Monday, 22 September 2014

Maintaining your defences

By Stephen Cavey, Australian Ageing Agenda

Recent legislation has put the onus on aged care providers to review their privacy management procedures and ensure the client data they keep is secure, writes Stephen Cavey.

The security of client information is a fundamental concern for health and aged care providers, and is at the heart of the relationships of trust held between consumers and service providers.

In every privacy debate in Australia for the past 30 years, concerns about the integrity and security of client data has been the number one issue. Therefore, the health and aged care sectors understand very well the importance of protecting client data. As an industry, healthcare providers and government agencies are considered leaders among security professionals given the critical nature of the data they protect.

However, the broader technology landscape has shifted dramatically and ubiquitous connectivity has given rise to a broad spectrum of online services, such as cloud computing, or the universal adoption of smartphones, which has changed the way we all do business and the way that customers interact with businesses.

These developments in computing and network infrastructure have fundamentally changed the way security issues are dealt with. This is as true for the aged and health sectors as it is for any other. New powers

Recent government legislation related to privacy in Australia is forcing health and aged care providers to conduct a detailed review of how personal information is being stored. The Australian Privacy Commissioner has been granted significant new powers to punish companies that “leak” personal information.

This is particularly important to small healthcare practices, because the issue of ‘personal information’ extends well beyond the details of ‘client information’ and even beyond a client’s ‘financial information’ such as credit card numbers and bank details.

In an age where identity theft and other fraud-related cybercrime is increasingly a problem, personal information also includes all potential identifiers – names, addresses, birth dates, driver’s licence numbers or other identity documents. Most companies whether they are in the health and aged care sector or in the broader business community are not aware of just how much exposed personal data they retain on their corporate IT systems.

If there is one trend I urge all aged care providers and chief information officers to understand, it is the concept of ‘data centric’ security. Traditionally, IT systems have been protected by creating a secure barrier around your companies’ data to keep unauthorised users out. That is the basic philosophy of perimeter security, and it refers to the firewalls and basic authentication systems that accompany them.

Read more . . . .