Protecting Patient Data: The 5 Rights of Data Administration
When it comes to healthcare, accuracy and attention to detail are not only important, they can mean the difference between life and death. Preventing misdiagnoses or mistreatment is taken very seriously.
Today, not only are patient lives on the line, but also, their information is increasingly online—on the hospital’s IT system, on private networks and even on the Internet. Mishandling of this data, or unauthorized use of it, can result in the wrong medical treatment, identity theft, data breaches and more. At the same time, more people need access to this information than ever before and from a variety of devices. The proper administration of healthcare data should be taken very seriously.
Just as clinicians use the “Five Rights of Medication Administration” to ensure proper patient care, the digitization of healthcare records and patient information means healthcare providers need to adopt best practices for ensuring proper security and privacy for patient data. To help organizations better understand their role in the administration of patient data Symantec has outlined specific best practices to ensure that patient information is kept secure regardless of where it is.
The following infographic, entitled “The Five Rights of Data Administration,” was created to help Health IT staff and users answer important questions about the use, access, and availability of critical patient data.
Organizations handling sensitive patient data would do well to consider the following important points.
Right Time – Data should be available to authorized personnel whenever they need it
• Are my systems backed up and secure, and is access from certain locations at certain times suspicious?
Right Route – Users need access to data regardless of where they are or the device they’re using
• Is the data on the doctor’s iPhone as secure as the data on the hospital’s PC on a nursing floor?
Right Person – Ensure only the right people have access to certain information
• Can I verify who is accessing the data?
Right Data – Prevent unauthorized tempering or accidental corruption of data
• Is this data the user is entitled or authorized to have access to?
Right Use – Ensure only the “minimum necessary” information is provided
• Beyond treatment, payment and operations, has the patient signed a notice of privacy practices, and does this use fall within its scope?
Symantec encourages healthcare providers and IT staff to carefully evaluate these points to ensure that patient data is being administered safely and securely. Are there additional steps healthcare IT should be taking to protect patient data – leave a comment and let us know your thoughts.