Are medical data leaks a serious case? The answer is definitely, yes.
In light of GDPR, there must be strict rules to protect personal data and avoid third parties obtaining knowledge of the risks a person represents when signing an insurance policy or simply a job contract. Such inappropriate access to personal medical data can have major consequences on the life of the person.
Most people do not know the value their personal medical records have for external firms, solicitors or recruiters. It is indeed the most intimate part of the person, which should never be released to a non-authorized party. A person diagnosed with cancer or immunized against malaria or suffering from a specific illness should not be prevented from getting a job, taking out life insurance or buying a house.
All medical information is subject to strict confidentiality protection between healthcare professionals (doctors) and, of course, patients. GDPR – General Data Protection Regulation – is meant to force all organizations to protect privacy, including medical data.
Is medical data confidential?
The answer is yes and all communications between a doctor and his patient, all written prescriptions, radiographs or other imaging records must remain strictly confidential and cannot be reused by private or public organizations for commercial purposes or decisions.
But how to keep medical data safe?
In the old days – but still in practice today – medical data was in written format with accompanying x-rays to bring again each time you visited the doctor.
Today, the trend is for everything to be stored on servers with digital access. There are interesting applications managing all medical data owned by a patient on a single file. However, such applications must be protected against external hackers, given that the value of information stored is so high and cannot be treated as standard data.
What is the need for sharing medical data while keeping confidentiality?
While the data is confidential, it has to be shared by several individuals, which may include doctors, receptionists, the patient himself, his family and sometimes care-givers, depending on the age, mobility and brain capabilities of the patient.
To share a digital file, there is a classic login/password. Within the hospital, for example, most of the doctors or healthcare personnel know the password, which is meant to be simple to ease access to the application and be practical.
This is where the problem lies.
Do I want doctors, radiologists, receptionists to look at my confidential consultations? Yes, if I know that the access is controlled by a strong authentication process, because obviously all of them type letters and scan all sorts of notes.
But as the patient, I deserve a priority access to my own medical data, to my own personal medical history. And I want to be theonlyonetogivepermissiontoothers to see my details.
The patient must be empowered to offer access to the medical team (doctors, surgeons, radiologists, nurses, etc..) granting permission to access to his own data (scans, prescriptions, blood tests, etc..) to one person of his choice for one hour, one week or a longer period.
The patient is therefore the only one managing authorizations to access his personal data.
How to control access to my personal medical records?
Today, biometric authentication is a very powerful tool for security and privacy challenges. Keyboard dynamics on a PC or a Mac (behavioural technologies) is an advanced technology capable of identifying or authenticating a person by the way letters are punched on the keyboard. This is a very convenient method for doctors, or personnel in a hospital allowed to process personal medical data.
Other methods include allowing the patient to use a quick signature on a smartphone’s screen, or even a selfie to authenticate and get access to the data.
The 1st Global Cybersecurity Observatory spoke to Christopher Richard and Yves Chemla from United Biometrics who both said: “A key advantage of our solution is that multiple medical staff, the patient himself and his family or care-givers can have access to digital information, named the patient file, with a very strong level of privacy and protection for personal data. It is a very user-friendly way to access data through a PC, a Mac, a smartphone or a tablet while keeping all records extremely safe”.
Christopher RICHARD and Yves CHEMLA are Co-Founders of UNITED BIOMETRICS.
United Biometrics is an IBM, AIRBUS and DEDALUS Certified Partner architecting and developing a strong multi-factor authentication platform solution for Banks, Hospitals and Pharmaceuticals, Governments & Defense, Enterprises, Carriers and Internet Players losing money or service capacity caused by large cyber- attacks and intrusions.
The platform can hold millions of users and support massive traffic in real-time.