GDPR : the opportunity for Digital Transformation in the NHS
There is no doubt that digital transformation within the NHS is a significant undertaking. While technology has already revolutionised the healthcare landscape for patients and organisations alike, a large investment of time and money is the only way to ensure a truly digital future.
Digitisation will not only help boost patient care through ensuring timely access to full patient records, but will allow effective reporting on data held should a Subject Access Request be received – a key requirement of GDPR.
With access to a growing range of data and insights, the positive impact is expected to be felt in terms of patient care and beyond. The process of managing that data, however, is an issue rapidly climbing up the agenda.
When GDPR is enforced in May 2018, the EU regulation will oblige NHS departments to fully analyse their digital functions, including processes for the storage, security and identification of patient data.
While the NHS has admitted it is unlikely to meet its 2018 target for digital transformation due to the current ‘state of hospital IT systems’, this does present an opportunity to begin integrating digital technologies from the ground up to ensure compliance.
Beyond viewing regulation such as GDPR merely as a compliance burden, however, healthcare IT professionals will be able to use it as a springboard to big data utilisation.
The drive to digital transformation
The sharing of health-related data across networks has become a necessary component to the smooth running of today’s healthcare operations. GDPR contains several new requirements regarding how all organisations should process, store and safeguard personally identifiable information (PII).
Of particular interest within healthcare is ensuring data breaches are reported to relevant authorities within 72 hours, the employment of a Data Protection Officer, and policies to secure data portability.
In adhering to GDPR, the NHS will have to utilise digital technology that not only ensures compliance, but also offers an increased level of business intelligence.
While the new regulation’s primary objective is to strengthen data protection for individuals and simplify regulatory environments for organisations, the NHS now has the chance to go further.
Instead, the data available can be used to vastly boost analytical capabilities, ranging from information around patient sickness trends to the most effective means of combating it.
Data security prior to GDPR implementation
In light of GDPR, the increasing amount of data on hand through digital transformation brings with it a greater need for security. Failure to comply with GDPR legislation could result in fines of up to €20 million, or 4% of annual turnover, whichever is higher.
A growing and ageing population has led to more demand for medical services, but also a larger number of patient records and a greater amount of identifiable medical information. With an increased amount of data created and held comes a greater financial and security risk.
This is exacerbated by the fact that when ensuring data security, staff are often the weakest link, with the efficaciousness of phishing attacks well noted against the NHS. Furthermore, many NHS trusts still utilise unsupported Windows XP operating systems, representing multiple layers of data insecurity.
For the NHS, which employs over 1,500,000 people (a staggering 2.3% of the UK population), ensuring staff and patient data security is a huge undertaking. GDPR therefore represents a significant financial motivation to ensure security.
To maximise data safety, normalising the vast amounts of data the NHS creates will be essential. Often, data held is stored in different formats, meaning that it would take IT staff a long time to sift through the information to detect a breach or event.
Once this data is normalised, however, searching for anomalies and identifying threats is a much more streamlined process, allowing for a rapid response to minimise data-theft and fines from delayed reporting – key aspects to ensuring GDPR compliance.
Considering the proliferation of breaches and consequences of non-compliance, the NHS can now fast-track digital transformation, integrating systems and processes, ensuring data security before GDPR comes into force.
With a large amount of staff and patient data stored in disparate locations, healthcare organisations must be aware of exactly what data they hold, where it came from, how it is stored, what the process for access is and what is being done with the data.
Once these criteria have been met, the next stage is to look at how this data can be secured, ensuring only those who need access have the credentials to do so.
With just over a year to go until implementation of GDPR, healthcare management and IT professionals must now review existing systems to ensure regulations are met ahead of schedule, driving effective, innovative change in their sector.
GDPR represents an opportunity for digital transformation in the NHS – one that goes much further than adhering to industry regulations, helping to drive more efficient operations.