Protecting critical healthcare data in the era of 'big data'By Martin Sugden, Managing Director, Boldon James 21 November 2014 The Internet of Things, Big Data and cloud storage have transformed the way in which data is accessed, processed and stored. As a result, the pressure is on for all organisations to develop a data-centric security approach, where the focus is not only on external threats or perimeter defences, but also on how the most critical or sensitive data is appropriately protected. This makes sense to any medical or healthcare organisation that is struggling under the weight of ‘big data’, and although on the face of it, the task may seem like a mountain to climb, there are some simple steps organisations can take. Medical or healthcare organisations essentially are both producers and consumers of vast quantities of data, stemming from initial research, through patient filing, ongoing clinical research, the issuing of licenses, the manufacturing process and continual dissemination of information to the medical community. Throughout the entire life-cycle of a new drug from inception through to generics and over the counter products, there are many different data collection points and requirements to share that data. It is therefore vital for an organisation to know whether this data contains any intellectual property (IP); and what and how they need to share information with trusted partners. Many medical or healthcare organisations will be subject to a number of regulatory requirements both locally and internationally. All of the time the organisation must be aware of privacy and data protection laws, personal identifiable health information restrictions (eg HIPAA regulations in the US), whist also sharing in a controlled way clinical trial results, and submitting information to the various licensing authorities in a safe and secure way. So, how do these organisations protect their IP and safeguard sensitive patient, drug or trial data? A key part of the data security process, as identified by leading analysts such as Forrester and Gartner, is the classification of data. Building a User-Driven Data Classification approach into the foundation of a data governance and security approach is one method that is becoming best practice for many leading organisations. By underpinning the data life-cycle process, Data Classification provides the data creators and editors the power to classify the information in line with the company’s security policy so that it can be stored, accessed and shared in a controlled manner appropriate to the sensitivity of the data. Data classification is still a relatively new solution area, but many forward-thinking chief information security officers (CISOs) are recognising the benefits of implementing it as part of a layered data security approach or a wider security solution architecture which may include data loss prevention (DLP) or data governance tools. These CISOs are considering data classification ahead of any other new solution set, recognising the common sense in knowing what data you have, where it is stored and who has access to it, before deciding how best to protect and secure it. This is really breaking down big data into more manageable and protectable small data. Medical and healthcare organisations rely upon their intellectual property as the core asset of their business. However, as part of the necessary process of commercial engagements in a highly regulated world, the need to understand where your data is and who has access and by what method is fundamental. Part of the overall solution is to empower your users to help you achieve this, expanding your security team exponentially and retaining control and oversight of your sensitive data. Gartner predicts that by 2016 more than 80 percent of companies will face potential non-compliance issues, data breaches and financial liabilities if they fail to develop a data-centric security policy that cuts across organisational silos. In turn, this increases the greatest risk of all – potential damage to the brand and shareholder value caused by loss and leakage of data. Going back to basics and building security from the data foundations upwards will be the only effective approach to security in the ‘big data’ era, and data classification is set to play a critical part. See also Applying big data analytics to improve patient-centric care The barriers to tapping into Big Content and how to overcome them How big data is being used in healthcare today In cardiology, Big Data covers the ‘whole’ patient
|
|||