GDPR: whilst it should never have been viewed as a tick box exercise, this week a few companies felt the effects of the legislation. If you thought your Monday was dragging, put yourself in the shoes of the staff at British Airways who, on Monday, received notice of a £183m fine coming their way from the ICO in relation to last year’s data breach. Just as the dust was beginning to settle on that news on Tuesday, the UK’s watchdog announced another fine of £99.2m, headed the way of Marriott International for a separate breach. In light of this, it got us thinking – could your clinic survive a fine for a data-protection breach and have you done everything possible to reduce the potential of this happening?
Data breaches come in all shapes and sizes. We are always going to be more likely to hear about the largest breaches, the ones that affect global brands with a huge pool of customers. The news love to tell stories of ones that involve hacking to exploit vulnerable systems or lock down IT servers. Those are the ones that make the headlines, generate the clicks and rack up page views. But plenty of breaches aren’t large enough to make the news or occur from simple internal errors. So, what are the most common breaches in clinics and private practices?
Time for the shredder to retire
According to a recent survey, unsurprisingly, paper records make up the most common location of data breaches in both private practices and hospital clinics. I’m sure we don’t have to explain how this is possible and the heightened risk associated with still using paper records for patient files and treatments. The chances are you might even have left some records laid around by accident and what if these got into the wrong hands?
Thankfully this is an easy risk to mitigate by moving to a digital notes solution. The ideal solution should store all of your data within the EU or UK for GDPR compliance reasons and should also allow your patients to sign forms digitally using eSignature. That way you won’t have to print off forms for scanning and can move to a completely digital setup for patient records.
Software and storage breaches
The second most common type of breach is due to poor security, either in storage or from a third-party software provider. Unfortunately, you can spend huge amounts of time and resources ensuring your clinic is compliant with legislation and all risks have been reduced however, if you are using Google Drive to store patient records or your practice management system company haven’t done everything to ensure security on their end then you could still be at risk.
Ideally, your clinic should be running a practice management system that has back-up servers (which are ISO certified) to protect the storage of your data. They should continually be on the pulse with security updates and changes and the system should give you the comfort of knowing everything has been done to protect both you and your patients.