IMPORTANCE OF DATA SECURITY IN DIGITALIZING HEALTHCARE

SYSTEMS IN AFRICAA presentation at the

Africa eHealth Summit Preparatory MeetingAt the conference hall of NICON Luxury Hotel Abuja,

(October 26 - 29, 2015)By

Kenneth OkereaforAssistant General Manager, (Network Security Division)

Information and Communications Technology Department,National Health Insurance Scheme (NHIS), NigeriaEmail:kokereafor@nhis.gov.ng , nitelken@yahoo.com

  Tel: +234-802-314-8494, +234-809-814-8494

OUTLINE

INTRODUCTION

THE SENSITIVIE NATURE OF

HEALTH DATADATA

CONFIDENTIALITY, INTEGRITY AND AVAILABILITY

HEALTH-DATA SECURITY DEFINED

REVIEW OF AFRICA’S

RELIANCE ON ICT FOR

HEALTHCARE

VULNERABILITIES, THREATS,

RISK MANAGEMENT

CONCLUSIONS AND

RECOMMENDATIONS

BENEFITS OF DATA SECURITY

IN HEALTH SYSTEMS

INTRODUCTION

UHC in a digitized world: Health systems driven by computer technologies.

They process raw data into meaningful information for decision-making.

Information Systems are applied in healthcare systems to:

Preserve patients’ medical history

Manage enrollees’ health insurance programmes

Monitor demographics of disease spread

Coordinate medical trends, clinical innovations and standards.

Generate business intelligence for policy formulation

Protect healthcare policy data

THE CHALLENGE? Bridge the gap between technology capability and technology

application in order to protect health-related data.

THE SENSITIVIE NATURE OF HEALTH DATA

Protected Health Information (PHI): Clinical history, hospital visitation, medical

encounters, disease/ailment info, admission records, drug admin, etc.

Personally-Identifiable Information (PII): Personal identification attributes,

names, contact info, residential addresses, phone numbers, next-of-kin, social

security number, age, gender, height, biometric template, etc.

PHIs and PIIs in digital format are bound to life, and therefore require

Adequate protection

Controlled access

Guided disclosure

Authorized modification

Adherence to HIPAA standards

CONSEQUENCES OF LOSS OF CONFIDENTIALITY

Loss of confidence

Litigations arising from breach of trust

Fines and regulatory sanctions

Misdiagnosis

Depression

Escalated stigma and suicide attempt

Reputational damage to the medical profession

Institutional ridicule to the health industry

Avoidable fatality

Truncated health policy direction

CONSEQUENCES OF LOSS OF INTEGRITY

Unauthorized modification or manipulation of electronic

medical data, illegal deletions, malicious alterations,

unauthorized substitutions and unethical insertions.

Misdiagnosis

Medical complications

Prolonged hospitalization

Permanent disability

Altered clinical analysis

Avoidable fatality

CONSEQUENCES OF LOSS OF AVAILABILITY

Partial or total obstruction to the accessibility of

medical data by physicians and other authorized

personnel constitute a loss of availability to such

computer information systems, leading to:

Delayed medical attention

Degenerated medical condition

Possible fatality

Reputational damage

HEALTH-DATA SECURITY

DEFINED

“Health-data” security is the combined application of electronic communication networks, computer information systems, data protection policies, security standards to:

Protect the CONFIDENTIALITY of health information

Preserve the INTEGRITY of health data

Maintain unhindered AVAILABILITY of health-related data* and systems

to all persons and resources authorized to collate, manage, process, use

or regulate such data independently or as legitimate healthcare interest

group.

==================================================

* medical data and standards, clinical records and health policy information

AFRICA’S RELIANCE ON ICT FOR

HEALTHCARE

African focus is gradually shifting from traditional to ICT methods of managing and protecting health information:

Rural health centres, urban health providers, HMOs, pharmacy

shops moving away from

weak physical protection, and

Poor collation procedures

Telemedicine

Electronic Health Information Exchange (eHIE)

Mobile health insurance

Social media features

Multimedia channels

VULNERABILITIES AND THREATS TO eDATA SECURITY IN AFRICA

Poor infrastructure (telecoms, roads, electricity, etc) Misapplied ICT interventions Poor funding for ICT initiatives Underutilized ICT investments Ignorance and reluctance to leapfrog technologically Unskilled manpower, poorly-trained employees Inconsistent government policies Political instability, social injustice, corruption and

insecurity Wide-spread poverty and social exclusion Inadequate political will to collaborate globally with

NGOs, foundations & health donor agencies Overstretched “pilot” syndrome on technology

projects Issues of accessibility, affordability and sustainability.

RISK MANAGEMENT THROUGH

ICT

ICT approach to manage risks in health-related data:

Threat profiling

Vulnerability assessment

Probability of occurrence of security incident

Severity of incident on health-related data

Risk treatment plan

BENEFITS OF ADEQUATE DATA SECURITY MANAGING HEALTH

SYSTEMS1. Proliferation of technology channels2. Automated protection of patents, intellectual property

rights, trademarks, trade secrets 3. Easy accessibility of health info DB for remote

collaboration4. Easy detection of malicious modification attempts5. Seamless aggregation of data from a existing DB, eg

NMHIP6. Versatility, Health Information Management Systems

(HIMS)7. Automated discovery of duplicate entries8. Remote capabilities, e-Learning, telemedicine, medi-

research9. Business intelligence, analytics and demographics10. Improved stakeholders’ information flow and

feedback

Cyber intrusions have increased dramatically

Exposing sensitive business information, Disrupting critical operations, and Imposing high costs on organizations

Appropriate digital security of health data assures Confidentiality and privacy of health information Integrity and consistence of sensitive medical data Availability & accessibility of data to authorized personnel

Holistic approach Take advantage of existing data security systems eHealth to be an integral part of National health plan Technology collaborations at country/regional levels Private Sector involvement Supportive political climate, and Adherence to global data security standards

CONCLUSIONS AND POLICY RECOMMENDATIONS

Thank you