Protecting patient privacy, data and health information to meet industry requirements
By Sara Jost, Global Healthcare Industry Lead, BlackBerry
The Office of the Australian Information Commissioner (OAIC) has just reported that the healthcare sector suffered the most data breaches in its first Quarterly Statistics Report since the Australian Mandatory Breach Notifications scheme came into effect (February 22, 2018). With digitisation already transforming the entire healthcare sector at an accelerating pace, untreated cybersecurity vulnerabilities pose an acute threat to patient outcomes.
Paramount to the success of the digital healthcare age – and to building a sustainable healthcare system in a more mobile world – is opening the doors to increased information sharing among healthcare professionals and organisations. However, as workforces mobilise and new technologies are adopted, how secure are those digital healthcare systems that are sharing and holding valuable personal data and intellectual property?
Last year, the Australian government released the National Digital Health Strategy, which is an important step towards delivering better care for citizens. Initiatives such as My Health Record and the pharmacy profession’s intention to improve data sharing schemes are also positive steps towards deriving meaningful health benefits and operational efficiency from the massive amount of health data generated every day.
There is no question that technology helps save and improve lives – but as innovation advances and data is created, there are major challenges to overcome. In an increasingly complex and active cyber threat landscape, those fundamentals include ensuring patient’s health information is protected, and complying with strict security and privacy regulations both locally and internationally.
How to accelerate innovation in a regulated environment
According to consulting firm PwC, one of the major issues defining the healthcare industry in 2018 – and presumably well into the future – is cybersecurity. In 2017 alone, we saw some of the biggest breaches in the healthcare industry to date, and this will continue to escalate for as long as the industry is at its most vulnerable.
Imagine the consequences of a large hack in the pharmacy industry. This might include accessing and changing prescriptions, or stealing big pharmaceutical companies’ IP to copy medications for the black market. At worst, people could fall seriously ill or die; and the profession’s reputation would be damaged significantly.
To safeguard information and protect patients’ health information, new local and international regulations are being enforced by governments, and starting to illustrate the extent of the problem.
In May, Europe’s General Data Protection Regulation (GDPR) will also come into play, requiring organisations around the world holding data from EU citizens to know where all their data is at any time.
This will have further implications for the healthcare industry, and complying with regulations will prove challenging for many organisations who are amid managing an explosion of data.
There is no question that a breach is inevitable, whether you are a large pharmaceutical laboratory, or a small pharmacist counter. Today, the question should be: if your organisation is breached, are you prepared and do you have the systems and steps in place to act?
The reality is that investing in information security, along with training and staff procedures – is just as important as investing in that latest drug or medical device.
Protecting patients’ privacy, foster collaboration and data sharing
To meet patient and industry requirements, it is critical the pharmaceutical industry goes on the offensive to proactively maintain the privacy of patients’ records, and put solutions in place that will empower them to secure and manage increasing volumes of data, while remaining compliant with regulations.
How? By securing information at every layer (network, device and software).
Only comprehensive ‘Unified-Endpoint-Management’ (UEM) strategies, with data encryption at the core, can truly achieve that. Organisations need to consider UEM capabilities to enable the secure management of wearables, as well as secure management policies and controls that secure both traditional mobile device platforms and new forms of devices.
They also need to deploy encryption capabilities to ensure every piece of data generated, received and shared cannot be compromised – even in the case of it being lost or stolen by hackers.
Fostering information sharing while protecting patients’ data and privacy will ultimately empower medical teams to better collaborate, advance research, improve diagnosis, and improve organisational efficiencies by doing more with less.
Leading Australian institutions such as Melanoma Institute Australia are showing the way for other organisations, using patient’s data and medical records to advance research and innovation in healthcare, while meeting government compliance requirements.
Putting the systems and procedures in place to deliver a ‘healthy’ and secure digital healthcare system will help protect patient health information and support medical innovation by removing barriers to collaboration. This will ultimately build more trust in the Australian health system and generate better outcomes for both healthcare professionals and patients.
Sara Jost is the Global Healthcare Industry Lead at BlackBerry. BlackBerry is a cybersecurity software and services company with a standard of security that manages the Enterprise of Things.
Its BlackBerry Secure platform helps customers to protect all end-points (devices, software and networks) in industries including healthcare, government, manufacturing, financial services and automotive.