Data Security in Healthcare Facilities
Traditionally, people argue that cost reduction is the most challenging factor facing healthcare facilities in the UK. However, over the past couple of years, a growing threat is in protecting patient information, and it is becoming more important and challenging. In order to safeguard healthcare information, a solid information security strategy and plan should be in place.
A good information security service will ensure that sensitive data about patients and staff alike is inventoried and monitored well. The use of third party software such as EMIS or SystmOne are a place where most practices start. Having all patient information available in one place, and not subject to misplacing patient folders is a great place to start, and has a proven track record. Dictation and transcription providers have started to notice too, and have become integrated with third party systems to create a seamless efficient service.
Commercial Contractor Risks
A big concern for GPs is that commercial contractors do not care what happens with patient’s information once the contract ends which saw an IT system in October 2018 leave patients’ health records out of date and incorrect medications to be on patient files when two different Third Party systems caused conflicting data to be recorded.
Levels of encryption for emails and file transfer for internal and external data should adhere to the NHS Good Practice Guide 2017, where they recommend AES 128 or 256 algorithms for TLS or SSL methods (SSL succeeding TLS), which is hard to monitor and get assurances from Third Party systems and should be something that most procurement staff should be aware of when enquiring regarding working with Third Parties.
In regard to transcription, the issues surrounding outsourcing can be varied. The largest issue you will find is that the lion’s share of transcription companies outsource their dictation overseas, meaning that your data could be going to any number of unsecure computers or locations with no knowledge of what is happening to your patient’s data.
Accuro’s Medical Transcription Security
Accuro are experts when it comes to keeping customers’ data secure. We are proud to be one of the only transcription companies who are entirely UK based, ISO27001 accredited and GDPR compliant. Information security is our number one priority and we have 20 years’ experience in handling sensitive data on behalf of the NHS. We have developed an industry-leading infrastructure, software and standard operating procedures to ensure customer data is managed securely throughout the entire transcription process.
Our automatic 45-day data retention policy means that we delete transcripts and dictations alike after 45 days. After this period, we only keep the name of the dictation for our auditing purposes, ensuring no patient data is stored for longer than we should need it. All transfer of dictations and transcripts are done via 256-bit SSL encryption ensuring data integrity and abiding to the highest standard set out by the NHS.
If you’d like more information, or if you’re interested in hearing more regarding Accuro’s security policies, you can reach us on 01565 748000 or at firstname.lastname@example.org. We’re always happy to help!