digital Trust Index report from identity provider, Okta, found that 49% of Australians surveyed would permanently stop using a company’s services following a data breach.
Convenience cannot be at the expense of trust
In recent years, and particularly during the COVID-19 pandemic, practices have been under a lot of pressure to quickly digitise their patient records, implement telehealth and come up with different ways of engaging with patients that remove the need for traditional face-to-face contact in a clinic.
This has also been driven by consumer demand for greater convenience.
Patients want an online medical system that’s easy to use and offers greater interoperability. 70% of respondents to our 2018 Patient Engagement Survey value ease of use and access to digital health records as extremely important, and almost two-thirds agree that the ability to share information with other health professionals such as specialists is also extremely important.
But there can be serious downsides when adopting any new technology or process quickly. Speed is often seen as the natural enemy of security, and if the risks have not been adequately thought through and addressed, then we are opening ourselves up to potential security issues.
The way forward
For some organisations, cyber security is seen as a negative – another cost, more procedures and new legislation to understand.
But we should look at it differently.
Having a strong and continuously improving cyber security framework in place should be seen as a selling point, a measure of organisational maturity that can differentiate a business in the market place. For a practice, taking data security and privacy seriously demonstrates a clear focus on patient care and wellbeing.
So, how can we keep patient information secure, regardless of the size or resources of the practice?
Technology is one way of protecting information, and here at MedicalDirector, we’ve partnered with cyber security experts to develop MedicalDirector Shield, an all-in-one cyber security solution for practices of any size.
Then there’s what we can do as individuals and teams to protect patient data. Having proper data management procedures in place, maintaining individual secure logins, avoiding suspicious links and downloads, and speaking up if something doesn’t feel right, are simple but effective ways to prevent a serious data breach.
We also need to keep asking questions around data safety and risk, and be satisfied with the answers before we roll out anything new. While building better digital experiences for patients is still a priority, we must do so with a security-first mindset.
To support innovation in a safe and secure way, every participant in our health ecosystem needs to keep data security, privacy and patient confidentiality top of mind. Because if we don’t, we risk losing our patients’ trust, which is the very thing we need to be able to provide patient care.