October 17, 2019

GDPR & Healthcare: Protecting More than the Health of Patients

The healthcare sector handles some of the most sensitive personal data, and patients have the right to expect that their information will be looked after. Following numerous high-profile breaches, organisations in the healthcare sector have come under increasing scrutiny when it comes to information security – particularly due to nature of the data being processed. From highly sensitive paper prescriptions, to confidential information disclosing patient addresses and medical records – private practices and pharmacies must take extra precaution when it comes to preventing a data breach and protecting their patients.

To date, the healthcare sector has been fined over £1.5 million for serious breaches involving patient data security failings. Bupa Insurance Services Limited were one such private healthcare specialist who were recently fined £175,000 by the ICO for failing to have effective security measures in place to protect the personal information of their patients.

But despite the high costs of a security breach, ICO statistics show that the healthcare sector reports more breaches than any other – and the numbers are increasing!  Medical professionals need to understand their obligations when it comes to confidential waste disposal and information security in order to protect more than just the health of their patients.

To help ensure the sensitive information of your patients is protected – and to ensure you don’t fall victim to the crippling fines handed out by the ICO – here are some best practices to prevent a data breach at your healthcare practice or pharmacy.
Think compliance: Engage with your local governing body and staff to ensure everyone is aware of the requirements specific for your healthcare practice or pharmacy.

Document the data you hold: Start by documenting your internal systems and identifying where personal data is stored in both physical and online files. Create a list of the software used across your practice and check with the suppliers that they’re GDPR compliant and what data they are extracting from your users.

Communicating privacy information: Upload an updated privacy policy to your website and circulate the latest policies to staff. If you have the appropriate software, you can check these are seen and acknowledged via tracking tools.

Protect it: Use a document management process so all data is secured from creation to disposal. Remember to think about paper-based documents as well as digital records.  A retention policy should identify which documents must be kept and for how long. Mark records in storage with their destruction dates.

Increase cyber security: Prevention and detection tools are critical. Keep everything up-to-date and password protected. In the case of a data breach, have a response plan in place and be ready to effectively and efficiently manage a security breach. Practice disaster and recovery plans and always back up digital information.

Record data breaches: If a data breach occurs, you need to establish the likelihood and severity of the resulting risk to people’s rights. If it’s likely that there will be a risk, you must notify the ICO. Secondly, track and record data breaches. Provided breaches are recorded and you can show evidence data wasn’t accessed, you will avoid fines.

Destroy it: Have a formal procedure for the secure destruction of documents containing sensitive information or introduce a Shred-it-all policy so that all documents are securely shredded. Partner with a company that provides a secure chain of custody and a documented process for both paper and hard drives and e-media destruction.

Start Protecting Your Practice

We protect what matters – and what matters to Shred-it is the security of your healthcare practice or pharmacy. To learn more about how we can protect the paper-based sensitive information of your patients, contact us for a no obligation free Data Security Survey and quote.  

Our Data Security Survey is a crucial first step to ensure vulnerable areas of your organisation are identified. Our team can provide efficient, expert recommendations on how to reduce the risk of a data breach and help keep your healthcare practice or pharmacy.