Did you know that January 28th is Data Protection Day? The Council of Europe launched this commemorative day in 2007, and two years later, the USA joined the initiative. We fully support this initiative, and as a technology company that operates in the Life Sciences sector, we recognize this important day by sharing six facts about data privacy in the healthcare sector.
The most significant and recent data privacy law is probably the EU General Data Protection Regulation, better known as GDPR. It is a set of more than 250 pages approved by the European Parliament, the Council of the European Union and the European Commission. The GDPR has replaced the previous Data Protection Directive 95/46/EC from 1995 and has introduced cohesive rules for ensuring that the EU population is aware of how their personal data is handled.
In regards to health data, GDPR defines three types of data that require special protection: data concerning health, genetic data, and biometric data.
Back in 2017, 54% of healthcare professionals thought that the responsibility for getting medical records from one healthcare facility to another lied with healthcare professionals/facilities. However, the responsibility should lie with both patients and professionals/facilities (57%). We wonder: how did the situation change in the last year and half?
In the USA, privacy and security of health data is governed by Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules. They set the requirements for limits on how health information can be used and shared with others and how it should be kept secure with administrative, technical, and physical safeguards.
Speaking of American legislation, in 2018, American Congress attempted to enact a bill that could align 42 CFR Part 2’s standards with HIPAA. The draft legislation would have permitted providers to share information about patients subject to 42 CFR Part 2 for the purpose of treatment, payment, and operations.
Even though the notion of data privacy is often linked to the notion of security, security is not always sufficient to ensure privacy. Privacy can be defined as the ability to protect sensitive information about personally identifiable health care information, while security can be described as the protection against unauthorized access, with some including explicit mention of integrity and availability.
There are many ways to ensure the security of health data, and one of them is opting for a partner that has implemented best practices in this area including internationally recognized certifications, such as ISO 27001. ISO 27001 is the most famous standard in the family providing requirements for an information security management system (ISMS). It guarantees, that a company maintains the confidentiality, integrity, and availability of personal health and patient data and information.
If you want to learn more about importance of ISO 27001 in healthcare sector, we invite you to have a look at this material.
We in Arithmos take great pride in honoring data privacy and security, and ensure that all our products and internal processes are compliant. We are also ISO 27001 certified, and we are thrilled to say that we have confirmed this status with a re-certification in December 2018.
Want to know more about privacy and security in the healthcare sector? Send your questions at firstname.lastname@example.org and we will get back to you as soon as possible.