- # healthcare
How to tackle patient’s privacy and security concerns
Australians demand a secure digital health ecosystem where the protection of their privacy is a top priority. To meet this overwhelming expectation from patients while complying to strict privacy and security laws, healthcare professionals need to be far more proactive in sustaining stricter IT infrastructure measures.
Why security and privacy are everything
According to MedicalDirector’s latest Patient Engagement Survey 2018, conducted in partnership with online appointment and eHealth platform, HotDoc, patients value both privacy and security as a top priority in healthcare.
In fact, when it comes to accessing medical health records, over 90% of respondents agreed both security (availability, accuracy, safety and integrity of data) and privacy (confidentiality and appropriate use of data) are extremely important.
MedicalDirector’s CEO, Matthew Bardsley, stresses an innovative healthcare ecosystem that drives better digital experiences for patients needs to be developed with a security-first mindset.
“We take universal sentiments about security being everything to patients very seriously, which is why we support that innovation through our partner ecosystem, and our solutions leverage the market-leading secure platform Microsoft Azure,” he says.
Protecting the patient experience
According to HotDoc’s CEO and Founder, Dr Hurst, security and confidentiality of patient data is critically important to developing a system of secure doctor-patient communication channels, while secure transmission of results is imperative to the patient experience. This, in turn, means clinics should be careful when selecting a vendor to achieve a more trusted, secure environment in which to communicate with their patients.
“Following the recent Facebook scandal regarding data leakage, patients are unsurprisingly cautious around the transmission of their data,” Dr Hurst says. “If clinics use a provider that stores or securely transmits patient data, they should conduct due diligence to ensure that the vendor is a trusted provider and abides by the latest privacy principles.”
Balancing innovation with data integrity
In addition to a system that respects privacy and security, the research shows patients want an online medical health system that is easy to use, access and offers greater interoperability. In fact, a majority 70% of respondents value ease of use and access to digital health records as extremely important, and almost two-thirds agree that the ability to share information with other health providers such as specialists is also extremely important.
But, while there is a growing appetite for more digital services in healthcare, Bardsley stresses there is need to have a wider ecosystem that supports innovation in a safe and secure way, and keep data security, privacy and patient confidentiality at the top of mind.
“This consumer appetite for more technology in healthcare is encouraging, but we need to balance that with appropriate solutions and security so we keep innovating in a risk-free environment,” Bardsley says. “Effective technology adoption in healthcare requires wider, more broader policies and a robust, secure infrastructure, which is why MedicalDirector works closely with industry stakeholders, the Government and partners to enable that ideal.”
Practical tips to protect your patients' data
To protect your healthcare practice and your patients, review your IT security and ensure you have robust software and procedures in place to protect your computers. Here are some security and privacy tips for healthcare practices.
Install anti-virus protection: and update it regularly
Protect sensitive data: using cloud-based solutions with robust secure storage and backup systems
Educate: your staff and practice on data security and preventing security breaches, including rolling out policies and procedures. Training yourself and your staff to identify unsafe emails and avoid unsafe downloads is good practice.
Manage your passwords: Change them regularly and avoid common passwords that hackers can easily guess. Add two-factor authentication where possible.
Update your software and systems regularly: to stay protected from security threats. Older versions of software may not provide the same level of security as updated versions, potentially leaving your practice data at risk.
Invest in IT infrastructure: The right IT professionals can help set up a robust, secure network for you and your staff.
Use common sense: Read emails carefully and twice before taking action. Think twice before clicking on potentially malicious links in unsafe emails or downloading free software from websites, which are common ways for viruses, malware, trojans or bloatware to infect your computer.
Be careful what you plugin to your computer: Avoid plugging in personal devices, portable hard drives, or flash thumb drives that might harbor viruses.
Prioritise healthcare cloud security: More than ever before, healthcare organisations are taking advantage of the new, compliance-ready, secure cloud environments to extend and distribute their healthcare ecosystem.
Leverage security virtualisation to combat data loss: Healthcare providers now have more options when it comes to adopting virtual appliances capable cutting-edge security capabilities including firewall and advanced security services, data loss prevention, and IPS/IDS.
Monitor and manage data access: New tools around application firewalls and application-centric security allow greater control over data security. At the same time, new security tools can allow you to monitor who is accessing the data, what kind of data is being accessed, and from where.
Give your security framework a health check: Stay proactive with your security framework, tools, and policies. Periodically test out your own systems and ensure your security architecture is evolving at the same pace as digital healthcare demands.
Understand the NDB Scheme: The new NDB scheme, requires entities with obligations to secure personal information under the Privacy Act 1988 to notify individuals when their personal information is involved in a data breach that is likely to result in serious harm.