Top areas of healthcare impacted by GDPR
“Almost everyone will see some impact from GDPR.Rather than focussin...
1. Can you outline your top 3 areas of healthcare that will be impacted by GDPR?
“Almost everyone will see some impact from GDPR.Rather than focussing on types of healthcare, I have chosen three types of data to emphasise how wide-ranging it will be and that it is something which every organisation will need to consider.First is obviously patient data.This can be sensitive information about health, and it is important that it is handled appropriately.Second is employee data – even businesses who aren’t consumer facing are likely to handle sensitive information about their employees, such as sickness records.Employees also expect their financial information to be held securely.Finally, there is data about other contacts – including business contacts, such as suppliers.A lot of people ignore this when thinking about personal data and, although there tends to be a more flexible approach to how this is used due to the lower expectation of privacy, there are still data protection implications to consider.”
2. Does GDPR have the potential to really transform customer relationships and start to do things properly in terms of personalisation and being proactive with customers?
“A lot of people talk about consent and choice when they talk about GDPR. It’s important to remember that consent is only one of the reasons you can use to legitimise processing data, but it’s definitely important.Where you are able to, give choices and act on them. It can empower the customer and make them feel like they have a say in how their data is used.Giving customers control can help to shape relationships in a positive way.
Some of the new data subject rights also help customers feel in control – for example, they have stronger rights to stop how their data is to be used if they change their mind about consent. Of course, choice isn’t always appropriate and, in some situations, you can use data without consent, in the same way as under the current law.But you can still build the customer relationship by being clear about what you use data for and why you do it. The GDPR has much stronger transparency obligations.Demonstrating that you have thought about how you use data and have put appropriate protection in place can definitely help, even where the customer has no choice.”
3. Will a set of Europe-wide data rights change patient attitudes towards sharing their personal data?
“Patients can be reluctant to share their data if they are unclear how it will be used and who will have access to it.A lack of transparency can make people suspicious and too many organisations have historically hidden things away in small print, leading to distrust.There have also been concerns around security.Being transparent by providing clear, understandable and relevant information can help to build a more open, trusting relationship.It is also useful to demonstrate that you have robust security and governance in place as these have historically been concerns about data sharing arrangements.”
- BenevolentAI secures $2bn valuation after raising $115mn in funding
- What blockchain products are operating within the healthcare sector?
- Novartis invests $100mn to research and develop next-generation antimalarials
4. Will the internal changes healthcare organisations need to make to comply with GDPR lead to them becoming better at the collection and analysis of their data?
“Preparing for GDPR involves having a good look at what data you collect and why you use it. This is likely to identify things you can do better – for example if you give appropriate information and obtain necessary consents when the data is collected this can enable you to use the data more widely at a later stage. It can also help identify data which you don’t actually use and no longer need to store, or where you hold multiple overlapping datasets which would be more powerful if they were combined into a single database. It is increasingly important to look at data as an asset – an asset which you need to use in accordance with the law, but which can bring value to your organisation if you do so correctly.”
5. How will GDPR fit into the wider global delivery of healthcare services? A barrier or an advantage?
“There is a lot of scaremongering about GDPR but at its heart, GDPR is about using data responsibly with good information management and governance structures, and giving individuals choices where appropriate. Doing this can definitely bring benefits to an organisation, and my view is that GDPR shouldn’t be seen just as compliance red tape and an additional burden, but as a framework for using data responsibly.”
6. Can technology help healthcare organisations meet their responsibilities under GDPR?
“Technology is definitely part of the solution and there are an increasing number of products on the market which will help with GDPR compliance, but it’s important to remember that GDPR is not just a technology issue. There is a lot of work to do around governance, checking there is a legal basis for processing, and putting appropriate contracts in place with third parties who have access to data and training. None of this can be done by technology alone. Getting GDPR compliance right involves a cultural change throughout an organisation to give data about individuals the respect it deserves. Relying too much on technology can detract from the human element which you also need to get right.”
Helen Goldthorpe is an associate solicitor at leading law firm Shulmans LLP. She has particular expertise in data protection, commercial contracts, intellectual property and technology.
Check Point: Securing the future of enterprise IT
Cybersecurity solutions provider Check Point was founded in 1993 with a mission to secure ‘everything,’ and that includes the cloud. Conscious that nothing remains static in the digital world, the company prides itself on an ability to integrate new technology with its solutions. Across almost three decades in operation, Check Point, with its team of over 3,500 experts, has become adept at protecting networks, endpoints, mobile, IoT, and cloud.
“The pandemic has been somewhat of an accelerator in the evolution of cyber risk,” explains Erez Yarkoni, Global VP for Cloud Business. “We had remote workers and cloud adoption a long time beforehand, but now the volume and surface area is far greater.” Formerly a CIO for several big-name telcos before joining Check Point in 2019, Yarkoni considers the cloud to be “part of [his] heritage” and one of modern IT’s most valuable tools.
Check Point has three important ‘product families’, Quantum, CloudGuard, and Harmony, with each one providing another layer of holistic IT protection:
- Quantum: secures enterprise networks from sophisticated cyber attacks
- CloudGuard: acts as a scalable and unified cloud-native security platform for the protection of any cloud
- Harmony: protects remote users and devices from cyber threats that might compromise organisational data
However, more than just providing security, Yarkoni emphasises the need for software to be proactive and minimise the possibility of threats in the first instance. This is something Check Point assuredly delivers, “the industry recognises that preventing, not just detecting, is crucial. Check Point has one platform that gives customers the end-to-end cover they need; they don't have to go anywhere else. That level of threat prevention capability is core to our DNA and across all three product lines.”
In many ways, Check Point’s solutions’ capabilities have actually converged to meet the exact working requirements of contemporary enterprise IT. As more companies embark on their own digital transformation journeys in the wake of COVID-19, the inevitability of unforeseen threats increases, which also makes forming security-based partnerships essential. Healthcare of Ontario Pension Plan (HOOPP) sought out Check Point for this very reason when it was in the process of selecting Microsoft Azure as its cloud provider. “Let's be clear: Azure is a secure cloud, but when you operate in a cloud you need several layers of security and governance to prevent mistakes from becoming risks,” Yarkoni clarifies.
The partnership is a distinctly three-way split, with each bringing its own core expertise and competencies. More than that, Check Point, HOOPP and Microsoft are all invested in deepening their understanding of each other at an engineering and developmental level. “Both of our organisations (Check Point and Microsoft) are customer-obsessed: we look at the problem from the eyes of the customer and ask, ‘Are we creating value?’” That kind of focus is proving to be invaluable in the digital era, when the challenges and threats of tomorrow remain unpredictable. In this climate, only the best protected will survive and Check Point is standing by, ready to help.
“HOOPP is an amazing organisation,” concludes Yarkoni. “For us to be successful with a customer and be selected as a partner is actually a badge of honor. It says, ‘We passed a very intense and in-depth inspection by very smart people,’ and for me that’s the best thing about working with organisations like HOOPP.”