Key steps to big data security in healthcare

Mathieu Gorge, CEO of Vigitrust, outlines the basics of big data security in healthcare, where quick access to private data is key

Healthcare is moving towards big data, with patient information residing in multiple locations that must be accessed rapidly.

That data is also extremely sensitive, with confidentiality and integrity a key attribute. So, in healthcare, big data security is vital.

In this podcast storage editor, Antony Adshead, talks with CEO of Vigitrust, Mathieu Gorge, about big data security in healthcare and the key steps towards achieving it, including regulations such as HIPAA and the Data Protection Act, data classification, encryption and disaster recovery/business continuity.

Antony Adshead: What are the key issues in big data security in healthcare?

Mathieu Gorge: The first thing to consider is the actual value of the patient data, so if you go to a hospital or to your GP, data that is held about you has a lot of value to you and we need to protect the confidentiality and integrity of that.

Another angle to consider is the effectiveness of the care and its link to being able to access the data in real time by hospitals and practitioners. Which means that, for the best care to be provided by a GP or hospital, there must be fast access to a patient’s medical history, securely and as fast as possible.

This links to the key question, which is, “Where is the data?” There are some specific challenges with regard to data for the healthcare sector. For example, data might be held by competing hospitals, by different GPs, and you may move from one to another during the course of your life but your medical history may not move from one doctor to another.

This brings up the issue of the legal landscape that applies to protecting that data. So, in the US there is HIPAA. In the UK there is the Data Protection Act. And there is the issue of e-discovery that comes in if something goes wrong and we need to be able to trace back a transaction – who had access to that data and why.

This all comes from the move towards electronic health records, with all data now stored the right way, so there are some serious security issues to consider and some data storage issues to be aware of.

Adshead: What are the implications of big data security in healthcare for data storage and backup?

Gorge: The first thing to do, if you are an entity that has access to health records, is to make sure you have a data classification policy. This allows you to do an inventory of your data: The structured data, the unstructured data, that you hold yourself, and the data that you might need to access that might be held by another entity.

There are a lot of discussions at the moment in the healthcare industry regarding collaboration between different entities, such that they can access a person’s medical history even thought they don’t hold it, which really goes back to issues around managing access to third party information and managing outsourcing.

So, to make that happen – from a data storage perspective – you need to make sure you tag the data and label it the right way. From the physical perspective, you might want to use some solutions that allow you to classify data points, files and to make sure that at every stage of the process you maintain the confidentiality and integrity of the data.

Where things become more complicated – because you can use encryption for integrity and you can use access control and tracking to maintain confidentiality – is the availability of that data. You will need to run some scenarios to make sure that at any given time you will allow the healthcare community to get access to accurate data in real time.

That means looking at a full disaster recovery/business continuity plan that allows you to get access to that data. So, it’s all in the testing and it’s all about being prepared, and the only way you can do that is to have your data inventory in place.

There’s a lot of talk about big data but we need to understand that we’re creating a lot more data than we think we are. So, it’s no longer a case of preparing for big data, more for what I call huge data, which is getting access to data in your own systems and also securely connect to. And that is particularly important for the healthcare industry.

Next Steps

Video: Healthcare information security tops spending priorities of health IT pros for 2016

Read more on Data protection regulations and compliance