Health Data Management 2018 New capabilities, new expectations a - - PowerPoint PPT Presentation

health data management 2018
SMART_READER_LITE
LIVE PREVIEW

Health Data Management 2018 New capabilities, new expectations a - - PowerPoint PPT Presentation

May 21, 2023 448 likes •832 views

Health Data Management 2018 New capabilities, new expectations a tonic for good health Do you need to update your approach? 9 November 2018 Gil Carter @gilcarter Data Breaches Mandatory Reporting This is not the problem 13 November 2018

slide-1
SLIDE 1

Health Data Management 2018

New capabilities, new expectations

a tonic for good health

Do you need to update your approach?

9 November 2018 Gil Carter

@gilcarter

slide-2
SLIDE 2

Slide 2 13 November 2018

Data Breaches Mandatory Reporting

This is not the problem

slide-3
SLIDE 3

Slide 3 13 November 2018

Detail in the data breach numbers

245 Data Breaches from Jul – Sep 2018

Overall

91 Human Errors 140 Malicious or Criminal Attacks 15 System Faults

Types

45 Health services 35 Finance 34 Legal 102 “other” 16 Education 13 Personal

Sectors

Top 5

25 Human Errors 19 Malicious 1 System Fault

Breakdown

1 1 1 4

Hacking Ransomware Malware Phishing Rogue Employee Social Engineering Theft of paperwork

  • r data storage

No BCC In email Loss of paper / device email fax (other) Unredact Release

  • r publish

mail Personal Info to wrong

4 3 4 4 2 1 1 4 2

Verbal Unauthorised Disclosure

7 3 1 8

Cyber Incident

slide-4
SLIDE 4

Slide 4 13 November 2018

Specifics in health

Rogue Employee Social Engineering Theft of paperwork

  • r data storage

No BCC In email Loss of paper / device email fax (other) Unredact Release

  • r publish

mail Personal Info to wrong

4 3 4 4 2 1 1 4 2

Verbal Unauthorised Disclosure

7 3 1 8

Cyber Incident

1 1 1 4

Hacking Ransomware Malware Phishing

slide-5
SLIDE 5

Slide 5 13 November 2018

How many people affected?

slide-6
SLIDE 6

Slide 6 13 November 2018

What was lost?

slide-7
SLIDE 7

Slide 7 13 November 2018

This is a real issue

slide-8
SLIDE 8

Slide 8 13 November 2018

There are lots of them

via https://www.healthcareitnews.com/

slide-9
SLIDE 9

Slide 9 13 November 2018

Common Problems

slide-10
SLIDE 10

Slide 10 13 November 2018

Privacy and Consent

  • Health organisations must adhere to

legislative requirements for information privacy

  • There are three elements to the core

management of privacy

  • Privacy policy from organisation
  • Data collection statement
  • Informed consent for data usage

Why do we still have these?

slide-11
SLIDE 11

Slide 11 13 November 2018

ICT is the ‘ministry of no’

“Oh f#%k” Ref: Simon Wardley https://blog.gardeviance.org/2012/07/adoption-cycles.html

slide-12
SLIDE 12

Slide 12 13 November 2018

Modern ICT thinking looks like this

https://public.digital/2018/10/12/internet-era-ways-of-working/

slide-13
SLIDE 13

Slide 13 13 November 2018

Password Management

What does “good” look like?

  • Easily guessed
  • Now known by everyone
  • He can remember it!
slide-14
SLIDE 14

Slide 14 13 November 2018

Passwords

  • Use a password manager
  • Keypass
  • 1password
  • Web browser
  • Buy a single sign-on system

Common tools

slide-15
SLIDE 15

Slide 15 13 November 2018

Email Phishing – still popular!

slide-16
SLIDE 16

Slide 16 13 November 2018

Email Phishing fixes

  • Staff training
  • Use a mail filtering service
  • Footers for suspicious content
  • Geofencing for logins (avoid the Nigerian princes!)
  • Regular dogfooding
  • ICT group sends fake messages to staff, with rewards for reporting as spam / phishing
slide-17
SLIDE 17

Slide 17 13 November 2018

Using email as a filing system

  • Very common to keep sensitive information

in email

  • Resumes for job applicants
  • Information about providers
  • Referrals for other services
  • Some problems
  • Email account hacked = data breach
  • Retention of personal information such

as resumes

  • Management after person leaves?
slide-18
SLIDE 18

Slide 18 13 November 2018

Fax machines!

  • Information is potentially

insecure

  • Lost pages on receiving end
  • Data quality
  • all pages received?
  • Readable?
  • Fax number correct?
slide-19
SLIDE 19

Slide 19 13 November 2018

Fax is hard to stop…

slide-20
SLIDE 20

Slide 20 13 November 2018

Here is the challenge

  • Anyone can use one
  • Simple, reliable, accurate
  • Secure (providing access to

machine limited)

  • Works from remote sites
  • Not affected by ISP outages
  • Life is harder without them
slide-21
SLIDE 21

Slide 21 13 November 2018

Fixing the fax (a small soliloquy)

slide-22
SLIDE 22

Slide 22 13 November 2018

Fixing the fax (a small soliloquy)

Secure Messaging Client Secure Message Inbox Secure Message Inbox

  • Backward compatible
  • Forward compatible
  • Simplistic installation
  • Low cost
  • Invisible management of old tech!
  • Bundle with SMD services
slide-23
SLIDE 23

Slide 23 13 November 2018

Shared network drives

  • Shared drive used as dumping ground
  • Limited governance of content and

structure

  • Difficult to maintain between staff
  • Traceability of client data (“is this

everything?”)

