Protecting critical healthcare data in the era of 'big data'
By Martin Sugden, Managing Director, Boldon James
21 November 2014
The Internet of Things, Big Data and cloud storage have
transformed the way in which data is accessed, processed and stored.
As a result, the pressure is on for all organisations to develop a
data-centric security approach, where the focus is not only on
external threats or perimeter defences, but also on how the most
critical or sensitive data is appropriately protected.
This makes sense to any medical or healthcare organisation that
is struggling under the weight of ‘big data’, and although on the
face of it, the task may seem like a mountain to climb, there are
some simple steps organisations can take.
Medical or healthcare organisations essentially are both
producers and consumers of vast quantities of data, stemming from
initial research, through patient filing, ongoing clinical research,
the issuing of licenses, the manufacturing process and continual
dissemination of information to the medical community.
Throughout the entire life-cycle of a new drug from inception
through to generics and over the counter products, there are many
different data collection points and requirements to share that
data. It is therefore vital for an organisation to know whether this
data contains any intellectual property (IP); and what and how they
need to share information with trusted partners.
Many medical or healthcare organisations will be subject to a
number of regulatory requirements both locally and internationally.
All of the time the organisation must be aware of privacy and data
protection laws, personal identifiable health information
restrictions (eg HIPAA regulations in the US), whist also sharing in
a controlled way clinical trial results, and submitting information
to the various licensing authorities in a safe and secure way.
So, how do these organisations protect their IP and safeguard
sensitive patient, drug or trial data? A key part of the data
security process, as identified by leading analysts such as
Forrester and Gartner, is the classification of data. Building a
User-Driven Data Classification approach into the foundation of a
data governance and security approach is one method that is becoming
best practice for many leading organisations.
By underpinning the data life-cycle process, Data Classification
provides the data creators and editors the power to classify the
information in line with the company’s security policy so that it
can be stored, accessed and shared in a controlled manner
appropriate to the sensitivity of the data.
Data classification is still a relatively new solution area, but
many forward-thinking chief information security officers (CISOs)
are recognising the benefits of implementing it as part of a layered
data security approach or a wider security solution architecture
which may include data loss prevention (DLP) or data governance
These CISOs are considering data classification ahead of any
other new solution set, recognising the common sense in knowing what
data you have, where it is stored and who has access to it, before
deciding how best to protect and secure it. This is really breaking
down big data into more manageable and protectable small data.
Medical and healthcare organisations rely upon their intellectual
property as the core asset of their business. However, as part of
the necessary process of commercial engagements in a highly
regulated world, the need to understand where your data is and who
has access and by what method is fundamental. Part of the overall
solution is to empower your users to help you achieve this,
expanding your security team exponentially and retaining control and
oversight of your sensitive data.
Gartner predicts that by 2016 more than 80 percent of companies
will face potential non-compliance issues, data breaches and
financial liabilities if they fail to develop a data-centric
security policy that cuts across organisational silos. In turn, this
increases the greatest risk of all – potential damage to the brand
and shareholder value caused by loss and leakage of data. Going back
to basics and building security from the data foundations upwards
will be the only effective approach to security in the ‘big data’
era, and data classification is set to play a critical part.
Applying big data analytics to improve patient-centric care
The barriers to tapping into Big Content
and how to overcome them
data is being used in healthcare today
cardiology, Big Data covers the ‘whole’ patient
More features ...