It emerged recently that two hospitals have suffered data losses, one in the UK and the other in US. The losses (here and here), illustrate the need not just for encryption, but for clear internal policy guidelines for handling data and the need for staff to be made aware of policy and trained in how to handle data. Patient records in particular can be highly sensitive and the impact of their loss considerable to those concerned, the need for protection is obvious.
It is of course all very well being wise after the event, but we have been saying for some time that organisations need to develop and implement effective data protection policy and procedures, which are backed up and enforced by technology. Healthcare organisations need to take action to avoid breaching HIPPA regulations in the US and similar regulations in the UK. The stakes will be further raised in the UK when the Information Commissionaire will have the power to impose up to £500,000 fines from 6th April 2010.
One healthcare organisation determined to implement best practice and safe guard their data is Care UK, you can read more here.