  • Timeline of changes (“is this the current

version?” “Who changed this?”)

  • Retention / disposal of data
  • Too much kept
  • Nothing deleted
  • How to align with policy or programme?
slide-24
SLIDE 24

Slide 24 13 November 2018

Limited traceability for data

  • “Find everything we hold on a person!” Could we do it?
  • FOI request / privacy request responses
  • Can we see data about information collected?
  • Are there any secondary uses permitted?
  • Can we tell when to seek consent again?
slide-25
SLIDE 25

Slide 25 13 November 2018

Handling Information Lifecycle

  • How to connect data assets to the programme used to create

them?

  • Can we tell what is owned by which programme?
  • Can we share patient data between systems?
  • When do we have to seek consent?
  • When can we delete?
  • What can we share outside our organisation?
slide-26
SLIDE 26

Slide 26 13 November 2018

Staff changes

  • Key staff member leaves
  • Email archive / network drive / sharepoint site
  • Use of direct email rather than job role
  • Update of contact details
  • Are these processes codified in a data management model?
slide-27
SLIDE 27

Slide 27 13 November 2018

Supplier challenges

  • Health often relies on external providers to deliver services
  • Interoperability of data?
  • Sharing of data via secure messaging?
  • Use of email or fax?
  • How to reject suppliers who fall short?
slide-28
SLIDE 28

Slide 28 13 November 2018

Self Assessment Time…

slide-29
SLIDE 29

Slide 29 13 November 2018

Look at systems in your organisation

Clinical Programmes Enabling Business Functions Information Management Applications Environment Technology Platform Information Security Governance / Risk

Health Organisation

Horizontal slice Vertical slice

slide-30
SLIDE 30

Slide 30 13 November 2018

Eight key areas in data governance

  • Choose two scenarios of your own to look at:
  • A vertical business application (eg. A mental health support

programme)

  • A horizontal business capability (eg. business CRM system, used

across multiple programmes)

  • Twenty minutes to work on both.
  • Work singly, in pairs, or as a table.
  • Map out information scorecard on areas for concern
slide-31
SLIDE 31

Slide 31 13 November 2018

Eight key areas in data governance

Governance Acquisition & Storage Quality Processing & Analysis Reporting / Sharing / Publication Metadata Management People / Process / Technology Lifecycle Management

slide-32
SLIDE 32

Slide 32 13 November 2018

A range of capability levels

Ref: Gartner

slide-33
SLIDE 33

Slide 33 13 November 2018

Build a matrix to guide forward path

Level 1 Basic Level 2 Opportunistic Level 3 Systematic Level 4 Differentiating Level 5 Transforming Governance Acquisition & Storage Quality Processing & Analysis Reporting / Sharing / Publication Metadata Management People / Process / Technology Lifecycle Management Data Management Capability

Where we are now Where we need to be

slide-34
SLIDE 34

Slide 34 13 November 2018

More detail in data management domains

Governance Acquisition & Storage Data Quality

Authority for work in data sets Approvals within business Work with external stakeholders Responsibility for policies and procedures Role of Data Stewards Role of Data Working Group Role of Data Custodians Role of Data Users Monitor implementation of policies Structured data (eg. Databases) Semi-structured data (eg. Spreadsheets) Published data (eg, websites) Non-structured data (eg. Email / docs) Security Policy Prioritisation of data (local / region / natl) Data connection & source integration Privacy and consent management Process documentation Deletion of unwanted data Accessibility Accuracy Coherence Interpretability Relevance Timeliness Organisational Environment Data Quality Model Data Quality Ownership Commitment to Improvement

slide-35
SLIDE 35

Slide 35 13 November 2018

Data management domains (cont.)

Processing & Analysis Reporting / Sharing / Publication Metadata Management People / Process / Technology Lifecycle Management

Recording Use of Data Metadata Processing Analysis Methods Recorded Release of data in public reports Personal data sharing in accordance with privacy policy Use of data for government reporting Release of data for public use Freedom of Information Business Metadata Technical Metadata Operations Metadata Metadata standards (eg ISO 11179) Recording of metadata Data analyst role definitions and support Data management framework Data management platform Data management agreements Data creation Data storage Data use Data maintenance Data disposal

slide-36
SLIDE 36

Slide 36 13 November 2018

Group Discussion

  • Present key insights by table
  • Common themes noted on whiteboard
  • Ask questions from audience to experts in residence
  • Forward paths discussed
  • Do nothing
  • Do yourself (cheap, risky, analysis bias)
  • External review (cost, lower risk, more critical)
slide-37
SLIDE 37

Thank you

Gil Carter – 0433 299 828 gil.carter@voronoi.com.au

@gilcarter