Security Implications of Digital Transformation in Healthcare.
The healthcare sector has undergone some of the most dramatic digital transformation of any industry in recent years – and it shows no sign of slowing down. NHS Digital has been in place since 2005, driving forward an exciting array of information, data and IT systems for the country’s national healthcare. Currently, it is pushing the Paperless 2020 initiative, aiming to make the UK’s health and care system paperless at the point of care by next year.
In practice, this means fully digitised patient records, often called an electronic patient records (EPR) system, accessible by multiple stakeholders in multiple locations, and updated in real-time. In short, it’s about making access to – and interaction with – medical information more efficient and closer to the point of care, so that clinicians can make faster and more informed decisions.
It’s a laudable goal, and essential to ensuring that the NHS can keep up with the demands of a growing and aging population, diverse treatment options and ever-tighter cost pressures. However, it doesn’t come without challenges – and top of the list is ensuring the security and integrity of all that newly-digitised information.
Two aspects to information security: access and trust
It is easy to think that information security is all about safeguarding and verifying who has access to said data. Certainly this is important, and especially so in healthcare settings, where the data in question could contain highly sensitive and personal health information. It is therefore vital that only specific medical practitioners can access both the EPR system as a whole, and the relevant patient records within that system.
However, less attention is generally paid to another aspect of information security – ensuring that the information in question can be trusted in itself. Medical practitioners need to be confident that the data they are accessing is accurate, that it relates to the right patient, and that it is being continuously and accurately updated, in real-time. After all, if the wrong record is attributed to the wrong patient, or some crucial test results are not added to the record in good time, then the consequences for care delivery could be dire.
All this is particularly important as the NHS moves towards more collaborative ways of working. Multidisciplinary and multifunction teams working together are increasingly the norm. This is powerful in terms of delivering joined-up approaches between the health and social care systems and unlocking more innovative models of care, but it also means that large, complex and dynamic groups of stakeholders need interactive access to all that sensitive information.
The human factor
Above all, information security can never be a barrier to care. Clinicians will generally find the path of least resistance to do what they need to do – and understandably so. Their role, first and foremost, is to deliver the best possible standards of care, and if information security or governance tools and procedures slow this down or overcomplicate it, then clinicians will tend to find workarounds.
In turn, this leads to medical practitioners circumventing what on paper looks like good security practices. For example, a generic account may be used by a group of ten or more clinicians, rather than each of them logging in and out multiple times a day, slowing up their rounds. Or a smartcard may be cut up and taped into a slot to force something constantly open.
Again, the ultimate goal here is laudable – to deliver the best possible standards of patient care, as rapidly as possible – but the knock-on risks to information security can be severe.
Digital transformation as an operational enabler
Digital technology suppliers to the healthcare need to think carefully about how security and compliance procedures will be adopted by clinicians, and whilst ‘secure by design’ is a good founding principle here, ‘security as an enabler’ is just as important. In other words, inherently secure digital technology needs to be seen by medical practitioners as something which makes their jobs easier, not harder.
Digital transformation is essential if the NHS is to meet the challenges of the future – but it needs to go hand in hand with a transformative approach to security for both hardware and software.
Distec supplies a range of fit for purpose devices that are designed to meet the specific needs of the healthcare industry.