During my mother-in-law's recent stay in a UK hospital, it was business as it always has been as the hospital breached the new General Data Protection Regulation (GDPR) by placing patient medical records at the end of the beds where they could be viewed by all visitors to the ward and by other patients.
Hospitals must adapt in order to comply with GDPR or face fines
GDPR is not just relevant to enterprises that handle personal information; it also applies to public sector bodies, including hospitals. Any information that identifies individuals must be kept secure, but in the case of hospitals, that information also includes details of medical conditions and treatments. In the past, medical records were stored on the ends of the beds of patients so the medical staff had easy access to them. Although this is changing as hospitals modernize, the pace of change is slow in some hospitals and needs to accelerate. Patients have the same rights to data privacy as any other person conducting business with a company or service provider. Once patients are discharged, their records must be removed immediately. That is not always the case, however, and records can remain at the end of an empty bed for some hours after a patient has been discharged.
If medical records need to be stored at the foot of beds to allow staff easy access, then they must be stored in a way that members of the public are not able to view them, perhaps in lockable folders that only staff can open. Hospitals, like any organization, should be reducing paper volumes by moving to electronic methods of recording information, but the cost of providing sufficient electronic devices on which to store patient data may be too high. Any initiative to keep medical records secure will undoubtedly cost money at a time when the National Health Service in the UK is under pressure, but the protection of patient data and compliance with GDPR is paramount. Cultural change is needed to ensure that hospitals manage patient records in an appropriate fashion.
"Failing to capture paper documents increases risks for enterprises," INT002-000075 (February 2018)
Sue Clarke, Senior Analyst, Data and Enterprise Intelligence