How to manage healthcare data securely
With discussions about rolling out vaccine passports and the recent news that England's NHS is set to share people's medical records with third parties, there are more concerns around data privacy than ever before.
Here Jackson Shaw, Chief Strategy Officer at Clear Skye, a developer of identity governance software, tells us about the steps healthcare organisations can take to manage data securely.
Which are the greatest challenges healthcare providers face in terms of managing data and security?
The greatest challenges are ensuring that they do not run afoul of the many regulations related to data security like HIPPA, PII, GDPR, and related laws. In a sense, these rules have forced many providers to implement more secure practices when it comes to handling data, but it hasn’t necessarily armed them with the tools to do so in an effective way.
For example, many healthcare organisations still manage access and privileges through very manual, resource-heavy, siloed processes, which can be both inaccurate and inefficient. The best way to mitigate these compliance challenges is to automate wherever possible. Not only do you free up IT staff for more mission-critical projects, but you gain a more cohesive, streamlined view of security posture throughout an entire organisation.
As healthcare increasingly goes digital, how do you see this evolving?
As more organisations migrate workloads to the cloud it is increasingly important that they understand how access to their data will change and the new security threats that may emerge.
In addition, the advent of remote and hybrid work models, telehealth and virtual appointments, and electronic medical records (EMR) are the new “open doors” to your business assets. Enabling proper access and security for patients, contracts, employees — all of whom may be remote — is of paramount concern.
What are your top tips for healthcare providers to keep data secure?
Healthcare providers need to protect themselves from both unauthorised and authorised access to their data and systems. To safeguard against external threats (hackers), organisations should store all data in an encrypted format wherever that data is located — the cloud, on-premises or in the possession of a SaaS provider(s) you might be using.
To best protect against insider threats, it’s important that strong controls are in place to monitor access to systems, promptly remove access to systems when authorised individuals leave the company or change positions and no longer require access to systems or data that are no longer part of their job.