Patients to get more control over their data – IEEE cybersecurity expert comments on the need for visibility and accountability
Patients in England will get "greater control" over their health and care data under new proposals. People will be able to access their medical records from different parts of the health system through different applications. This route will supposedly improve overall care and make data more secure. This follows the announcement of a two month delay to plans to create a central digital database from GP records in England. Critics have urged that data could be misused and the plan has not been properly explained.
Kevin Curran, IEEE senior member and professor of cybersecurity at the University of Ulster believes there should be greater visibility and accountability with regards to the use of our healthcare data:
“Whilst this is a step in the right direction, moving health records online will naturally raise some concerns. Any systems which provide externally facing data must be robust in their authentication mechanisms and have protections in place to limit the security risks of web-based applications. The move to an online an app does seem like a natural progression, however there is a difference between having computerised records within our healthcare IT infrastructure and having those records reside on a public facing server. Having records inhouse limits the range and type of access – its far more difficult for remote hackers.
“There are techniques that healthcare organisations can use to reduce the risk of future data breaches. One way is to make it ‘opt in’, so patients have the choice to decide whether their medical information is moved to a public facing service so that they can access it. However, those who do not opt in or download the app instead should have their records hosted in a non-public-facing cloud service. This way, if a data breach does occur, those who never used the app, or not wanted to, will not have had their details released.
“Developing a secure and robust web application is incredibly hard. Of course, the teams involved in this transformation will be aiming to deliver a secure and reliable service, of that there can be no question. However, the cyber security strategy will need to be extensive.”