Achieving digital health transformation through the creation of a fully interoperable data ecosystem is nirvana for health systems around the world.
Revolution in New Zealand HealthCare System:
In particular, as part of the recently announced reforms to the New Zealand fitness system, Health NZ will ensure fitness services will be integrated and linked so that consumers can find it easier to access different parts of the system, and not have to share their information numerous times. But with a fully integrated and interoperable healthcare system comes a crucial component: data sharing. It’s impossible to achieve the kind of ideal we envisage without provision for data sharing.
Privacy of patients:
When you believe that your doctor isn’t going to share anything about your health, illnesses or personal habits with others, you’re more likely to be completely honest. And that’s really important for the effective treatment of whatever illness or injury you have. The more details you provide to your doctors, the more they’ll be able to figure out what’s going on and help you get better.
Some diseases have stigmas attached to them that could make people think less of you. For example, back in the 1980s, many people who had symptoms of HIV and AIDS were afraid of being found out. They didn’t go to their doctors until it was too late. Because you know your health records are private, you’re probably more likely to seek treatment –for whatever you have.
As unfair as it sounds, some people will judge you by a condition or illness. Patient confidentiality makes sure that their ignorance can’t harm you. Whether it’s an employer, insurer, friend or family member, you should be the one to decide who knows what about your medical history.
The Office of the Privacy Commissioner (OPC) recently published their first four months of results since it became mandatory to report serious breaches in December 2020. The fitness care and social sector tops the list for the highest number of serious privacy breaches since that date.
Risk involved in data sharing:
Interoperability = data sharing + privacy and security. However, with data sharing comes the profound responsibility for protecting the detailed personal fitness information of thousands, if not millions, of patients. Whilst it’s likely this is the case because the industry understands its obligation to protect precious patient information and report any breaches, an article published in The Lancet last year revealed that there is significant public concern regarding the risks involved in data sharing. In particular, when, why and how health data are shared in the context of data sharing for contact tracing and vaccination roll out during the COVID-19 pandemic. The problem is the risks posed by data sharing
Major concerns during the pandemic:
The COVID-19 public well being emergency has undeniably demonstrated the value in data sharing – arguably, New Zealand owes its globally lauded pandemic response to the rapid collection, analysis, modelling and reporting of fitness data; reporting that our own data science team has contributed to. Such a swift and effective public health response simply could not be achieved without data sharing of the highest security and privacy.
Orion health director:
Orion Health Director of Research and CEO of Precision Driven Health, Dr Kevin Ross, has written about the importance of collecting and sharing good quality health data, arguing that the risk to privacy is a legitimate concern, but that it shouldn’t preclude us from pursuing this ideal: “Asking our fitness providers to act without good data is like telling someone not to wear glasses because they could get broken. It lowers the quality of care they can offer and allows pre-existing problems to worsen.” Dr Kevin Ross, Director of Research, Orion Health
Robust privacy measures
The solution to this problem is, of course, robust and rigorous privacy and security measures. Orion Health products, solutions and services are trusted, and comply with the regional privacy laws of countries in which we operate, such as the GDPR in Europe and HIPAA in the US. Our Privacy Principles ensure our products, solutions and services are developed and built around these standards, which means they are private and secure by design. For example, this type of advanced privacy implementation provides granular access to information based on user roles and the sensitivity of the data. Functionality like this means that the risk of precious health data being accessible to anyone except those who truly need it is hugely reduced.
The need for robust data protection:
Data protection is indeed important in all businesses but especially so in primary care settings where a range of sensitive, confidential information is commonly handled.
If personal data is not properly used and adequately protected by an organization, it may find itself facing legal action and subject to a fine for contravention of the Data Protection Act 1998. Misuse of personal data or personal data loss is not only a breach of data protection law but can also be very damaging to the reputation of an organization and distressing to those who have had their data lost or misused. In modern society, people are very aware of the dangers of “identity theft” or fraud and have a right to expect that any data held about them is protected and held securely.
There is a whole range of policies, procedures and precautions that a general practice will want to consider and put into place when working to safeguard data and information. These should all comply with the Data Protection Act 1998, which sets standards governing the storage and processing of personal data held in manual records and on computers. Practices will also need to comply with the Caldicott principles on patient confidentiality, which were developed to provide guidance on the appropriate use and transfer of patient-identifiable information between NHS organisations and between the NHS and non-NHS bodies.
The core purpose of the Data Protection Act 1998 is to protect people’s privacy by preventing unauthorized or inappropriate use of “personal data”.
Common actions to improve data security include the following.
- Apply the Data Protection Code carefully. Only store personal information about patients when it is absolutely necessary and never store it on unsecured computer networks or machines that are not password protected.
- Identify a named person with responsibility for ensuring procedural compliance with all data protection matters.
- Ensure all staff processing information understand their responsibilities and include a duty of confidentiality in all staff employment contracts.
- Limit access to patients’ computerized medical data by using a hierarchy of passwords to ensure each member of staff only has access to the information they need to do their job.