The Journal of mHealth Vol 2 Issue 4 (August) - Page 24

Data Protection: How Technology is Revolutionising Healthcare Continued from page 21 Device) approach becoming more prevalent in clinical trials and the real world healthcare arena, the need to meet data privacy and security regulations becomes ever more important. The principle difference between a BYOD approach and a provisioned one is that BYOD is more cost-effective, alongside encouraging increased adherence from patients. Controls have increased as the user of the device is being kept in contact without any qualification, and therefore it is important to place security at the heart of the technology to ensure that the highest standards of data security and safety are provided. The myth that provisioned devices are somehow more naturally secure than the use of personal ones is slowly but surely being debunked. Best practice is to understand data protection regulations and develop a platform that complies with regulation guidelines. Through ensuring separation of PII, the use of data encryption for locally stored data on the device, in transmission (i.e. over the internet), within study databases and the inclusion of permissions for data handling in the ethics/IRB-approved consent process, it is possible to build security and protection controls into software, whether delivered through a provisioned device, or, in the case of a BYOD approach the patient’s own mobile device. Striving for excellence However, the drive for regulatory stringency does not have to stop there. Pharmaceutical companies can and should keep tabs on less obvious measures which affect privacy policies, by carrying out a comprehensive audit to ascertain what the vendor does in its day-to-day business dealings. Does the vendor have the relevant certifications? How seriously does it take its data protection responsibilities? How important is data protection within the culture of the organization, and is it willing to be as transparent on this matter as is needed? Much of the above can be assessed Some things just... ...stand out from the crowd Global Digital Health 100 The most innovative companies in the field of digital health Nominations for 2015 now open, for more information please visit www.thejournalofmhealth.com 22 August 2015 through the Quality Management System (QMS). Any QMS worth its name should lead to data privacy at every level of the organization and its systems. Three elements here are crucial: the environment which hosts data should be independently validated; the hosting environment should also include an intrusion detection system to protect against security threats; and an audit trail of data changes is also paramount. It is not now simply a case of ‘if ’ pharma companies will work with vendors who have taken these steps and incorporated them into the way they run their business, but ‘when’ – that much we have seen first-hand. At ground level, security in the clinical trials and real world healthcare arena cannot and must not be compromised – but neither should it. Increased security is part of the virtuous circle of timely engagement, an improved user experience, and – most vital of all – improved health outcomes. 1. World’s Biggest Data Breaches http:// www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks n