12 Jul 2018

5 things your healthcare business should do in light of new data security regulations

Right now, data security is top-of-mind for most Australian businesses (and if it’s not, it really should be).

Under the new Notifiable Data Breaches Scheme (NBD) here in Australia, and the General Data Protection Regulation (GDPR) in Europe, businesses of all sizes must now actively implement measures to ensure data security and compliance, as well as develop transparent information handling practices and disclose any breaches that are likely to result in serious harm to an individual, or risk serious fines. 

If your business offers home-based and community care services, the new data security regulations are pertinent – especially given the amount of sensitive information your organisation holds about the people within your care.  

You can learn more about the full scope of the requirements here, but if you’re keen to refresh your data security and minimise risk, here’s a quick summary of what items should be on your immediate ‘to do’ list: 

1. Engage a data security consultant

Both the GDPR and NDB scheme are complex pieces of legislation and, in order to be compliant, it’s important to know exactly what your obligations are in the first place and where your current IT systems are potentially falling short.

Brennan IT can help by providing our Security and Risk Assessment service. As part of this service, we can help you understand your current security status, and formulate a suitable security implementation road map. We do this by:

  1. Identifying any gaps in your organisation against the NDB scheme and GDPR.
  2. Identifying any technical and business security risks which exist in your environment – an inherent requirement from the NDB scheme and GDPR.

As this audit is against industry-recognised and widely-adopted ISO 27001:2013 security standard, the audit results will be holistic and will give you a thorough understanding of your business’ current security posture.

2. Assign an internal data security team

One of the key requirements of the new legislation is that organisations assign a data security team which can supervise and control the overall response to data security.

In Australia, the NBD recommends that organisations ‘embed a culture of privacy by appointing key roles and responsibilities for privacy management, including a senior member of staff with overall accountability.’1 The GDPR requirements are more directive, and require businesses appoint a data protection officer to monitor and advise on compliance with the GDPR as well as internal privacy policies and procedures.2 Again, if you’re unsure about how to set up this team – or what’s required – Brennan IT can help.

3. Upgrade your desktop software

One of the greatest security risks to any organisation is its workforce – particularly given the fact that many IT professionals today are managing very complex and disparate end-user devices.

To ensure watertight security, you’ll need to ensure that everyone within your organisation is using the most up-to-date, reliable desktop software. If your people are using dated (and worse, unsupported) software, it’s all too easy for data breaches to occur – whether through human error, an IT glitch, or a cyber-attack. Brennan IT recommends Microsoft 365 to a wide range of healthcare customers looking for enhanced data security and control.

The new Microsoft 365 includes a range of sophisticated privacy and data control measures to ensure compliance, including:

  • Deep content analysis to easily identify, monitor, and protect sensitive information from leaving the organisation.
  • Consistent security configuration across Windows 10, Android and iOS devices.
  • Document encryption and enforced Multi Factor Authentication and restricted copy/paste.
  • Device data encryption with BitLocker and remote wipe for lost or stolen devices.
  • Information Rights Management, intelligent labelling and data loss prevention tips.

4. Upgrade your mobile device management

The modern workforce is mobile and distributed. This is particularly the case in home-based and community care, where a vast number of workers are on-the-road and accessing company information via a mobile device.

Providing employees (and customers) with this level of flexibility is essential, though can have ramifications for overall data security if not sufficiently managed and controlled. Maintaining watertight security requires your people having the latest devices, as well as the latest software. It’s for this reason that many businesses are outsourcing their mobile device procurement and management to an expert agency such as Brennan IT.

Brennan IT can help by providing two key solutions:

  1. Modern Device. As part of this solution, Brennan IT can offer you the latest, high quality modern devices, available on a pay-per-month leasing arrangement. We can procure the devices on your behalf, provide you with a finance solution which alleviates the up-front capital expense, offer reporting on the devices each month, and at the end of the lease, provide a secure data wipe and certification to ensure your data is protected.  Learn more about our Modern Device solution here.
  2. Mobile Device Management. Our team can provide mobile device management across all devices used by your employees. This includes configuring your devices for deployment and use, as well as keeping them up-to-date; tracking your device inventories, settings and usage to ensure compliance with policies; protecting your devices against data loss, theft, employee termination or other incidents by adding controls for data encryption, data access rights and more; and providing the support you need to troubleshoot mobile device problems through analytics and remote actions. Learn more about our Mobile Device Management here.

5. Keep everyone informed

Another requirement of the new legislation is that organisations must create awareness amongst employees, and conduct training so that everyone continues to be aware of their responsibilities regarding data security. For a home care or community care business, where your staff are typically geographically dispersed, you may want to consider an online training resource. Talk to Brennan IT about how we can help.

Want to find out more?

If you’re interested in finding out more about the new data security legislation and what your business needs to do in order to become compliant, contact us to request a Security and Risk Assessment Workshop.

 

1 https://www.oaic.gov.au/agencies-and-organisations/business-resources/privacy-business-resource-21-australian-businesses-and-the-eu-general-data-protection-regulation

2 https://www.oaic.gov.au/agencies-and-organisations/business-resources/privacy-business-resource-21-australian-businesses-and-the-eu-general-data-protection-regulation

Top