<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">
    Login
    Get started

    6 ways to protect health data under GDPR

    Published on 27 Dec 2017 by Lynne Callister

    health data under GDPR

    Healthcare providers have been advised to strengthen their data protection controls before GDPR, following a series of breaches.

    Earlier this year, it was revealed that there were 9 data protection breaches involving Ipswich Hospital referred to the ICO over a 3-year period, with 5 instances of staff unlawfully accessing personal information.

    At least 4 members of staff were dismissed, with 3 facing disciplinary action. Other breaches included a letter being sent to the wrong patient, theft and a loss of records, and patient handover sheets being taken outside the hospital.

    According to the ICO's 2016/7 statistics, 41% of reported breaches are from the health sector - partly due to mandatory reporting.

    Tips to help strengthen existing controls in relation to health data under GDPR:

    1. Raise awareness of what is covered - make sure everyone is clear about what constitutes sensitive personal data (or special categories of personal data under GDPR). The definition is broad under GDPR and includes past, present and future physical or mental health, information from testing or examination of a body part or bodily substance, genetic and biological samples, information on diseases or risk, disability, medical history, clinical treatment, and so on.
    2. Remind everyone of the need for privacy - personal information cannot be shared or accessed byhealth data under GDPR anyone for any reason.
    3. Conduct a Data Protection or Privacy Impact Assessment - as we are all obliged to do whenever there are high risks to the rights or freedoms of data subjects. Remember, individual consent may not be enough and you may also need processing to be sanctioned by the data protection authority where risks are high.
    4. Only share information on a 'need to know' basis - if access is required to enable them to do their job. If additional access is required to information, this should be re-evaluated to establish the business case.
    5. Take extra care when sharing health data with third parties - make appropriate disclosures and get explicit consent in advance so data subjects understand who else will see their information and for what purpose. Decide how this information will be communicated.
    6. Ensure special categories of data are always adequately protected - use extra security measures (such as encryption) when sending information electronically.

    Want to know more about GDPR?

    As well as 30+ free compliance training aids, we regularly publish informative GDPR blogs. And, if you're looking for a training solution, why not visit our GDPR course library.

    If you've any further questions or concerns about GDPR, just leave us a comment below this blog. We are happy to help!

    Leave a comment

    Tick

    Free Trial: Compliance Essentials

    Skillcast Essentials is our best-selling library and there's a reason for that. Essentials library provides comprehensive coverage of the key compliance / conduct issues that companies in the UK face today.

    Request now

    The Biggest Financial Crime Fines

    Monetary fines are the most common punishment for financial crimes. They serve as a powerful tool for encouraging companies to apply best practices to ensure 100% compliance. Yet, despite all the ...

    Read More
    What are the Best Workplace Learning Theories?

    Learning theories have been developing for decades, each has their own merits. We look at six of the most well established theories to explain how you can use them to improve outcomes. When designing ...

    Read More
    Biggest GDPR Fines of 2019

    Penalties for breaching the GDPR can reach up to €20 million or 4% of annual global turnover, whichever is highest. We examine the size and reasons for the biggest GDPR fines of 2019. Ever since ...

    Read More
    Highest FCA Fines of 2019

    The FCA issued a record total of £392 million in fines in 2019. In fact, the two largest fines in 2019 were larger than the 2018 totals. We've analysed they key corporate and individual fines in ...

    Read More