Date post: | 29-Jan-2016 |
Category: |
Documents |
Upload: | marianna-oconnor |
View: | 212 times |
Download: | 0 times |
IMPORTANCE OF DATA SECURITY IN DIGITALIZING HEALTHCARE
SYSTEMS IN AFRICAA presentation at the
Africa eHealth Summit Preparatory MeetingAt the conference hall of NICON Luxury Hotel Abuja,
(October 26 - 29, 2015)By
Kenneth OkereaforAssistant General Manager, (Network Security Division)
Information and Communications Technology Department,National Health Insurance Scheme (NHIS), NigeriaEmail:[email protected] , [email protected]
Tel: +234-802-314-8494, +234-809-814-8494
OUTLINE
INTRODUCTION
THE SENSITIVIE NATURE OF
HEALTH DATADATA
CONFIDENTIALITY, INTEGRITY AND AVAILABILITY
HEALTH-DATA SECURITY DEFINED
REVIEW OF AFRICA’S
RELIANCE ON ICT FOR
HEALTHCARE
VULNERABILITIES, THREATS,
RISK MANAGEMENT
CONCLUSIONS AND
RECOMMENDATIONS
BENEFITS OF DATA SECURITY
IN HEALTH SYSTEMS
INTRODUCTION
UHC in a digitized world: Health systems driven by computer technologies.
They process raw data into meaningful information for decision-making.
Information Systems are applied in healthcare systems to:
Preserve patients’ medical history
Manage enrollees’ health insurance programmes
Monitor demographics of disease spread
Coordinate medical trends, clinical innovations and standards.
Generate business intelligence for policy formulation
Protect healthcare policy data
THE CHALLENGE? Bridge the gap between technology capability and technology
application in order to protect health-related data.
THE SENSITIVIE NATURE OF HEALTH DATA
Protected Health Information (PHI): Clinical history, hospital visitation, medical
encounters, disease/ailment info, admission records, drug admin, etc.
Personally-Identifiable Information (PII): Personal identification attributes,
names, contact info, residential addresses, phone numbers, next-of-kin, social
security number, age, gender, height, biometric template, etc.
PHIs and PIIs in digital format are bound to life, and therefore require
Adequate protection
Controlled access
Guided disclosure
Authorized modification
Adherence to HIPAA standards
CONSEQUENCES OF LOSS OF CONFIDENTIALITY
Loss of confidence
Litigations arising from breach of trust
Fines and regulatory sanctions
Misdiagnosis
Depression
Escalated stigma and suicide attempt
Reputational damage to the medical profession
Institutional ridicule to the health industry
Avoidable fatality
Truncated health policy direction
CONSEQUENCES OF LOSS OF INTEGRITY
Unauthorized modification or manipulation of electronic
medical data, illegal deletions, malicious alterations,
unauthorized substitutions and unethical insertions.
Misdiagnosis
Medical complications
Prolonged hospitalization
Permanent disability
Altered clinical analysis
Avoidable fatality
CONSEQUENCES OF LOSS OF AVAILABILITY
Partial or total obstruction to the accessibility of
medical data by physicians and other authorized
personnel constitute a loss of availability to such
computer information systems, leading to:
Delayed medical attention
Degenerated medical condition
Possible fatality
Reputational damage
HEALTH-DATA SECURITY
DEFINED
“Health-data” security is the combined application of electronic communication networks, computer information systems, data protection policies, security standards to:
Protect the CONFIDENTIALITY of health information
Preserve the INTEGRITY of health data
Maintain unhindered AVAILABILITY of health-related data* and systems
to all persons and resources authorized to collate, manage, process, use
or regulate such data independently or as legitimate healthcare interest
group.
==================================================
* medical data and standards, clinical records and health policy information
AFRICA’S RELIANCE ON ICT FOR
HEALTHCARE
African focus is gradually shifting from traditional to ICT methods of managing and protecting health information:
Rural health centres, urban health providers, HMOs, pharmacy
shops moving away from
weak physical protection, and
Poor collation procedures
Telemedicine
Electronic Health Information Exchange (eHIE)
Mobile health insurance
Social media features
Multimedia channels
VULNERABILITIES AND THREATS TO eDATA SECURITY IN AFRICA
Poor infrastructure (telecoms, roads, electricity, etc) Misapplied ICT interventions Poor funding for ICT initiatives Underutilized ICT investments Ignorance and reluctance to leapfrog technologically Unskilled manpower, poorly-trained employees Inconsistent government policies Political instability, social injustice, corruption and
insecurity Wide-spread poverty and social exclusion Inadequate political will to collaborate globally with
NGOs, foundations & health donor agencies Overstretched “pilot” syndrome on technology
projects Issues of accessibility, affordability and sustainability.
RISK MANAGEMENT THROUGH
ICT
ICT approach to manage risks in health-related data:
Threat profiling
Vulnerability assessment
Probability of occurrence of security incident
Severity of incident on health-related data
Risk treatment plan
BENEFITS OF ADEQUATE DATA SECURITY MANAGING HEALTH
SYSTEMS1. Proliferation of technology channels2. Automated protection of patents, intellectual property
rights, trademarks, trade secrets 3. Easy accessibility of health info DB for remote
collaboration4. Easy detection of malicious modification attempts5. Seamless aggregation of data from a existing DB, eg
NMHIP6. Versatility, Health Information Management Systems
(HIMS)7. Automated discovery of duplicate entries8. Remote capabilities, e-Learning, telemedicine, medi-
research9. Business intelligence, analytics and demographics10. Improved stakeholders’ information flow and
feedback
Cyber intrusions have increased dramatically
Exposing sensitive business information, Disrupting critical operations, and Imposing high costs on organizations
Appropriate digital security of health data assures Confidentiality and privacy of health information Integrity and consistence of sensitive medical data Availability & accessibility of data to authorized personnel
Holistic approach Take advantage of existing data security systems eHealth to be an integral part of National health plan Technology collaborations at country/regional levels Private Sector involvement Supportive political climate, and Adherence to global data security standards
CONCLUSIONS AND POLICY RECOMMENDATIONS
Thank you