Centralised Medical Records Database - Convenient or Risky?

The Ministry of Health (MOH) recently announced plans to make it compulsory for all healthcare providers to upload patient data to the National Electronic Health Record (NEHR) system. This means that every aspect of a patient's medical history, including visits to doctors in the private sector, chronic medication, allergies and vaccination details, will be captured on a centralised database[1].

Centralised Databases can be Risky

A centralised database is more cost effective as maintenance to the central server is less expensive as compared to maintain multiple computers. With the data is stored in one database, it is easier to develop reports that show the broad range of activities. Although a centralised database is convenient, there are certain intrinsic risks that come with it. According to the 2015 Verizon Data Breach Investigations Report[2], databases are one of the most compromised assets. They are key targets of criminals as they are at the heart of any organisation and in 60% of cases, attackers were able to compromise an organisation within minutes[3]. This is especially relevant for the healthcare sector as the records consist not just the patients’ insurance details, which can be used for fraudulent billing and prescriptions, but also driver's license and credit card numbers.

How You Can Minimise the Risks

A centralised database typically operates on a main hub which all the different nodes are connected to. We can help minimise the risk of a data breach by keeping track of who can access it. Employees who want to access the database must be an authorised individual. It is also important for organisations who use centralised databases to securely dispose of any unused physical documents or backups through methods such as secure shredding and professional document destruction services. Implementing a Shred-it All policy can go a long way to help curb data breaches.

Is there a Need to Keep Paper Records?

Still, there are some circumstances where keeping paper records can be beneficial for businesses:

• Laws, regulations and industry standards that require hard-copy for specific functions or content.
• Existing contracts that require maintaining and/or providing hard-copy records to external stakeholders. 
• Expectations of key stakeholders to retain physical documentation.
• Situations in which it is more cost-effective to maintain existing paper records rather than to digitise them and destroy the source documents. 

Overall, both physical and digital records can pose a security risk to businesses, if they are not well-equipped to implement the necessary procedures to safeguard the data. Irresponsible employees and perpetrators can compromise or steal valuable information or manipulate data for illegal activities. The typical process surrounding sensitive or personal data for organisations consist of risk management, compliance and audit functions.

 Common-sense measures can also contribute to a more secure working environment, such as:

• A clean desk policy
• The appointment of a data security officer and
• Regular data security training for all staff.

 Start Protecting Your Business

To learn more about how Shred-it can protect your documents and hard-drives, please contact us for a free quote and security risk assessment.

 

[1]The Straits Times. 2018. Greater protection of patient data when national electronic medical records become mandatory. [ONLINE] Available at: http://www.straitstimes.com/singaporean/health/greater-protection-of-patient-data-when-national-electronic-medical-records-become?login=true. [Accessed 31 January 2018].

[2]Verizon Enterprise. 2015. 2015 Data Breach Investigations Report. [ONLINE] Available at: http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigation-report_2015_en_ex.pdf. [Accessed 31 January 2018]

[3]Verizon Enterprise. 2015. 2015 Data Breach Investigations Report. [ONLINE] Available at: http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigation-report_2015_en_ex.pdf. [Accessed 31 January 2018]