The Journal of mHealth Vol 2 Issue 4 (August) | Page 24
Data Protection: How Technology is Revolutionising Healthcare
Continued from page 21
Device) approach becoming more prevalent in clinical trials and the real world
healthcare arena, the need to meet data
privacy and security regulations becomes
ever more important.
The principle difference between a
BYOD approach and a provisioned
one is that BYOD is more cost-effective, alongside encouraging increased
adherence from patients. Controls have
increased as the user of the device is
being kept in contact without any qualification, and therefore it is important
to place security at the heart of the
technology to ensure that the highest
standards of data security and safety are
provided.
The myth that provisioned devices are
somehow more naturally secure than
the use of personal ones is slowly but
surely being debunked. Best practice is
to understand data protection regulations and develop a platform that complies with regulation guidelines. Through
ensuring separation of PII, the use of
data encryption for locally stored data
on the device, in transmission (i.e. over
the internet), within study databases and
the inclusion of permissions for data
handling in the ethics/IRB-approved
consent process, it is possible to build
security and protection controls into
software, whether delivered through a
provisioned device, or, in the case of
a BYOD approach the patient’s own
mobile device.
Striving for excellence
However, the drive for regulatory stringency does not have to stop there. Pharmaceutical companies can and should
keep tabs on less obvious measures
which affect privacy policies, by carrying
out a comprehensive audit to ascertain
what the vendor does in its day-to-day
business dealings. Does the vendor have
the relevant certifications? How seriously
does it take its data protection responsibilities? How important is data protection within the culture of the organization, and is it willing to be as transparent
on this matter as is needed?
Much of the above can be assessed
Some things just...
...stand out from the crowd
Global Digital Health 100
The most innovative companies
in the field of digital health
Nominations for 2015 now open, for more
information please visit www.thejournalofmhealth.com
22
August 2015
through the Quality Management System (QMS). Any QMS worth its name
should lead to data privacy at every level
of the organization and its systems.
Three elements here are crucial: the
environment which hosts data should
be independently validated; the hosting environment should also include an
intrusion detection system to protect
against security threats; and an audit trail
of data changes is also paramount.
It is not now simply a case of ‘if ’ pharma
companies will work with vendors who
have taken these steps and incorporated
them into the way they run their business, but ‘when’ – that much we have
seen first-hand. At ground level, security in the clinical trials and real world
healthcare arena cannot and must not
be compromised – but neither should
it. Increased security is part of the virtuous circle of timely engagement, an
improved user experience, and – most
vital of all – improved health outcomes.
1. World’s Biggest Data Breaches http://
www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks n