Comment: Keeping on top of new data protection rules

Advice for healthcare organisations from Robin Bingeman, managing director of Cryoserver

Robin Bingeman, managing director of Cryoserver, discusses how, as hospitals and healthcare providers look to meet new data protection regulations, centralising information management can break down data silos, reduce storage costs and complexity, enable better data sharing, and reduce the risks of a data breach and the resulting ramifications

New EU data laws will require organisations to alert authorities to a data breach within 72 hours of its occurrence.

According to Big Brother Watch, between 2011-2014 there were at least 7,255 data breaches in the NHS. Under the new regulations, this would mean that hospitals and NHS services are required to alert authorities to a breach up to six times a day.

Combined with this, healthcare providers are regularly subject to Freedom of Information Act requests (FOIs). Croydon’s NHS trust receives over 200 FOI requests annually, while the Heart of England NHS Trust published around 15 FOIs in a single month last year. The financial and resourcing burden of these requests is often huge.

At the centre of both challenges is the efficient storage and management of communications, and with email now a dominant form of communication in both our personal and professional lives, it is vital that we manage these well.

The implementation of an effective email archival solution will result in more-efficient responses to FOIs; support the prevention of data breaches; and make the day-to-day running of business much smoother.

The implementation of an effective email archival solution will result in more-efficient responses to FOIs; support the prevention of data breaches; and make the day-to-day running of business much smoother

However, first let us consider the regulatory and legal pressures on the management of communications in healthcare organisations.

The length of time you should keep emails varies, for example in any business communications relating to maternity or paternity pay must be kept for at least three years. In the healthcare sector, however, there are more-specific regulations about medical supplies, drugs, and patient records which increase pressures on email management for providers.

Consider the receipt of a new medical device, an X-Ray machine for example. Healthcare providers are required to keep relevant records, including a full history of the device’s purchase, deployment and installation for 50 years at least. Additionally, records of all checks made on the device must be made and retained for health and safety purposes, legal reasons and in the event that a recall is issued by the manufacturer. Many of these records are now stored in email.

Further to this, as a healthcare provider you will receive high volumes of personal information. The Data Protection Act of 1998, states that organisations must supply personal data on the individual’s request for it. The act also requires this information to be held safely and securely, with records relating to an individual’s health subject to even-more-stringent regulations.

In both cases, a high proportion of this information will be held on, or shared via, email. As a result it is crucial that emails are easily accessible and stored securely, so as to prevent any tampering, enable efficient responses to FOIs and individual data requests, and in order to reduce the potential for a data breach.

So what does an effective email management solution look like in the healthcare sector? There are three key areas to consider. First, you must ensure that emails can be accessed quickly and easily. Second, your solution must be safe, secure and tamper evident. Finally, you need to make sure that the storage of emails does not affect day-to-day business by making servers slower or filling employees’ inboxes to capacity.

The first step is finding a solution that provides quick-and-easy access to emails. This is especially important when fulfilling FOI requests and responding to patient enquiries. Both kinds of request take time to respond to, and this time of course costs an organisation money. In the public sector, Wolverhampton Council spent £199,200 on FIO requests in just one year while for Birmingham Council this same expenditure rocketed to £1.1m. By reducing the time it takes to find and access emails, this figure can be drastically reduced and resource can be saved significantly across your organisation.

With pressures on the management of communication in the healthcare sector continuing to increase, it is vital to take steps now and futureproof your organisation in a world of increasingly-digital communications

A safe and secure solution is crucial for all kinds of organisations, but particularly ones that handle sensitive information, such as healthcare providers. With significant volumes of personal data managed over email, steps should be taken to reduce the potential for a data breach and to maintain accurate information in all communications. Implementing a solution that maintains a tamper evident trail (ie one that highlights any communications that have been altered) means you will be confident in the integrity of you communications. Storing emails securely and limiting access, if appropriate, will support your organisation in protecting itself from data breaches.

Finally, your solution must enable the efficient day-to-day running of your organisation. Emails often dominate our communication at work, but it is important they do not slow down the mail server or create an inefficient working environment. Storing emails off the mail server will free up space for more incoming communications and support employees in working efficiently.

By implementing a solution that considers these three key areas you will be able to meet new data regulations and respond more efficiently to FOI requests.

With pressures on the management of communication in the healthcare sector continuing to increase, it is vital to take steps now and futureproof your organisation in a world of increasingly-digital communications.  

Companies