"TalkTalk data hack - 157,000 had details stolen".
"Sony hacked - emails leaked"
These are some of the most notorious stories that we have heard in recent times. However, such one-off sensationalist stories are not as alarming when you consider the underpublicised trend of data loss in the health sector. The ICO reports that in the first quarter of 2015/16 alone, 193 data security breaches were reported in the health sector, which represents almost 50% of data security breaches across all sectors.
Paper documents are being lost, stolen, disposed of inappropriately, faxed or posted to the incorrect recipients on a daily basis putting unsuspecting victims at risk. Notably, data security breaches of data in an electronic format is not significant. Therefore, considering these stats and other associated risks and benefits, it's understandable why considerable funds and resource are being channelled into digitising healthcare. That said, an electronic document is not inherently secure nor is it immune to loss or corruption, so how can an organisation tackle this issue?
What data protection of electronic documents involves
The Data Protection Act says:
"Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. "
Much focus is placed on the technical measures for preventing data access, ie secure access and encryption of data in transit. However, less emphasis seems to be given to data integrity which relate to the destruction of and damage to personal data and could lead to clinical risk in addition to a breach of data security.
Take for example, a scanned document. If the quality of the image is poor, then important information could be obscured or misread leading to clinical or patient error. By implementing the data quality management best practice measures set out in BS 10008, an organisation can safeguard itself from data loss through error.
BS 10008 is about ensuring the trustworthiness of electronic information, that is making sure the electronic information is authentic (e.g. scanned documents are true copies of the paper ones) and has retained its integrity during storage, i.e. through migration, server crashes, transfer from one media to the next, malicious users and accident prone users.
In conclusion, if you are concerned about data security, then likely you should also be concerned about data integrity and how to implement BS 10008.