Innovation and changeDigital TransformationNHS data sharing – creating the frameworks for better patient care

NHS data sharing – creating the frameworks for better patient care

Paul Parker, Chief Technologist, Federal and National Government at SolarWinds, discusses why infrastructure strategy and security is vital to effective data sharing in the NHS

In June 2018, NHS Digital agreed to share data with the Private Healthcare Information Network (PHIN), in a new project named the Acute Data Alignment Programme. This is a great opportunity for the two to work together more seamlessly, as well as providing better care for patients. However, succeeding with data sharing – without opening up the healthcare system’s network to unnecessary risks – can be supported by a close look at infrastructure strategy and security, which can help plans progress as smoothly as possible.

Not to put too fine a point on it, but NHS data sharing isn’t just a case of sending a few files over emails or updating a file-sharing platform with new records. It requires sophisticated infrastructure, which can be monitored for performance, legal compliance, and comprehensive security.

Network management and performance

To date, PHIN and NHS Digital have worked on separate approaches to data – storing and managing it in the way that best suits their business approaches. However, if the two are to begin collaborating and sharing data, it’s advisable they find a common method to enable this. Given that data is being actively used to help save lives, it needs to be accessible by the right people in a timely manner. That means the system always needs to work efficiently, including functions like resiliency and redundancy.

Ensuring this becomes particularly challenging, considering 58% of public sector respondents surveyed in the recent SolarWinds IT Trends Report 2018 said that their IT systems are not performing at optimum levels. This is something that IT teams may wish to consider when trying to deliver the best possible care to patients.

Compliance

Once the infrastructure is up and running, it would be beneficial for the NHS and PHIN to track who accesses data, from where, and what changes are being made. Even more importantly, with patients able to opt out of their data being used in certain ways, healthcare organisations may need to put measures in place to ensure access is appropriately limited.

In the post-GDPR landscape, it has never been more important for healthcare to prove that it’s treating sensitive personal information with the due diligence and care required. This means ensuring that only approved persons can access required information, and that every transaction is tracked.

By centrally keeping track of and recording these events, healthcare services are in the best possible position for compliance—with clear records of access requests, and all activity—be it routine, erroneous, or, in a worst-case scenario, malicious.

Endpoint security and patch management

All the network efficiency and compliance monitoring in the world could be implemented in vain if the endpoint access of shared information isn’t secured. This comes down to two key areas:

  1. Keeping systems up-to-date and protected

WannaCry, one of the most infamous cyber-attacks in the public sector, was made possible by vulnerabilities in older versions of the Windows® operating system. With a more comprehensive patch management approach, there is a good chance that the attack would have been far less severe. As healthcare professionals look to combine and share more data, it will be potentially even more important to ensure that all systems connected to that data are as up-to-date and protected as possible, which means that central oversight of the current operating environments, and patch updates deployed, can be critical. Remember that a patch management strategy doesn’t mean simply deploying the latest patch as soon as it’s released. It’s far more complex and needs to be given proper due diligence.

On a more basic level, being able to monitor from one central dashboard with computers that have appropriate anti-virus/anti-malware software and firewall controls active can be invaluable in protecting systems as healthcare professionals get access to more data.

  1. Preventing human error

According to the Information Commissioner’s Office, four out of five data breaches can be attributed to human error. This is a huge challenge for healthcare IT professionals, and a call to arms. More people require more access to more information than ever, and this alone opens up greater potential for human error.

The good news is that, with centralised visibility and control, these risks can be mitigated. With proper network controls in place, IT teams can manage which systems or parties are accessing sensitive information, and prevent connections from networks that could expose the data platform to unnecessary risks.

There’s also the risk of people inadvertently sharing data from the secure network more broadly, through private correspondences or alternative storage environments. Healthcare IT teams can look to minimise the risks of this by taking simple steps, such as disabling access to printing or mass storage devices and tracking all file downloads and distributions within approved networks.

With these considerations in place, healthcare IT professionals can be better equipped to enable the move to more data sharing. With a centrally-managed and -monitored network, compliance reporting tools, and security protocols in place, IT teams can play a key role in alleviating data sharing concerns, and maximising the potential healthcare benefits for individuals.

Related Articles

Cyber security is about much more than technology

Cyber Security Cyber security is about much more than technology

22h Austin Clark
Five questions you need to ask about your capture workflow

Data and security Five questions you need to ask about your capture workflow

1d Austin Clark
Councils ‘need to do more to unlock full potential of data’

Data and security Councils ‘need to do more to unlock full potential of data’

5d Austin Clark
New board for Centre for Data Ethics and Innovation

Data and security New board for Centre for Data Ethics and Innovation

3w Austin Clark
Q&A: How cyber security is changing in the public sector

Cyber Security Q&A: How cyber security is changing in the public sector

1m Austin Clark
NCSC defends UK from more than 10 cyber attacks a week

Cyber Security NCSC defends UK from more than 10 cyber attacks a week

2m Austin Clark
Is it time the UK public sector adopted self-sovereign identity?

Data and security Is it time the UK public sector adopted self-sovereign identity?

2m Austin Clark
GDS clarifies private sector access to GOV.UK Verify

Cyber Security GDS clarifies private sector access to GOV.UK Verify

2m Austin Clark