Patient privacy and data security: New challenges for health
by Ángel Pablo Barrera, July 10, 2019
The increase in the use of new technology in the healthcare field has brought with it an important development in the collection, organization, and analysis of a lot of data (Big Data) about patients and their diseases. In fact, according to the IDC (International Data Corporation), the amount of data in the healthcare environment is anticipated to increase 36% annually between now and 2025. Currently, the potential of these data is one of the keys to advances in the treatment of disease, as the analysis and use of the data will allow for the increase in personalized medicine, along with the prevention, prediction, and generation of evidence based on the Real World Data, which is very useful for research and patient improvement. In addition, all of that is impacting the reduction of costs in the healthcare system in a direct way.
Nonetheless, as often happens with the use of new technologies, this generates an important concern related to the protection and security of personal data, along with their access. According to a study carried out by the European Commission, 69% of Europeans are worried about the use that is made of their personal data, as the information is often used for a purpose that is different from that for which it was collected. This concern especially increases when related to patient data (data about their physical-mental situation and clinical history), due to the social and healthcare implications.
The General Data Protection Regulation (GDPR) became applicable in 2018 in the European Union in response to this concern. The GDPR establishes the requirement to implement security processes to guarantee confidentiality based on the risk level of the particular treatment of the data. This risk analysis is key regarding health data, due to the particular sensitivity of those data. The regulation requires that healthcare organizations must obtain data with the informed consent of the patient, in addition to informing the patient about the use that will be made of the data. The statement to the patient must be accurate and the use must be justified. Noncompliance with this regulation carries high penalties that can reach 20 million euros. Because of the existence of these risks, the implementation of policies and measures that respect patient privacy is crucial for any healthcare institution.
As a result, at Persei vivarium data security and privacy is part of our DNA, as one of the primary values of our company. Our platforms and systems gather healthcare data generating quality data collections on an unprecedented geographical scale. Throughout this process, the treatment of the information fulfills all the requirements for security and privacy. This is reflected in our ISO 27001 certification for information security, which we renew annually, and which certifies our code of good practices with the international quality standard.
In conclusion, new technologies and information systems that compile and structure data have enormous potential, especially in healthcare and social environments. However, as often happens, technological advances take place so quickly that good habits in their usage are slower to develop. Therefore, it is necessary to continue making advances in regulation and education as well, for both healthcare stakeholders and Digital Health companies, regarding the importance of clinical data security and privacy.
Ángel Pablo Barrera