Not every sector has yet complied with GDPR. One of the biggest is the Hospitals Sector, with the Data Protection Commission highlighting 14 matters of concern it has found in hospitals. But while the situation is serious, some key steps are all that is needed to rectify it.
Many national regulators across the EU are providing those not yet GDPR-compliant with a limited period of grace. But with GDPR terms set be strictly enforced once that period has passed, Irish hospitals are now under pressure to finally make the necessary changes.
Of course, the size of the undertaking is significant. After all, hospitals are required not only to retain large amounts of data in hardcopy documents (much of which is highly sensitive) but to share that data amongst departments, institutions and even individual health professionals.
The good news is that, with some clear guidance and help, hospitals can successfully introduce sustainable data protection procedures, and staff be made fully aware of the existing risks to more effectively avoid data breaches and security failings.
Why Are Hospitals High Risk?
The Commission’s report, Data Protection Investigations In The Hospitals Sector, followed a detailed examination of 20 hospitals carried out by the DPC’s own Special Investigation Unit in November and December 2017.
The investigation examined how each hospital handled the personal data of its patients, especially in departments and hospital areas in which patients and the general public have access to.
The report identified 14 matters of concern:
A total of 35 risks were identified across these 14 matters, and the report made 76 recommendations to mitigate those risks.
Data Protection in Hospitals ‘Critical’
On the publication of the report, the Assistant Commissioner Tony Delaney stressed the responsibility hospitals have to ensure the personal data of their patients, as well as their employees.
“Given the sensitive nature of the personal data that hospitals process on a 24/7 basis, it is critical that the protection of that data in a busy hospital environment is given the high priority that the data protection legislation requires,” he said.
He added that “ultimately, hospitals should strive to ensure that the importance of data protection and patient confidentiality permeates the hospital culture at all times.”
8 Steps To Improve Data Protection In Hospitals
There are several steps to take to greatly improve data protection in hospitals:
At Kefron, we provide bespoke On-Site Document Management Services that address the specific challenges faced by individual institutions.
For more on what Kefron is doing to enhance Data Protection in Hospitals, read our Data Protection in Hospitals PDF.