The second in a series about GDPR and how it may impact on your practice.
Last week we talked about how we handle data and communicate with patients and colleagues by encrypting emails and permission marketing. Click HERE if you missed it.
So, you are getting your head around the GDPR idea. Now you need to be thinking about “physical” data and how you are looking after that.
Today, whilst in a busy clinic, a patient handed me a series of MRI images on a CD-ROM. I reached under the desk to open up the drive to insert it, only to find another CD-ROM already residing there.
It wasn’t a CD-ROM belonging to one of my patients (phew).
Presumably, the room’s former occupant had failed to take it out of the drive, which is an easy mistake to make. Nevertheless, this still represents a potential breach of confidentiality, where patient data is concerned. Maybe you have experienced this yourself or even found printed clinic letters lying on a desk, or a list of patient names on an appointment schedule.
I will be the first to hold my hand up and admit that I can be absent-minded. Many years ago I took my driving test wearing one lace-up shoe and one court shoe – with a kitten heel. (I believe the instructor passed me, in order to get me out of the vehicle as soon as possible)
This leads me to wonder, with GDPR around the corner, how many of us are ‘physically’ prepared?
Given our occasional feeble moments, it’s important to have systems that don’t rely on us leaving so much to chance.
What if you’re a clinician who has patient data on a laptop, an iPad, or your phone? This stuff has to be encrypted, in case a feeble moment strikes you when you’re travelling on the Number 42 bus. Leaving data wide open, means it ain’t too difficult for someone to swipe it.
Proper encryption scrambles the data which can only be unlocked using a code that reveals the data (unscrambled). There are various different levels of data encryption, but we’ll not dig too deep into that tech conversation. The good news is, many devices have this inbuilt for you automatically.
If you have an iPhone, encryption is switched on automatically, and if you use a Mac you can use Filevault encryption, which will keep your files safe from being copied. Some, but not all Android phones are catching up.
Most of us will be used to using a password to lock our Macs which also encrypts as well as you are using Filevault
But here’s the thing: You need to be very sensible about choosing passwords. If someone can access your Mac and use a password that’s easily guessable, or could be unlocked if you put in every word in the Oxford dictionary (yep, there are hackers that do it this way), then you are leaving yourself open to hacking.
What if you are on a Windows laptop? Well, here you might be in trouble. If you are running Windows 10 you might have Device Encryption enabled (which requires a set up process with a Microsoft account)
The safest bet if you are not sure whether your laptop is encrypted, is not to have ANY sensitive data on your laptop. At All.
Here’s the rub: Sometimes we transfer data around on USB drives. It’s not uncommon to find them abandoned, sticking out of a PC port in a clinic room. I have gathered up a fair few in my time.
If you’re going to move around confidential data / imaging / video that you filmed during a patient’s gait analysis etc., on a USB drive, then it has to be a drive that is encryptable. I personally like the datAshur USB encrypted flash drive, (which is made by iStorage). To access its contents, it requires you to type in a PIN using a little mini on-board keypad; it has military-grade encryption and guarantees that you are not going to get egg on your face if you leave it on a Number 42 bus.
Finally, you might want to consider the humble Dictaphone. These little devices have an uncanny way of finding themselves orphaned in consulting room drawers, black cabs, (and the Number 42 bus). There are encryptable Dictaphones out there. Get one. The extra expense is worth the hassle of having to ‘fess up’ to a potential data breech.
Don’t let your data be leaky.
If you’ve got concerns about how you are handling your data, please get in touch for a chat.
We have highly experienced technical Ninjas that can HELP!
We are waiting to help you gain more patients and boost your referrals
email or call us 0207 993 6425