For a paperless National Health Service, education will be a first line of defence, writes Stephen Midgley, Vice President, Global Marketing at Absolute Software.
Recent news from Pulse revealed that hospital data breeches have risen by 20 per cent this year. As a public service, the health sector supports over a million patients each day, and this responsibility includes the protection of any confidential patient information. This news will be particularly unwelcome for those at the NHS who aim to have the service completely paperless by 2018 as many start questioning how safe sensitive data will be under the new system.
With tablets and mobile phones fast becoming an integral feature of the private sector, it won’t be long before a tablet is just as associated with a doctor as the stethoscope. This evolution in technology will no doubt grant staff and patients a great deal more flexibility. With health records available at the touch of a button, patients have the flexibility to visit a GP anywhere in the country, or during a case of an emergency, medical staff will have access to vital patient information within seconds. There is no doubt that a paperless system would create a more fluid mode of communication within the NHS, and in turn a more efficient service.
However, with freedom comes responsibility and the NHS has a big challenge on its hands to ensure that they are fully prepared for the challenges ahead. While many are willing and enthusiastic about the benefits of a paperless NHS, it would appear that not all are prepared for such a transition, especially when it comes to the security issues and precautions that would be involved. We recently published research on the growth of mobile devices in healthcare, and it highlighted some worrying trends. Out of 600 medical leaders surveyed, 74% said they had definite plans to expand the role of IT in their hospitals, yet only 47% said that they had addressed the important consideration of security and privacy. While IT decision makers are more than enthusiastic when it comes to an overhaul of this nature, it is those on a ground level that will be tasked with using the new systems on a day to day basis. Doctors, nurses, receptionists, and other health service staff will be placed on the front line of protecting sensitive patient data and information, and it is therefore essential that they receive adequate training for such a responsibility.
For a transformation of this kind, the NHS must take a proactive approach to become fully equipped for any possible security issue that may arise. The most key aspect of this proactive approach lies in the education and training across the NHS and its staff. In the private sector there are far too many examples of a data breach occurring because of a lack of training and wider understanding of the potential security risks of mobile working – it is this type of data outage that the NHS simply cannot afford to let happen. Medical, nursing, and other healthcare related degrees include modules regarding the organisation of patient data, but should such a change in the NHS take effect we could see this attention shifting towards more comprehensive IT skills. While IT is now part of the national curriculum, it is going to have to become more than just a ‘desirable skill’ for those seeking to work in the health sector.
The government has begun to recognise the need to invest in IT skills, but what is needed is a wider education initiative to help health sector staff understand the devastating impact of a data breach. With the ‘human factor’ being the weakest link, training and education needs to become a priority. This starts with a comprehensive cyber and data policy, and leadership from the top. Staff will have to be the first line of defence when it comes to IT security, and this will only be achieved if each and every person fully understands the potential consequences of lax protection. In addition to this, the NHS will have to make sure that it implements a robust device and data management solution. If a device is lost, stolen or otherwise abused, the IT team has to be in a position where it can manage the problem. Whether it is remotely wiping data on a stolen device, or ensuring that all mobile hardware is fully patched and operating correctly, this is vital to supporting the efforts of NHS staff to protect patient data.
The plans for a paperless NHS by 2018 have been met with as much scepticism as optimism, and in an age where everybody is paranoid about identify theft and confidentiality these plans will be scrutinised by the public and the government for any mistakes. If this first line of defence is weak or non-existent, how can patients have any trust in practitioners or the prospect for a paperless system? Ultimately, questions will continue to be asked on whether the NHS will win the battle against data breaches until education is put in as the first line of defence.
