The Data Transformation Agency, a brand-new initiative set up by the Australian government, is determined to make it safe for citizens to surf cloud-based services connecting to the Department of Human Services (DHS).
The DHS is a gateway for third-party suppliers who seek access to sensitive information collected by government departments – such as My Health Record, Medicare, National Disability Insurance Scheme (NDIS), Pharmaceutical Benefits Scheme (PBS) and other forms of care.
“Because of the sensitive nature of the healthcare data, the DHS has always had to meet heightened security standards. The policy has two mandatory requirements, being DHS certification and that cloud providers must use sovereign Australian onshore solutions,” said Phil Wallace, the Head of Customer Experience with Macquarie Cloud Services.
They recently passed a law that requires all Australian software companies to undergo a security compliance process and accreditation before rolling out services outsourced to cloud-based providers.
“Cloud solutions can be complex and distributed by nature,” Wallace said. “By helping the industry move to new, more secure onshore secure standards, it removes the threat that one link in the healthcare supply chain could compromise sensitive data and payments for all users.”
By establishing a national policy for securing data, it standardizes processes and ensures compliance across the industry. The safe storage and transmission of patient data is no longer a luxury in the IT field – it is a necessity. “There is no privacy without security,” Emma Hossack, CEO of the Medical Software Industry Association (MSIA), said in an interview.
Hossack states the problem doesn’t necessarily lie with software. Rather, it is how it’s deployed and the security protocols around it. She points to the proliferation of individual passwords being passed around among multiple users. Training on proper IT practices is just as important, she says, as using the right tech solutions to secure information.
“Change takes time. Education about the importance of security for consumers’ privacy by the government and the whole health industry is the best way to overcome the challenge,” Hossack advises. “Education by colleges and other peak bodies like the Practice Managers Association and nursing bodies responsible for accreditation and standards is also key.”
There are challenges, however. Greenlight ITC CEO Mike Smith points to limited resources and continuous change in the healthcare industry as potential barriers to medical providers being able to keep up with internet security demands.
“Many healthcare users face challenges just sustaining operations in the face of aging assets, rising costs, the war for talent and growing complexity. When healthcare providers partner with local experts for compliant solutions, everybody wins,” Smith said.
He urges care providers to stay current on legislation; implement necessary changes as soon as possible; communicate with partners and patients about updates; look for ways to streamline services to offset rising costs; and incorporate protective features like monitoring and back-up when contracting with another agency.
“New legislation, constant change and more distributed modes of care are making it harder for practitioners to concentrate on helping people. Organizations should look to offload such compliance and security burdens to specialists, so they can free resources to help more people,” he added.