Has your organisation updated its procedures, forms and wording for obtaining individual consents to ensure compliance with the GDPR?
Despite the GDPR deadline quickly approaching and requirements it holds, only half of the UK’s IT decision-makers are aware of this EU data protection regulations. GDPR calls for an upgrade in technology in the Healthcare sector. An appropriate level of privacy and risk mitigation is required for higher risks situations such as these.
GDPR will apply to NHS and other health organisation’s as it protects European citizens. The new regulation will give large accountability to the NHS. In cases of breaches, the Healthcare sector will suffer the most consequences, in one study across 16 industries the highest cost of data breach was in the healthcare at $355 per patient record. Another report by the Freedom of Information request shows that 28 NHS trusts have been attacked within just a year.
According to Experian’s Data Breach Industry Forecast 2017, the health data will be the most targeted sector next year. This is due to the sensitive nature of the records kept with healthcare organisations. The NHS will need to employ stringent privacy measures to protect customers to prepare to comply with GDPR and work to avoid the risk of breaches as new advanced attacks emerge.
GDPR will prohibit the processing of certain health data, including genetic data such as physiology or hereditary and data concerning mental or physical health. There are exceptions and health organisations which collect data will need to ensure they have either obtained explicit consent for specified purpose (unless it’s a “life or death” situation and they are physically or legally incapable of consenting) or prate process is pessary of preventive or occupation medical or public interest.
Organisations will need to establish a robust data programme and target their budget and resources to ensure they comply with GDPR by May 2018. This will not only help reduce the risk of breaches but will build the trust of stakeholders such as patients and partners. By complying with GDPR they are less likely to come across enforcement or legal action from data subject and suffer reputational and negative publicity.