Opinion: Is your storage space a data repository?

In an age where hackers and other cybercriminals seek to do us harm, can we relax when it comes to our financial and medical information? After all, those who handle them are subject to clearly defined legislation. It seems not, as indicated by a recent violation of privacy laws by a Melbourne medical centre, where 960 records of former patients were compromised in a November 2013 break-in.

While the incident received much coverage in Australia, it was also featured internationally and must have been embarrassing for the Office of the Australian Information Commissioner (OAIC), with Timothy Pilgrim, the Australian Privacy Commissioner, announcing that a garden shed is not a secure place for medical records.

Readers around the world are sure to have thought “I knew that.” However, it is clear that the comments referred to the specific situation rather than a bid to enlighten the medical profession here.

What can Australian healthcare professionals do to ensure our medical records are stored correctly and disposed of when converted to a digital format? We all appreciate that clinics and medical centres are in the business of patient care, but that business must include adherence to privacy regulations and ensure health records are secure. Enforcing this situation may well be a challenge but a necessary one to safeguard our data.

Fortunately, technology can help and when employed correctly can satisfy all technical and legal requirements.

Many healthcare providers attempt to reduce their reliance on paper-based records by creating a process for document conversion, scanning each document and accurately importing them into the appropriate clinical application. If paper records are no longer required, arrange secure disposal.

However, process completion can take some time and generally needs to be phased in, being worth the effort and allowing compliance with existing and future technology. Such conversion saves storage space that could be used as an additional office or consulting room, for example. Garden sheds could even serve their true purpose.

Digital conversion from paper can also help prevent low-tech hacking and clinical record breaches, where insecure records are compromised by burglars or unauthorised personnel. The greatest advantages lies in efficiency, as all digital records can be accessed or updated immediately.

The conversion process does not solve all problems and due diligence is necessary, especially when it comes to data storage, disaster recovery and back-ups. If using hosted cloud solutions, ensure the selected providers stores the data in Australia and that all date centres perform regular security audits that comply with both technical and legislative requirements.

Data storage or back-up solutions are essential, with on-site servers or network-attached storage (NAS) the most popular options. Those that do not wish to maintain a server can simply use NAS, a standalone solution that typically contains multiple hard drives that allow automated local back-ups to take place at scheduled intervals.

When combined with an off-site solution in the cloud, data loss is highly unlikely as several secure copies are in place at any given time.

Secure medical records are essential for all involved. In the ‘garden shed’ scenario, negative publicity affects the business, raises justifiable concerns from patients – who will more than likely change to another healthcare provider – and highlights the need for a move from paper-based storage solutions. A secure cloud environment is perhaps the best solution, one that can also improve mobile clinic solutions.

Rob Khamas is an eHealth solutions strategist with REND Tech Associates.

Posted in Australian eHealth

You need to log in to post comments. If you don't have a Pulse+IT website account, click here to subscribe.

Sign up for Pulse+IT eNewsletters

Sign up for Pulse+IT website access

For more information, click here.

Copyright © 2017 Pulse+IT Magazine
No content published on this website can be reproduced by any person for any reason without the prior written permission of the publisher.