With just a few short weeks until the GDPR officially comes into force, now is the last chance to make sure that your practice is compliant.
What’s the risk?
Worryingly, many organisations don’t understand the implications of the GDPR and are unsure how to comply. Misunderstanding and ignorance will not be an excuse for poor data practices and will not help you avoid huge fines (up to 4% of turnover or €20million, whichever is higher).
For the healthcare sector, there are more risks than in most others, mainly because of the sensitive data collected, including that of children. It is this personally identifiable data (PID) that makes medical and dental practices top targets for Cyber crime. Unlike bank details and contact information, medical history cannot be changed even if a breach is detected.
Inadequate processes and out of date software and security systems are huge risks to practices. This, combined with a lack of staff understanding of what to look out for from clever criminals using phishing techniques to trick them into sharing information, could spell a recipe for disaster.
For private medical and dental practices, if you promote paid services to patients, you will likely also need explicit, informed consent. Again, not being able to show how you gather consent could cost you in terms of financial fines and loss of trust among patients.
The consequences
If you show that you cannot keep your patients’ data safe, you will become an easy target for Cyber criminals. Security breaches will mean business disruption, and potentially fines and loss of patients to other practices. A data breach will also mean further costs to implement better systems and processes. The essence of the GDPR is about keeping people’s personal information safe. Practices have an obligation to put measures in place to make sure this happens.
Help and support
There are a number of places to turn for support if you have questions or need additional help with GDPR compliance.
- Information Commissioner’s Office (ICO)– The ICO has issued some guidance for healthcare organisations to help them deal with processing sensitive patience data. You can also call them for data protection advice.
- Cyber liability insurance– Even with the best intentions, you need a back-up plan in case of a breach. Cyber liability insurance is your best option. Choosing a specialist healthcare policy will mean you get the tailored support and cover you need.
- Your insurer– Speak to your broker and insurer about the resources and training available as part of your insurance policy that will help you with compliance.
- Plus, download our checklist for some of the questions to ask yourself before 25th
To speak to a specialist advisor about how Cyber liability insurance could help you and your practice, contact our team of brokers today.