What is data protection and why is it important?

Data protection deals with the privacy of information, including how personal information is collected, stored, used and disseminated to other parties. Private and public companies collect our data in various ways, either directly by individuals giving them explicit information, or by tracking our online behavioral patterns through cookies and similar means. By agreeing to terms of use or cookies, we give away a part of our privacy, often not knowing what exactly we are agreeing to. A lot of the time these parties who we give information to are then allowed to give away this information to third parties, and it can be used to create profiles of our habits and preferences. Such collection of data is of course regulated by certain laws: the most comprehensive recent data regulation which deals with such issues is the GDPR – General Data Protection Regulation. This General Data Protection Regulation is applicable since May 2018 to all member states of the EU, as well as to any other organisation as long as it collects data of EU citizens. The goal of this regulation is to harmonize data privacy laws across Europe, and ensure high privacy and security standards.

Digital data in the healthcare environment

The GDPR recognizes health data as a special category of data needing protection. Health data is defined as information relating to a person’s physical and mental health, usually as decided by a doctor or health professional. The safety of such information is decreasing in the digital environment and is in need of protection, particularly due to new technologies and innovations in the health sector such as mobile health, big clinical trials, cloud data storing, surveillance and similar.
There are many other regulations dealing with healthcare data besides the GDPR, such as the HIPAA – Health Insurance Portability and Accountability Act, which sets the standard for sensitive patient data protection, especially in the US.

Public health data is often spread throughout the health information system and concerns multiple healthcare professionals. This is why there is a need for better data protection, transparency in operating processes and information gathering, as well as an active improvement of the technology and systems used. Despite the obvious need for technological advances in the health sector in order to protect sensitive data, in many countries these technologies are outdated and fall behind other public and private sectors. Healthcare is not actively modernised, and is therefore more and more susceptible to data leaks. Criminal cyber attacks can target any digital data, which now also includes sensitive health data, and when large amounts of personal data are not adequately stored or made anonymous from the start, they become an easy target for hackers.

What can be done to protect our data?

All data, including health data, can be better taken care of through the improvement of IT systems by allocating more funds and resources, training professionals in data management, using better encryption, conducting safety and attack tests, preparing recovery plans in case of an attack and many different countermeasures. 
Healthcare staff should be trained and educated, but also have restricted access to documents and data which do not directly concern them. Monitoring access and use of data can also be beneficial in tracking which specific information was used or viewed by who, when and from where. Encryption can ensure that even if data gets stolen, it might not be usable for the perpetrator due to the inability to decrypt and make sense of the data. There is also the option of risk assessments, backups of data to safe locations, better evaluation of third parties and business associates and many other measures that can be taken. 

But besides the official ways healthcare data security can be improved, it is also important for individuals to be aware of the importance of being mindful of their personal information, both in healthcare and in life in general. We have the right to protect our own information and know how it is used and stored when given to third parties. It is hard to avoid giving away our privacy today, but we should be aware that we have certain rights and that we can ask for more information, search for ways to protect ourselves and get more detailed information on such topics in case something ever goes wrong. Education is the most powerful tool we have, and even if we do not have all the knowledge and information, it is important that we have the option and ability to ask for it.

Some extra sources:

https://gdpr.eu/
https://www.cdc.gov/phlp/publications/topic/hipaa.html