Are your records secure?Health Headlines - September 2009 |
The time is now: 2009 LSHC Security Study
A global perspective on cyber security, privacy and data protection in the life sciences and health care industry.
Information security is becoming an increasingly important issue to consider especially as the level of data sharing between organisations increases.
The ability to store and track data has improved - greater internet access, improved database technology coupled with the desire for trend analysis. Organisations have been provided the opportunity to easily share information. However, with this comes an awareness of potential threats to data record security, and greater responsibility.
The emergence of the electronic medical record (EMR) that combines elements from many data sources is a prime example. The EMR may eventually be hosted by “cloud computing” in the internet so high level security will be paramount to create trust in the information.
Health organisations, more than any other, need to be particularly stringent due to the highly personal nature of their patient records. Legislative protection gives confidence to patient confidentiality and it is up to the organisation to ensure that their patient is protected.
What are the greatest threats to your information security?
According to the 2009 LSHC Security Study, respondents have as much concern of threats from error as from intentional data hacking:
Interestingly, 83% of respondents to the survey are equally or more concerned with internal security threats than with external threats. And threats are as much from personal error, such as accidentally sending an electronic file to the wrong recipient, as intentional data hacking – “human error is one of the top three root causes of failure” p.13
One of the common threats that your organisation is exposed to, is the use of USB data devices. The level of information that is carried around on USB devices can be high, and commonly includes: customer data, financial information, business plans, employee data, marketing plans, intellectual property and source code. These types of information are highly sensitive and, if fallen into the wrong hands, can leave your organisation vulnerable and potentially liable.
How do you stop information unintentionally falling into the wrong hands? There are a range of options – but the two most common areas are restricting the use of portable devices or automatically encrypting data carried outside your network. Talk to our Enterprise Risk Services people to see what options there are for your organisation, as there is no silver bullet.
So what is your organisation doing to protect your records?
Related article in Deloitte Forensic Focus: How secure is your data