GDPR and The Effect on Data Security
I recently published an article on LinkedIn detailing what GDPR is, and why it will have massive effects on the audiology profession across Europe. The real issue I see is that no one seems to be talking about something that will be enforced from May, and will have a dramatic effect on how we store customer records.
Not Just Digital
When people think about data protection, they think digital. However, the GDPR covers all records that include customer information. That means your Patient record cards, your customer lists, your Patient management systems, pretty much everything.
If you are found to have breached the regulation, it will involve a pretty big fine. A fine big enough to possibly put you out of business. Any breach could also lead to legal action from a consumer which could definitely destroy your business.
I will be taking a deeper look at data security over the next few weeks and hope to answer all questions and detail the best way to secure data. For this article, I just wish to get you thinking. For instance, let’s talk about Noah.
Noah can be secured with a password and different levels of access security for different users. I wonder how many of us use a secure password? How many of us actually set up different levels of users when we need to give access to receptionist staff or hearing healthcare assistants?
When we set up backups for Noah, do we make sure they are encrypted and secure? Do we store them securely on-site or off-site? If you use cloud storage for back up of Noah, do you make sure it is a secure storage facility that is compliant with the regulations?
Are your Patient record cards secure? Do you store them securely? Who has access to them and do they need access to them? If you regularly type up and send medical reports, do you make sure that the digital records are kept securely? Do you encrypt medical reports on your machine? If you keep hard copies are they kept securely?
Destroying Old Records
After a Patient has passed away, do you destroy their records? If so, how exactly do you do it? How long should you keep them for? These are all questions we need to consider and I hope to be able to outline the answers as we move forward.