Data protection in the healthcare sector: regaining UK patients’ trust
There’s always been an element of trust needed between the healthcare industry and patients – the trust that the right care will be given and that there will be confidentiality between both parties, which is of course underpinned by the patient-doctor relationship.
Recent cyber attacks, such as WannaCry, means this trust must now extend far beyond just patient and doctor – the whole organisation has to earn it too.
To understand how best to gain – and retain – their trust, Atos surveyed over 3,000 British citizens to understand their attitudes to cyber crime and what they expect from organisations when it comes to keeping their data safe.
Over a third (36%) of the people surveyed stated they value their medical details the most. That’s unsurprising – our medical history is amongst our most sensitive personal information, aspects of which many of us would divulge only to a highly trusted GP or medical professional.
It’s alarming then that when asked which organisations are most able to protect themselves from a cyber attack, 52% of citizens ranked healthcare as high risk (over 7 out of ten). Clearly, the health sector has a huge job to do if it is to regain its patients’ trust and demonstrate that it has the appropriate security protocols in place to protect their medical data.
The priority must be finding ways to reassure patients; and the stakes are high. If diminishing trust in situations involving private medical information means that patients are growing reluctant to share their full details, the risk goes way beyond a damaged doctor-patient relationship – it could affect the accuracy of diagnoses too.
This is true of several apps that have faced adoption issues because of data concerns – both within the healthcare and private sector. Despite citizens clearly seeing the benefit to new technologies such as wearables, trust quickly diminishes when data is not used or stored as expected.
Digitisation in the health sector
When faced with a mounting threat from increasingly sophisticated criminals, this is no easy task. Digital transformation in the sector is a huge factor, with paperless systems becoming widely adopted by organisations looking to benefit from easier access and exchange of patient information to increase efficiently.
But if you look beyond this it’s also about being able to provide a level of service they have come to expect from private companies. This might include instant access to their personal records, or being able to book an appointment and see a virtual doctor through an app.
This is a double-edged sword, with the increase in the level of patient data being stored online making health services a more vulnerable, and more appealing, target to potential hackers.
Patients too are wising up to the implications of having more and more of their information digitised and the risks posed by this. Half of the people we spoke to said that they expect healthcare organisations to have data encryption in place, and more than one third would expect to come across PIN managers when divulging their personal information.
These may only be small steps in ensuring healthcare organisations have the level of resilience required to face up to future cyber security threats to the sector, but they are important ones. Our research shows that citizens are willing to sacrifice some level of user experience, such as a speed of services (66%) and complexity of the login process (59%) for a more secure service.
It’s important that health services are putting systems in place to provide that all-important peace of mind – that the sector can protect not only our physical health, but our personal information, too.
To read more from our report, including citizens’ take on the threats faced by other private and public sector organisations, head here: atos.net/cyber-research-uk