The importance of securing healthcare data
To protect patient confidentiality securing healthcare data is crucial Image: Photo by National Cancer Institute on Unsplash
Listen to the article
- With healthcare becoming increasingly digitalised securing healthcare data is paramount.
- Yet, the mishandling of patient data is not uncommon. Cybersecurity healthcare attacks that affected individuals tripled from 14 million in 2018 to 45 million in 2021.
- Stringent rules and regulations must be put in place to secure sensitive patient data.
There have been exponential advances in the use of technology in health and healthcare over the last few decades. The medical fraternity has leveraged technology in various ways, including imaging techniques for diagnosis; electronic health records; robotics in surgical procedures; telehealth to diminish barriers and boundaries between patients in terms of distance and time; and, wearables to monitor individuals’ health. The use of open data sources is also instrumental in the field of genomics, where data related to genetic makeup, biomarkers and bioinformatics is used to derive better therapeutic solutions.
As healthcare continues to dive deep into technology and its various branches, such as artificial intelligence (AI), machine learning (ML) and big data, how we use that data and secure it becomes much more pertinent. One such area where data security becomes a key concern is where hand-written data is replaced with electronic health records to maintain the constant flow of patient-related data: personal information, diagnosis, treatment and follow-ups. These repositories are mostly on open-source platforms that can be easily accessed and downloaded. With this ease of access to patients’ information, it becomes all the more important to secure their data to avoid mishandling of private and sensitive information.
How is the World Economic Forum ensuring the responsible use of technology?
The data spectrum model
The data spectrum model by the Open Data Institute demonstrates how data – whether it be small, medium or large, or owned personally, commercially or by government – can be used and reproduced depending on the way that data is licensed.
Mishandling of patient data occurs in various ways. This can include a security breach that may lead to malicious cyberattacks on health information websites and open sources; de-anonymising patients’ personal information and diagnosis; commercialisation of the data; and, sharing patient data for illegal purposes. Confidential patient data falling into the wrong hands can lead to unwanted and adverse outcomes. It was found that the number of individuals affected by cybersecurity attacks in healthcare had tripled from 14 million in 2018 to 45 million in 2021, up from 34 million in 2020.
Balancing data sharing with data protection
As the world advances towards digitalised health services and platforms we must explore how closely data sharing and data protection can function together. In a paper discussing privacy and security implications of open data sources in healthcare, the Open Source Working Group of the International Medical Informatics Association concluded that service providers need to find a balance between data security, data openness and citizen data rights. Such cases help us to focus attention on important ethical questions. Strong opinions need to be traded against the other in a dialectical process in which all data stakeholders are sufficiently represented.
Methods for securing healthcare data
Several methods can be employed to secure patient data on health repositories. While consent and assent of the patient are mandatory, the ways in which data can be secured and stored safely include: end-to-end encryption/ data encryption; use of a virtual private network while accessing patient records; changing passwords frequently to avoid hacking into an account; and, implementing two-factor authentication for health professionals while accessing records
Regulating medical data
Many countries have adopted data standards to ensure data safety and security of patients, such as HIPAA (The Health Insurance Portability and Accountability Act). HIPAA is a U.S. federal law that allows individuals to control how their information is used and ensures that data is stored, transmitted and received safely and securely. European projects implement GDPR (General Data Protection Regulation) to restrict access and prevent data leakage. This includes strong password hashing algorithms and internal security reviews amongst others.
The Ministry of Health and Family Welfare’s e-Health division in India recommends an Electronic Health Records Standards for India. This advocates data privacy and security standards to ensure that sensitive patient data is not inappropriately used, disclosed, accessed, altered or deleted.
Digitisation in health is necessary and progressing rapidly, so it is important to set in place proper rules and regulations to secure sensitive data and prevent any data leakage that will trigger a domino effect in the form of various malpractices.
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
Stay up to date:
Healthcare Delivery
The Agenda Weekly
A weekly update of the most important issues driving the global agenda
You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.
More on Health and Healthcare SystemsSee all
Emma Charlton
November 29, 2024