How to improve data security across a remote workforce: a lesson in security training
Secure processing of personal data in the healthcare sector
The General Data Protection Regulation (GDPR) came into effect on May 25, 2018, and no industry was left untouched by its far reaching impact.
In a number of ways, personal data protection has become more challenging for the healthcare sector under the GDPR. An example of this are the efforts to launch COVID-19 contact tracing apps, and the privacy complexities that entails.
For starters, any company or organisation that processes data concerning people’s health must be extremely cautious in their handling and storing of personal data. This includes a mix of the public and private sector such as hospitals and medical clinics, pharmacies, dental practices, long term care homes, diagnostic laboratories, psychologists and other mental health professionals, plus any other company or organisation involved in the processing of personal health data.
Under the European regulations preceding the GDPR, data on health matters was protected as a special category of data, now under the GDPR it falls under “data concerning health’’.
This category includes personal data involving the physical or mental health of an individual, including any provision of health care services that could reveal information about a person’s health status. Alongside this, there are also categories for ‘’genetic data’’ and ‘’biometric data’’ with their own set of rules.
Some organisations can claim to be GDPR compliant, others still have work to do to meet the requirements. Whether it’s a large hospital or a small chiropractor clinic, in order to successfully comply, a set of technical and organisational measures will be needed. Even more important is raising data protection awareness among staff. This part is especially crucial since the majority of all data breaches in the health sector stem from employees making mistakes when handling sensitive data, and these situations are largely preventable.
In fact, a requirement of the GDPR is to provide awareness training on a regular basis to all employees, and that’s the key challenge that this guide will help you with, namely: how to ensure that staff are aware of the importance of properly securing data.
Learn how to create better awareness about the secure processing of personal data in your workplace, whether you’re at a large medical facility or a small dental practice, with tips for a tailored approach to deliver a more lasting impact.
• To start, we’ll list the most important details for data and privacy compliance with the GDPR;
• Next, we connect this to the daily work practice of employees;
• Then we’ll outline, based on seven steps, how you can create awareness for the secure processing of personal data;
• Alongside this we’ve included some practical examples of situations that arise in the workplace.