Please activate JavaScript!
Please install Adobe Flash Player, click here for download

cone beam – international magazine of cone beam dentistry

30 I cone beam4_2015 _At the heart of the relationship between a dentist and a patient lies trust and respect. Recent events, such as the Sony or, more currently, the Ashley Madison breach, have brought to public awareness the importance of securing one’s data. Data security and governance is a very tricky area. I must make it clear I am not a lawyer, but I am a highlyexperiencedinformationtechnologyprofes- sionalwithagoodunderstandingofdataprotection and other relevant legislation. All interpretations provided here are my own. Even if a dental practice has not embraced the digital age and all records and correspondence are ink and paper based, the practice still has a number ofresponsibilitiesregardingdatasecurity.Asdental practices collect patient details, they must register with the Information Commissioner’s Office (ICO) here in the UK. Dental records must be stored safely and securely for a number of years (up to six years for the National Health Service; NHS) and kept for a maximum of 30 years (Department of Health). Records must also be disposed of in a policed manner to avoid fines. Whataboutdentalpracticeswhohaveembraced digital? Data is accessed in two situations, storage and movement, the same as physical records are. This also means that there are the two situations in whichdatacanbecompromisedinthedigitalworld. Dental practices have an obligation to ensure pa- tient data is backed up, recoverable (in case of dis- asters), secure and protected. This applies during bothstorageandmovement.Ifyouareusingoneof the popular industry patient management systems, such as EXACT (Software of Excellence), it should have features to support this in place; liaise with your account manager to verify this. The next area of concern then is movement of data. This can be via e-mail, online referral tools or portals, feedback platforms or devices, and your website. E-mail is not a secure medium, and com- munication with patients about their medical his- tory or medical circumstances using this platform raises potential issues. The service provider you use for your e-mail could also be inadvertently making you breach data security rules. For example, if you are using one of the popular US-based organisa- tions for e-mail, such as AOL, Hotmail and Gmail, andliaisewithyourpatientsviathise-mailplatform, you have to consider where the e-mails are being stored; most likely on servers outside your own country. The UK’s Data Protection Act states that “per- sonal data shall not be transferred to a country or territory outside the EEA (European Economic Area) unless that country or territory ensures an Data security: How not to become the nextAshley Madison Author_Naz Haque, UK I opinion _ data security

Pages Overview