Healthcare Data Handling is No Child’s Play
If 2020 belonged to SARS-CoV-2 or the arguably lifeless novel coronavirus and COVID-19 illness, the year of 2021 is dedicated to vaccines and the permanent positive change that they can usher in. To say that both these topics are the talk of the town is a definitive understatement. [It is as if, there is something wrong with a person who may not mention one of these topics in a typical conversation, or so the perception goes]. Fortunately (or unfortunately), another talking point for 2021 can be healthcare information: the security, ownership and ethics of the same.
These days, in countries near and far (whatever that does mean in the digital age), in first world nations and third world nations, people, a majority of them, are struggling hard to stay away from contracting the COVID-19 illness. This in itself is no easy task despite one religiously practising the habits of putting a mask on in public, resorting to hand-washing and that too continually, apart from maintaining physical distancing.
You can still catch the illness, only that its likelihood is minimised.
No wonder, public places, open, are demanding your health related information and sometimes with no protocols in place. Take the case of several educational institutions that are now open. In South Asia, there is no restriction whatsoever in capturing a vital piece of personal data of a person visiting a public place, office or institution. A person, (hopefully) authorised can capture your body temperature with a thermal scanner and store that information, if required. Arguably, no one minds.
In some cases, workplaces and gyms make it mandatory to get hold of your personal and health status data. And with the vaccination efforts on, your trainer at the gym who may be helping you with weights and dumbbells would also start asking you whether you have received your share of the vaccine shot or not.
The question mark is not on data imparting or sharing, but whether that same data is properly saved/ stored and accessed in line with privacy laws and laws of the land.
They have wider, ethics and insurance implications too.
From an enterprise point of view, while a healthcare data leak is the last thing anyone wants, just wishing this away, the thought that nothing can go wrong at this end may be least helpful and can even create issues in the long run with detrimental effects.
There are three aspects to this:
- Data ownership: The ownership of the data rests with the person from whose persona the data originates. A person, for instance, (named Johny or Sally) can be scanned for temperature data subject to the person’s consent or willingness or as per the explicit or implicit understanding of the arrangement at the place. (‘If you need access to the gym, you must be willing to share your body temperature data’). But under no circumstances, should the relevant data be seen divested from the person or treated as such.
At NanoSoft, we handle chunks of proprietary information of multiple industry players for multiple ends. With vetted, well-established and well-evolved protocols in place, data ownership is heavily guarded as per industry standards.
- Data security: We feel that, when it comes to data privacy and security, be it any sector; healthcare or others, the use cases must thoroughly be studied and provisions be built in at the points of interaction or transfer, to secure the data by all means and under all circumstances. This is not as easy as it sounds. And the legal implications of not adhering to the tenets can be disastrous to say the least. Obviously, you cannot have data privacy without data security. And hackers and people with malicious intent always try to subvert the established systems in place to take advantage of the stored data.
NanoSoft has invested heavily in data protection and security so that not even a bit of data is compromised. Needless to say, laws of the land are strictly adhered to. From multi-factor authentication, to data access on a need-to-know basis (only designated people having access to designated data) we maintain and review the protocols in place periodically.
- Ethics: The ethics of data privacy go all the way to deep-seated company culture as well as its adherence to compliance requirements and norms.
NanoSoft is well-placed both ways to rise up to the needs, internal and external. This also involves training and education, and that responsibility too is borne by us.