The current big data project for the NHS is the creation of the care.data database. This single database containing everyone’s medical data is highly visible and highly sensitive. It has sparked massive debate about the database’s purpose and accessibility and how Joe Public’s confidential and highly sensitive records will remain ultra secure.
These concerns are not surprising given the type and quantity of data. The more data there is and the more sensitive it is, the bigger the bang given a security breach or fraudulent behaviour.
Even after years of development and compliance with regulations and legislation, the number of news stories about security breaches in both the public and private sectors never seems to abate. In recent years several NHS Trusts have been found in breach of the Data Protection Act. One Trust discovered that their hard drives containing sensitive information were found on an auction site; another Trust disclosed personal data on two occasions.
The reputation of the NHS relies heavily on robust data security and good practice.
Care.data will not be the last project that tests the position of the NHS whilst evolving into a 21st century, world-class, technological-efficient institution. Jeremy Hunt, the Health Secretary, recently announced measures that will make information digitally and securely available. He proposes that the NHS should go “paperless” by 2018, embrace the ability for patients to view their own records online and enable any medical professional to view a patient’s records from anywhere. Having processes and procedures in place to deliver information security and regulatory compliance will be high on the agenda for the body responsible for these initiatives!
Ensuring continuous security measures are in place to minimise risk in such complex environments remains a challenging task. The majority of organisations are already grappling with their compliance requirements and layers of “point solutions” purchased over time to counter evolving security threats. One remedy for easing the security burden is simplifying the environment over time alongside effective and proactive management. By improving management, organisations can benefit more from their deployments, review their security position regularly and be in a strong position to prove general good practice and compliance.
Any organisation serious about their data security would be wise to seek the advice of external industry experts, who can add invaluable, objective insight. Ultimately helping you to develop a well-managed security strategy to wrap around your confidential and highly sensitive data.