COVID-19 and patient data security: Time for the great reset?


Bleepa Feedback Medical Feedback PLC Thought Leadership

GDPR and Flexible Working

In the wake of 2018’s new European GDPR legislation coming into force, attitudes towards information security within the healthcare sector seemed at odds with a growing appetite for flexible working. The bill’s attempt to balance out the various needs of organisations, society, and the individual put a new focus on data security in the workplace, something that didn’t always sit easily with the growing dependence on mobile devices in healthcare.

The widescale determinedness of healthcare providers to safeguard patient data and avoid falling foul of the new legislation meant that balancing data use with flexible and remote approaches to work seemed impossible. One of the guiding principles of information security, namely providing access to data, was usurped by the avoidance of risk, with the penalties outlined in the new GDPR legislation looming large over healthcare trusts.

COVID-19: Finding new ways of working

However, as COVID-19 took hold it forced many vulnerable clinicians to shield and many others needed to work away from their wards, and reduce any unnecessary contact with patients and colleagues. Despite the clear necessity for remote working for stretched hospital staff, one challenge remained – how was it possible if the vital data they required was only available on servers inside their hospitals, clinics and health centres?

As is often the case, necessity is the mother of invention and COVID-19 has certainly led to us all finding more of an appetite for flexibility and controlled risk. As with the wider world of work, it now seems that it took a global health crisis to act as a catalyst to changes in the way clinicians operate and the way they access data, which have perhaps been long overdue.

Remote Patient Data Security

Over the past 12 months, hospital data protection advisers and chief information officers (CIOs) have made it clear that remote data access is possible and that there is a willingness to innovate in order to facilitate this. This is a massive step forward and the growing consensus that there is a need for a consistent approach to remote data access in healthcare presents a huge opportunity.

Hospitals and trusts proved they were able to move with the rapid pace of change too. The major breach or collapse touted by risk professionals has been kept at bay, and hospitals have become more efficient as a result.

Now is the time for big tech to support hospitals’ leap forward, and for innovative tech founders across the board to really begin to understand the needs of clinicians, and to build the apps and tools needed that liberate them from the status quo.

Better Patient Care

It’s something we have invested much time into at Feedback Medical Limited, working with a team of clinicians, data specialists and product developers to fully understand how we can best serve healthcare professionals in providing access to data and better patient care, remotely. Bleepa, our medical imaging communications platform, has helped shielding clinicians to access patient information and manage referrals without the need for face-to-face interactions.

The challenge is of course that there are huge sensitivities around patient data and the umbrella of security around it – which is far more easily managed and maintained within a fixed – and closed – network. Steps are now being taken to move away from the status quo, for example with the significant rollout of Microsoft Teams throughout much of the NHS. In addition, there are advances with the provision of mobile device management solutions, and “zero footprint” software applications that allow the safe adoption of a “bring your own device” approach. These technologies have the promise of allowing clinicians to use their own devices to access patient information, while they (and their CIOs) feel much more confident that losing a device would not create a patient data breach.

Stephen Brown, Feedback Medical Limited’s Chief Regulatory & Compliance Officer