Andy Jones

Andy Jones

Many people who create data breeches do so because they’re unaware of security policies – or because such policies simply don’t exist in their organisation. So a well structured, well advertised document management policy can go a long way towards preventing them.

Be clear on how each category should be treated, providing do’s and don’ts, and clearly outline the consequences for the organisation, individual or client if the policies are not followed.

The implementation of sound operating practices and secure technology management is also essential to preventing data breaches. The NHS customers that we are working with are making great strides in this area; they have stringent outsourcing guidelines and data handling processes.

Working with Worcestershire

Take, for example, Worcestershire Acute Hospitals NHS Trust, which is having a major push on improving the patient experience while increasing patient safety.

As part of this strategy, we are working with a team at Worcestershire to manage and digitise its patient records. It’s a big job, and will take about five years to get to the point where all patient records are stored and managed digitally.

But when you consider the life of a typical paper record – which is stored in a warehouse before being trucked to the hospital and circulated through various wards and past many consultants and then sent back to the warehouse – the benefits of a digital system become clear.

A digital system enables a record to be traced through every step of its journey, in a transparent way. Best practice includes maintaining – and making available – detailed management information that tracks who has had what access to client’s data at each stage of the process, providing full visibility and audit trails.

This is an essential element in the management process and ensures accountability for highly sensitive data – and what can be more sensitive than a person’s entire medical history along with their contact details?

Tips and tricks

I know some people have concerns about who manages this confidential data and how a company can ensure that it’s in safe hands. At Xerox, we are able to use technology to automatically extract information from digitised data, avoiding the need for humans to read it.

When humans do handle sensitive information, we can use technology to dissect a client’s information and spread the work across many operators, meaning no one person has access to any individual client data.

If your organisation is looking to outsource a function such as its document management, I would strongly suggest you investigate the transparency of the process and work with a trusted outsourcer. You need to know who has your data and what they are doing with it – as ultimately, a breech will affect your reputation and a serious breech could result in significant fines.

Ultimately, though, whether sensitive data is being handled by a third party or in-house, the right policies need to be in place to keep that data protected. There are simple steps that can be taken by a healthcare organisation – or any institution in fact – to keep data safe. Here are my top five security tips:

  1. Have robust selection and recruitment policies in place: The implementation of sound operating practices – such as banning mobile phones and personal bags from client data processing areas – is key to maintaining a secure environment.
  2. Implement secure technology management: Prevent staff copying client data, remove the physical means of backing up data (unless it is done in a controlled environment) and ensure processed data is regularly purged from systems.
  3. When outsourcing processes, use a trusted outsourcer: Reputation says a lot and if you are looking for a trusted and secure outsourcer, speak with companies that have solid credentials and in particular adhere to quality and data security standards such as ISO 9001, BIP0008 and ISO 27001.
  4. Understand what happens to your data – from receipt to destruction: Take time to understand the life of your data from receipt to destruction and put in place measures that enable you to track who has access to the data and when and where it is accessed. This full visibility helps prevent data breeches and is vital to the audit trail.
  5. Never underestimate the importance of data security: Information may fall into the wrong hands, which will have dire consequences for your users, and your organisation’s reputation. It can also expose you to action from organisations like the ICO, as well as individuals.