Securing data in a healthcare environment

By Veronica Kocovska

data protection

Change is the new norm for the healthcare sector worldwide. The digitisation of health and patient data has undergone an unprecedented shift in clinical, business and operating models in light of the outbreak of Covid-19. Prior to 2020, the change was slowly being brought about by ageing populations and lifestyle changes, however in the last year there has been an accelerated – and much overdue – approach to this adoption, with the advent of eHealth and smart health technologies.

Why is data security important in healthcare?

Health data is among an individual’s most sensitive private data, and therefore meeting strict data protection requirements should not be taken lightly. Privacy protection and ethical health research policies both provide valuable benefits to society, and having a robust healthcare data protection programme is vital.

Big data has fundamentally altered the way in which organisations store, manage, analyse and utilise data across all industries and can lead to positive changes, in particular within the healthcare sector. The potential of big data in healthcare systems1 and research lies in improving patient outcomes, predicting epidemic outbreaks, advancing diagnostics, disease prevention, and reducing costs, time-wasting tasks and admin. The bottom line is that it will improve quality of life for everyone. Determining the allowable uses of digital health data whilst maintaining security and a patient’s right to privacy, however, doesn’t come without its challenges.

Justification for protecting personal data predominantly arises from the need to protect interests at the individual level2, and whilst the majority of the conversation surrounding the value of privacy fixates on its importance to the individual, it should also be noted that privacy can be seen as significant at the societal level. Privacy facilitates the existence of a free society, as it contributes to the maintenance of the type of society in which we want to live due to the fact that it enables complex activities to be carried out, such as research and public health endeavours, in ways that protect individuals’ dignity.

Violations to privacy and confidentiality not only affect a person’s dignity, but can actively cause harm – sometimes irreversibly. If personally identifiable health information is exposed to an employer, family member or insurer, it can result in stigma, embarrassment, and discrimination at the individual level. At the wider level it can result in financial repercussions, loss of credibility as a company or organisation, and loss of trust with patients or customers. Without some guarantee of privacy, people may be averse to provide unequivocal and complete disclosure of sensitive information even to their physicians. Assurance of privacy can foster and encourage more effective communication between clinician and patient, which is imperative to the quality of care, enhanced autonomy, and for preventing economic harm and discrimination.

Regardless of how critical and useful big data is to the progression of medical science and to the success of healthcare organisations, it can only be utilised if privacy and security issues are addressed. Pinpointing the disadvantages of existing solutions and anticipating the direction for future research will provide a reliable and secure big data environment.

The emerging key players: Blockchain and GDPR

Through putting the patient at the centre of the healthcare ecosystem and heightening privacy, security and interoperability, Blockchain technology has the potential to transform healthcare. Blockchain has various applications in healthcare, and it has the ability to upgrade mobile health applications, remote monitoring devices, clinical trial data, insurance information storage, and the sharing and storing of electronic health records. It may be early days so far, but Blockchain is already on the brink of completely turning over the healthcare hierarchy by providing a new model for health information exchanges, bettering accessibility and security of patient data3, whilst constructing a novel system in which patients have the autonomy to manage their own care4.

The radical change brought about by the long overdue introduction of the General Data Protection Regulation in 2018 has significantly altered the way healthcare organisations utilise and store all personal information. Creating GDPR awareness across an organisation and keeping confidential information about staff and patients secure are both of paramount importance. Any breaches to this data security come with hefty financial repercussions, therefore it’s in everyone’s best interests to not be negligent when it comes to protecting this data.

Best practices for securing big data

As a result of stepping up the regulatory requirements for healthcare data protection, healthcare organisations that take an ardent approach to enforcing best practices for security in healthcare are best prepared for continual compliance and are at less risk of incurring exorbitant data breaches. Below are five ways that healthcare systems can implement privacy policies:

  • Educate staff

    • Human error is the biggest contributing factor to threatening security across all industries, but especially in healthcare, therefore staff need to be properly educated and trained with regard to safeguarding data and complying with best practice.
  • Limit access to data and applications

    • Access controls and authorisation can act as a buttress for digital health record protection by regulating access to patient information and certain applications to only select users who require the particular information in order to perform their jobs.
  • Encrypt data

    • In the age of digital healthcare, data should be encrypted in transit and at rest in order to try and prevent any form of hacking and deciphering of patient records.
  • Conducting frequent risk assessments

    • Periodic proactive prevention is crucial as it can analyse and recognise weak points in a healthcare organisation’s security, particularly for digital healthcare companies, thus mitigating future problems and errors.
  • Backing up data

    • With the future of healthcare technology in mind, backing up data – with rigorous controls for access and data encryption – to a secure, offsite location, is essential for disaster recovery and having a safety net in case of a cyberattack5.


  1. Springer Open
  2. NCBI
  3. Deloitte
  4. NCBI
  5. Digital Guardian