- Security TWENTY
- Women in Security
The announcement of Dame Fiona Caldicott’s independent review into the protection of patient data has been welcomed as an opportunity for the NHS. FairWarning Inc believes it could help lay the foundations for secure and trusted electronic healthcare, which will enable better patient outcomes. The reputations of hospitals, the trust of patients, and confidentiality of electronic healthcare are at risk as many patient record systems are potentially open to undetectable abuse.
The review was announced by the Department of Health in response to the NHS Future Forum’s recommendation that the balance between the protection and sharing of patient data needed to be addressed. The last major review of the security of patient information dates back to 1997, since when there have been significant changes in the use and deployment of electronic record systems.
The NHS is also undergoing a transformation in which electronic healthcare will become fundamental to every aspect of patient care. At the same time the radical reorganisation of the NHS in England and the abandonment of many aspects of the National Programme for IT are giving local healthcare providers ever-greater responsibility for their own electronic healthcare systems – and for ensuring that they are fully secure.
Kurt Long, Founder and CEO of FairWarning Inc, said: “The review is a truly welcome development, especially under the leadership of someone as widely respected as Dame Fiona. It is great to see the NHS giving a high priority to patient privacy, as this is a mission critical issue. This review could lead to a future in which patient data can be shared securely throughout the NHS, and where the reputations of healthcare providers are not under threat from the constant risk of serious breaches.
“The widespread use of electronic healthcare systems, and the free flow of information, are essential for the sustainable delivery of better outcomes for patients. This can only be successful if clinicians and patients have confidence that sensitive data is secure. Unfortunately, as every hospital CIO and head of IT in England knows, this is far from being the case as many have no effective safeguards in place to stop staff misusing their legitimate access rights to look at patient records.
“Our experience in the UK, and overseas, shows that data theft and abuse are widespread. This is something which is already being addressed very effectively by NHS Scotland. NHS Wales, and certain forward-thinking trusts in England, are also moving forward at some pace. We hope Dame Fiona and her panel will look to NHS Scotland as an example of good practice.
“Unless security is treated as the fundamental underpinning of electronic healthcare systems, there is a clear danger that continuing data breaches will damage public confidence, causing patients and NHS professionals to back away from electronic care.”
An independent, large-scale opinion survey carried out on behalf of FairWarning in the UK showed that patients expect the NHS to keep their details safe, and believe that senior managers should be sacked or fined for serious breaches that were avoidable. A recent EU-sponsored survey found that 83 per cent of Britons regard medical information as highly personal (against an EU average of 74pc). The Information Commissioners Office (ICO) has given notice that it intends to take a tougher stance on breaches. Legislators are also strengthening controls on privacy, with an emphasis on greater rights for patients and consumers.
Clear rules and guidelines are needed on information sharing and privacy in order to help healthcare providers put the right practical measures in place. Encouragement is also required to reinforce a culture of privacy. FairWarning believes that this can only be achieved if all organisations involved with NHS care implement three basic safeguards:
1. Secure electronic communications with patients and carers.
2. Security of data in and across systems.
3. Assurance of only appropriate access to data.
Long said: “The world of electronic healthcare has come a long way since the 1990s, but there is still so much more it can deliver. But, with many tens of thousands of people sharing many millions of pieces of highly personal information daily, NHS IT systems must be secure, and they have to be policed.
“We hope that experts in data security and health record monitoring will be invited to have an extensive input into Dame Fiona’s review. This is vital if privacy and secure sharing of data are to be a reality. As global leaders in the field, having worked with UK and overseas healthcare organisations, having prepared industry white papers and carried out extensive research, we would be happy to offer our expertise to the panel.”
Of particular importance is the need to reappraise the role of the Caldicott Guardians (to which Dame Fiona gave her name) who work within NHS organisations, as they were seen as having a special role with respect to the National Programme. In the new environment they must be able to understand the security issues surrounding IT systems procured locally rather than nationally.
FairWarning adds that it is offering support to UK healthcare providers in tackling security issues. One example is the ‘Is Your Information a Valuable Asset or a Toxic Liability?’ webinar planned for 18 April which will consider a wide range of data security issues, including Electronic Health Record monitoring. The Guest Speaker will be healthcare information governance expert David Stone, Head of Information Governance, Apira. For more information about this webinar visit www.fairwarning.com.