The importance of securing healthcare data

There have been exponential advances in the use of technology in health and healthcare over the last few decades. The medical fraternity has leveraged technology in various ways, including imaging techniques for diagnosis; electronic health records; robotics in surgical procedures; telehealth to diminish barriers and boundaries between patients in terms of distance and time; and, wearables to monitor individuals’ health. The use of open data sources is also instrumental in the field of genomics, where data related to genetic makeup, biomarkers and bioinformatics is used to derive better therapeutic solutions.

As healthcare continues to dive deep into technology and its various branches, such as artificial intelligence (AI), machine learning (ML) and big data, how we use that data and secure it becomes much more pertinent. One such area where data security becomes a key concern is where hand-written data is replaced with electronic health records to maintain the constant flow of patient-related data: personal information, diagnosis, treatment and follow-ups. These repositories are mostly on open-source platforms that can be easily accessed and downloaded. With this ease of access to patients’ information, it becomes all the more important to secure their data to avoid mishandling of private and sensitive information.

The data spectrum model by the Open Data Institute demonstrates how data – whether it be small, medium or large, or owned personally, commercially or by government – can be used and reproduced depending on the way that data is licensed.

Mishandling of patient data occurs in various ways. This can include a security breach that may lead to malicious cyberattacks on health information websites and open sources; de-anonymising patients’ personal information and diagnosis; commercialisation of the data; and, sharing patient data for illegal purposes. Confidential patient data falling into the wrong hands can lead to unwanted and adverse outcomes. It was found that the number of individuals affected by cybersecurity attacks in healthcare had tripled from 14 million in 2018 to 45 million in 2021, up from 34 million in 2020.

As the world advances towards digitalised health services and platforms we must explore how closely data sharing and data protection can function together. In a paper discussing privacy and security implications of open data sources in healthcare, the Open Source Working Group of the International Medical Informatics Association concluded that service providers need to find a balance between data security, data openness and citizen data rights. Such cases help us to focus attention on important ethical questions. Strong opinions need to be traded against the other in a dialectical process in which all data stakeholders are sufficiently represented.

Several methods can be employed to secure patient data on health repositories. While consent and assent of the patient are mandatory, the ways in which data can be secured and stored safely include: end-to-end encryption/ data encryption; use of a virtual private network while accessing patient records; changing passwords frequently to avoid hacking into an account; and, implementing two-factor authentication for health professionals while accessing records

Many countries have adopted data standards to ensure data safety and security of patients, such as HIPAA (The Health Insurance Portability and Accountability Act). HIPAA is a U.S. federal law that allows individuals to control how their information is used and ensures that data is stored, transmitted and received safely and securely. European projects implement GDPR (General Data Protection Regulation) to restrict access and prevent data leakage. This includes strong password hashing algorithms and internal security reviews amongst others.

The Ministry of Health and Family Welfare’s e-Health division in India recommends an Electronic Health Records Standards for India. This advocates data privacy and security standards to ensure that sensitive patient data is not inappropriately used, disclosed, accessed, altered or deleted.

Digitisation in health is necessary and progressing rapidly, so it is important to set in place proper rules and regulations to secure sensitive data and prevent any data leakage that will trigger a domino effect in the form of various malpractices.