Stephen Allcock, UKI Public Sector Director at Sailpoint, discusses the importance of data security to the structure of the NHS
Data governance in the health sector is essential.
The National Health Service (NHS) has 1.7 million workers across the UK – with one million patients every 36 hours, generating large amounts of sensitive data. They are the fifth largest employer in the world, behind McDonalds, Walmart, the US Department of Defense and the Chinese People’s Liberation Army. One of its biggest problems is staff shortages and turnover, with thousands of positions vacant in clinical, nursing and administrative roles at all times.
This level of opt-out puts enormous strain on front-line and back-office functions, including the impact on access control and data integrity. To maintain the integrity of the NHS, it must work effectively so that staff have access to the right information at the right time, while keeping sensitive data and confidentiality a top priority.
Integrated care systems link the NHS with local authorities and social services. Together, more than 200 NHS Trusts must work with many partners and agencies to ensure coordinated and coordinated patient care. This adds to the complexity of data security and by 2025 the annual data growth rate for healthcare is should reach 36%. Having an effective identity and data security structure is essential to providing the infrastructure necessary to operate effectively, especially in the unstructured data space.
How open source can help the NHS navigate technology regulations
Hazel Jones, head of health at Made Tech, explains how open source can help the NHS navigate technology regulations. Read here
Cyber threats in healthcare
The average healthcare violation costs £ 6.6million and healthcare data breaches are expected to triple throughout 2021. Any breach within the NHS could potentially have a detrimental effect. Data security must therefore be at the heart of the structure of the NHS.
NHS security officials need to understand how information is used and who has access to it. It is essential to ensure that the NHS has control over the information and data under its control. In addition, it must also have measures in place to protect the data against inappropriate use. He needs to know if and when there has been a data breach and how to react as soon as he becomes aware of a breach.
Time is running out here. It can take weeks or months to detect if there has been an unauthorized data breach, with no way of knowing what information has been accessed, unless sufficient safeguards are in place.
Regulation and governance
The NHS has some of the strictest regulations in place to protect sensitive data. The Data Protection Security Toolkit (DPST) is only a control element for access to NHS data. The online self-assessment tool allows organizations to measure their performance against National data custodian‘s 10 data security standards. All organizations that have access to sensitive NHS data and systems need this toolkit to provide assurance that they are practicing good data security and that personal information is handled properly.
The National Data Guardian is itself an independent body that oversees patient data and acts as a safeguard over the use of the information. It allows patients to participate in the national patient opt-out, indicating that they do not want their confidential patient information to be shared for purposes other than their care throughout the health and care system. in England. In addition, the NHS must comply with general rules governing GDPR, which governs how organizations collect, use and manage personal data. The seven Caldicott Principles also provide the overarching governance rules that dictate how the NHS collects, stores and uses sensitive information. Of course, none of this is possible unless the NHS has a full and transparent understanding of what is happening to their data.
Data governance and the future of digital work
Andrew Martin, Senior Director of Sales and Marketing EMEA and Managing Director UK at Egnyte, discusses the biggest trends in data governance that will shape the future of digital work. Read here
An NHS Trust potentially contains millions of documents in hundreds of thousands of files and in multiple repositories, both on-premises and in the cloud. This is typically “unstructured data” that makes up about 80% of the total data held by a trust – and becomes unmanageable. Some of the common themes we see are personally identifiable information and sensitive information stored in the wrong place, over permissive access to sensitive data, no centralized identity governance process, no audit on access, no oversight of the use of privileged accounts and data held outside of a retention policy.
The key is to make sure the NHS can classify its data and have processes in place to manage access to it. Understanding the types of data, knowing where it is, and providing adequate controls are all essential aspects of adhering to the DPST, Caldicott Principles, and GDPR governance. This will allow organizations to know who has access to different levels and sensitivities of data, and organizations to create an up-to-date asset register. Visibility into the location of all sensitive data, who has access to it, and the audit in place is crucial to understanding where vulnerabilities may be and subsequently being able to mitigate improper use or a cyber attack such as ransomware.
Data is essential
Sensitive information that is lost or stolen can irreparably damage reputation, which is vital for the well-being of patients. This is why data governance is at the heart of the NHS. Misused, data can overwhelm a structure like the NHS. It becomes cumbersome and unmanageable, especially with the huge growth in data that will only keep growing.
Data is the heart of the organization – and it needs to be secured and monitored effectively. With everything aligned, streamlined and controlled, data can ensure that the NHS continues to provide such critical treatment and service, without disruption.