Open Healthcare: how to secure data in an age of patient power (2nd of 3 part blog series)

By October 18, 2018Uncategorized

In our last post, we looked at the scale of the problem that healthcare providers are facing in sharing patient data and how a unified approach could create efficiencies and minimise risk. In this post, we consider how to solve the problem.

Something fascinating is happening in healthcare. Just as Open Banking is revolutionising how we manage our money, the health sector is being transformed by organisations that help people manage their health. We call this Open Healthcare.

For example, we’re seeing in the private health sector, medical advisors acting as patient data brokers. If you’re a high net worth individual, you’ll have a financial advisor. Now, you’ll have a medical advisor, too. And if you’re in Singapore and need access to your health information, but your doctor is in the US? No problem. There are companies springing up providing digital health vaults so you can access your records from anywhere. You can talk to your GP virtually, and get a diagnosis on the phone, or get support for managing a long-term health condition.

And there are specialist healthcare companies who are innovating by turning healthcare on its head. Rather than looking at symptoms and treating them, companies like Medopad are looking at behaviour data of people in order to spot a condition. They’re honing in on structured data in order to deliver preventative healthcare.

This new approach to health makes protecting patient data even more complex – but even more important. Just as banks are opening up our data to new providers to help us manage our money, so our health data is being accessed by third parties (with our consent, of course).

We know that it’s hard enough for doctors to share patient data from within the same hospital. Imagine all that data being transferred between different health providers, and even between public and private companies.

How do you get those systems to operate with each other? And still address the issues we looked at in our first post – of security, and accountability?

We trust the NHS with our data, for now – but will this change?

According to an NHS Patient Data Survey, 77% of adults are confident that the NHS can protect their personal data and health information. More than 70% of respondents said that they’d be happy for the NHS to use their personal information to improve or tailor their healthcare.

But with the opening up of healthcare, that could all change – particularly with an increasing number of data breach reports over the last few years. When you consider that medical professionals still handwrite their notes in 94% of trusts (and around 10,000 patient records were misplaced in 2017), it’s clear that there’s a considerable risk to patient’s data from the current way of working.

No excuse for data security complacency

The Cambridge Analytica scandal had one positive side-effect – it helped to bring data security into the public consciousness. Most people are now far more aware of the risks we take when sharing our data. Our health data is particularly sensitive – and particularly leaky, when you consider the new fitness tracker apps and organisations springing up.

We still need to share data

Simple and speedy data sharing is crucial for the modern healthcare industry. It helps to deliver faster patient outcomes, can provide a clear and concise medical history to help staff collaborate and saves time. More lives are saved when data is shared quickly.

But this needs to be balanced with the need to adhere to regulatory requirements. As NHS England’s national director of operations and information, Matthew Swindells, has said, there needs to be a balance between the secure storage and transmission of data and the ability to collaborate across the NHS. If the security measures are too complex, data sharing can become a chore rather than something that makes a healthcare worker’s job easier.

The biggest cause of data security issues is, of course, human error – and it’s almost impossible to legislate against. We need good tools to support us.  Every time we create hardcopies or virtual copies of files and documents we increase the risk of data getting misplaced. Every time we send those documents out to other people, there’s a massive risk that, accident or no, that data will leak or get into the wrong hands.

ICO figures show that in Q4 2017-18, there was a 21% increase in data security incidents in the health care sector, which followed a 22% increase in Q3 from Q2 2017. The top three causes of data security incidents were:

  1. People posting or faxing data to an incorrect recipient
  2. People losing or stealing paperwork
  3. People emailing data to the wrong recipient

To improve data security, healthcare providers in both public and private sectors need to work together to develop a solution that is both easy to use and gives them a way to share information securely – not just internally, but between organisations

It’s an area that Pushfor is increasingly being asked to support. We create a way for organisations to provide controlled access to information. The content sits securely with the organisation, it then ‘pushes’ the content out to recipients via a channel. The organisation’ retains control of the content and controls access rights. It’s as simple and intuitive to use as WhatsApp and exceeds necessary data protection requirements as the technology is “secure by design”.

Stay tuned for the final post of this blog series that discusses the need for collaboration to deliver a radical new approach to health technology.