Privacy and data protection are critical issues facing every healthcare professional in their daily working lives. With technological advances and the increasing use of cloud-based software, the dental team should appreciate the importance of data security and the benefits that technology can provide, while keeping patient’s privacy protected.
The cloud, or cloud-based computing, refers to software, data storage or other technological resources hosted via the Internet from a cloud computing provider’s servers. The resource can then be accessed and used on-demand via the internet.
Using cloud-based systems has the potential to transform the delivery of healthcare in several ways. Cloud-based storage allows you to store large amounts of patient information, without the need for on-site storage systems, hardware, and associated costs like maintenance, freeing up resources you can invest back into your practice. As a bonus, many cloud systems allow you to pay only for the storage space you use, scaling up or down as your business demands.
Cloud-based systems also offer convenient access to information from various locations, helping to improve communication between everyone involved in the patient’s care if you have more than one location, rather than going back and forth with requests. Data that is stored in multiple data centers in multiple jurisdictions is also less vulnerable to loss or damage; if one server should be compromised in any way, your data can still be accessed.
However, this brings with it potential disadvantages as well. Some argue that this could also be a weakness of cloud-based systems. Writing for Healthcare IT News, Dr. James Angle warns that having data stored across multiple locations offers more potential targets for hackers and other bad actors. He adds that having multiple jurisdictions also adds complexity – the “enemy of privacy and security.” Others, according to an article in The Lancet, are concerned about the implications of sharing large amounts of sensitive data with third-party cloud service providers like Amazon, Apple, Google and Microsoft. They cite particular concerns about the lack of control healthcare providers and patients have over sensitive data once exchanged with these third parties, pointing out that patients would not have intended for their confidential data to be sold or commodified and thus could not have given informed consent for this use.
While the question of informed consent is valid, security experts believe that using cloud platforms actually increases the security of data. According to a source cited in The Lancet, cloud services like Google give the healthcare provider the benefit of their vast, sophisticated data security resources. Further, the compilation of huge data sets from many different providers allows companies to develop artificial intelligence solutions that can streamline workflows, improve diagnostic processes, personalize treatments, and greatly improve patient outcomes.
Protecting patient data must always be a top priority. Here are some tips for keeping patient data safe throughout.
1. Develop a data policy
Develop a robust data usage policy, ideally with professional input, and ensure that all staff are given training and regular refreshers. Make the policy easily accessible to your patients in various formats, e.g., online and in print.
2. Gain informed consent
When collecting any form of data, it is important to remember that the person to whom the data belongs has the legal right to know what data is being collected, what it will be used for and by whom, and under what circumstances it will be shared. If data is handled inappropriately, you risk legal repercussions, reputational damage, and loss of the patient’s trust. Make sure to always explain to patients how their data will be used in clear and simple language so that they can provide informed consent.
3. Know your cloud system provider
Using the cloud to store data does add complexity to your data protection plan. Make sure to use trusted cloud providers that can demonstrate clear and thorough policies on data storage, usage and processing. Organizations should be able to confirm where the data will be stored, who has access to this data and what controls are in place to protect identifiable patient data such as:
Name, address, date of birth
Clinical records, including patient notes, photographs, X-rays and scans
4. Monitor data access
Provide sensitive data access to specific team members and roles on an as-needed basis and ensure that users have individual log-ins so that you have a record of who is accessing what data and when. If accessing cloud-based patient information off-site, ensure that individual devices have appropriate anti-viral software. If accessing data via the internet, ensure that the network is secure and private, rather than public.
5. Take extra steps for mobile devices
Mobile devices like cell phones and tablets allow you to unlock the full potential of cloud-based computing. However, the US Department of Health and Human Services (DHHS) points out that these devices are easier to lose and more vulnerable to theft than desktop devices, and data accessed or shared via these devices might be easier to intercept. DHSS recommends taking extra steps to secure mobile devices with password protection, authentication controls and security protection equivalent to those of desktop devices. Staff should also be encouraged to be vigilant against accidental exposure of data, e.g. leaving a device unlocked, being overhead on the phone, or displaying data in view of unauthorized users.
Cloud-based systems have much to offer, and patient privacy and data protection are essential.