PA Consulting Group devises 3-point strategy to ensure medical records, patient data remain secure
Abu Dhabi, UAE, 26 October 2015: As the Middle East healthcare sector embraces technology and advances in electronic services like never before, a leading healthcare technology expert has created a three-point plan to ensure GCC providers keep medical data safe.
Joe Hawayek, a digital business expert at PA Consulting Group, says there has been a marked increase in the use of digital information across the Gulf’s hospitals, primary care units and research laboratories. Healthcare providers are investing heavily in integrated systems that capture, manage and store information such as treatments, images, lab results and prescriptions.
As such, large volumes of health and patient reported data are now available, bringing huge amount of risk when it comes to patient confidentiality, cyber security threats and a demand from activists and investors for more transparency in the pharmaceutical industry.
“Doctors and patients now communicate through more digital channels than ever before,” said Hawayek. “As an example, Dubai Hospital encourages chronic care patients to book their appointments online, and the Dubai Health Authority has been exceptional in providing a number of digital services in line with the Smart Government initiative.
“These improvements in how we store and hold patient data should be welcomed by the industry, but have resulted in concerns over the misuse of such information.”
A three-point strategy plan has been devised by PA Consulting Group at the company’s Abu Dhabi office specifically for healthcare providers in the GCC.
These are:
- Establish policies: the regulation for handling health data lags behind other sectors due to the rate upon which digital technologies were adopted. Healthcare providers can start to derive policies from existing international regulations to maintain privacy and security of individually identifiable health data. GCC providers should define how consent to process health data should be obtained.
- Build operational capability: record the least amount of information necessary and provide information only to authorised personnel. Transfer data securely and provide transparency around who has access to it. Hire skilled staff in health informatics and information security and increase awareness of security threats to clinical and non-clinical staff.
- Invest in enabling technologies: set technology standards for confidentiality, integrity and availability of health data. Secure existing technology devises and platforms, such as remote access, wearables and social media. Protect potential data loss by implementing resilience processes and systems.
“Now is the time to adopt these policies,” Hawayek added. “The GCC has witnessed a surge in wearable technology and the number of devices in the region is forecasted to grow to 8 million by 2018 – which means more health data is now available for analysis on websites and apps.
“Mandatory health insurance across the GCC has also forced healthcare providers to increase the amount of recorded and transmitted information on their patients and treatment plans. Health researchers see this data as crucial to offer insights into patient needs, behaviours and experiences and when data is this valuable, it’s at a high risk.”
PA Consulting Group has successfully delivered more than 150 projects in 13 Middle Eastern countries, across sectors including healthcare, financial services, transport, energy, government, defence and security, education and manufacturing.