Data Protection in Healthcare Industry
Data Protection in Healthcare Industry
Check Point research recently revealed that cyber-attack cases in the UAE had increased by 71 per cent by the end of 2021.
The Healthcare industry continues to top the list for these, especially information and identity theft. While at the same time, hybrid mode of functioning has created an influx of information in paper works and online documentation.
Let us take a look at how healthcare data protection has become essential.
What is health information?
According to the Federal Law No. 2 of 2019, Article 1, health information broadly includes information that is processed and given a visual, audible, or readable indication and attributed to the health sector.
This definition includes patient name, date of birth, blood test results, medical imaging results collected and recorded during a consultation, etc.
How do authorities ensure data protection?
To ensure data protection in healthcare, the Dubai Health Authority (DHA) has established the DHA Healthcare Record Guidelines. These guidelines address proper record keeping, storing and destruction of patient records.
The Dubai Healthcare City regulations specify patient healthcare data disclosure restrictions, retention period, and storage and safety requirements.
The Department of Health also has a set of standards governing healthcare data privacy. According to the Data Safeguards clause of the DOH Standard on Patient Healthcare Data Privacy, all healthcare providers are required to ensure reasonable and appropriate:
- Administrative
- Technical
- Physical safeguards
to prevent intentional or unintentional use or disclosure of protected health information in line with Abu Dhabi Health Information Cyber Security Standard (ADHICS) and the applicable laws and regulations.
While all medical records need to be under a lock and key or passcode, the clause also directs medical facilities to limit access to healthcare records on a need-to-know basis.
This clause also emphasizes the importance of shredding documents containing protected health information before discarding them.
What are the guidelines for healthcare data destruction?
Recommendation seventeen: Destruction of Health Records mentioned in the Guidelines for Managing Health Records by the DHA guides the medical facilities to:
- Notify patients before destroying their original health records.
- Consult a legal representative of the facility before the destruction of health records.
- Destroy medical records only when they are over the retention period and have satisfied all requirements mentioned in the document.
- Maintain a record of all data destroyed, and where necessaryverify this record through the Image Processing System where it is electronically stored.
Healthcare facilities need a strict chain of command to ensure complete data security at all stages of data handling. Outsourcing your data shredding to EndoShred gives you the advantage of assured secure data collection and on-site data destruction and shredding. We provide secure shredding services for documents, electronic media like hard drives, media tapes, CDs/DVDs, etc., and other speciality materials like credit/debit cards, uniforms, promotional merchandise, etc.
For inquiries about Endoshred’s shredding services near you, contact us at +971 4 4310337
