‘’Increasing automation in the healthcare environment and broader access to patient information are expanding the risk of data breaches’’

What is the relevance of Intellectual Property (IP) and customer data of healthcare organisation in the Indian context?

Srinivasa Boggaram

Like in any other country, IP and customer data in a healthcare organisation is treated with utmost importance as far as critical data security is concerned in India too. Healthcare organisations with IP related to their drugs or research is of paramount importance and it is this factor that makes them a key differentiator in the market. Many healthcare companies are expense conscious with regard to security tools; however, there are a few healthcare organisations who have adopted best and leading security solutions in the industry. Customer data is equally important and organisations are facing more security threats that increase the risks of inappropriate access to patient information and impaired integrity of the information. New security and privacy laws and stiffer penalties have increased the urgency of addressing security risks.

What are the threats to the data from cloud computing, mobile phones and social websites?

Looking at the benefits of new technology that brings to the business like many organisations’, healthcare segment too is highly impelled to adapt such technology. Needless to say associated risk in such new technologies like cloud computing or BYOD or social websites pose massive risk to IP and customer information. Critical data hosted on cloud services may not get the required attention, however, they carry the risk of losing critical data in the wrong hands. As we all agree, BYOD needs to be imbibed in the right way considering security risk and user work culture so that critical data is not at risk. With improper data protection tools, social websites can help users post critical information with or without right intentions. Increasing automation in the healthcare environment and broader access to patient information are expanding the risk of data breaches. Avoiding these data breaches without disrupting work-flow or limiting rapid access for authorised users can be challenging. Unfortunately, data breaches are not rare events. According to the Privacy Rights Clearinghouse, more than 260 million “records” of all types have been breached. Organisations should look security in a holistic view and not just in silos. McAfee being the largest security vendor in the industry, we offer the widest range of tools that help in providing comprehensive and complete control to secure data/handling information for a successful and profitable business.

What are the laws related to data security in India?

We have no dedicated data protection laws in India. Data of individuals and companies require both constitutional as well as statutory protection. The constitutional analysis of data protection in India has still not attracted the attention of either individuals/companies nor of Indian government.

The statutory aspects of data protection in India are scattered under various enactments. The Information Technology Act 2000 (IT Act 2000) and the (Indian) Contract Act, 1872, which is the cyber law of India, also incorporate few provisions regarding data protection in India. However, till now we have no dedicated statutory and constitutional data privacy laws in India. Having said this, many of our healthcare organisations who are serving Indian clients are mandated to follow their client specific regulations like HIPPA, HITECH, FTC etc.

What is the framework under which hospitals work to keep patient data secure?

Some of the best practices that many hospitals and healthcare organisations follow to keep their patients data secure are listed below.

• Secure channel to connect back to their data centre
• A very secure host level protection on the end points at hospitals and branches
• A matured and advanced DLP solution both on host level and network level
• A good identity management and access control mechanism
• A good data management mechanism
• Advanced security tools to give them good visibility and control of the entire infrastructure so that they have good ‘situational awareness’ and proactive control.

[email protected]