GDPR and data security in healthcare – why it matters

Data protection is a high priority for all industries, but it’s absolutely crucial for healthcare.

For other private sector businesses, the consequences of a data breach can result in a damaged reputation and monetary loss. There are also the financial penalties of GDPR enforcement to consider, since the new EU rules came into effect in May 2018.

But for healthcare, the impact of data loss can be catastrophic. Healthcare organisations, both NHS and private, rely on the sharing of patient data in order to provide an effective service. The data provided is also the most confidential and personal in nature. It is arguably more sensitive than personal financial information.

If an established healthcare provider were to misuse or lose patient data, or fail to follow data protection procedures, it could result in:

• Serious erosion of public trust in the organisation
• Legal sanctions for breaches of the Common Law Duty of Confidentiality (CLDC) and Data Protection Act (DPA) 2018 – this includes additional conditions for healthcare information as a special category of data
• GDPR breach penalties of up to £17 million, or 4% of global turnover
• Public scandal and reputational damage.

How do healthcare data breaches happen?

According to the Cyber Security Breaches Survey 2019 from DDMCS, 67% of UK healthcare organisations have had a cybersecurity incident of some kind.

But it may surprise you to know that data loss within healthcare isn’t always caused by cybercriminal activity from the outside.

In reality, it often happens as a result of unintended or unauthorised disclosure from the inside. If the right procedures aren’t in place, accidental mistakes caused by human error can easily happen.

ISO 27001 and healthcare security – how to reduce data protection risks

Due to the critical importance of data protection in healthcare, there are strict and detailed procedures in place for managing risks. This includes only working with service providers with the highest standards of security certification.

A great example of this is WeType. WeType provides medical transcription services to healthcare organisations of all sizes.

Outsourcing typing to our specialist UK-based typists can save an enormous amount of time. By reducing time spent on paperwork and note-taking, there’s more time for patients. It’s also cost-efficient, convenient and flexible.

But of course, the bar for data protection is sky-high for healthcare organisations. This means that the WeType service also has to deliver the highest standards of security. We do this through our ISO 27001 accreditation, which is the internationally recognised standard for excellent security practice in information security management systems (ISMSs).

ISO 27001 certification also means that our medical transcription service complies with EU GDPR and other data protection laws. We’re also certified by the Government-backed CyberEssentials scheme.