GDPR - Don’t Be Paralysed by the Implications: Get Excited by the Opportunity!

Posted 09/12/2017 by John Gladstone

As everyone involved in the collection, protection, storage and use of personal data is well aware, The European Union’s General Data Protection Regulation (GDPR) goes into effect May 25, 2018. Many healthcare organisations are wrestling with compliance and establishing a cohesive and rigorous response to the challenges. Although the new GDPR applies to all domains of the public and private sectors, some specific derogations are defined for data concerning health. That is aimed at protecting the rights of data subjects and confidentiality of their personal health data, whilst preserving the benefits of processing data, including digital images for research and public health purposes. Therefore, the implications are wide-ranging and are not merely confined to the IT Departments and Freedom of Information custodians – they span all clinical and support departments that interact with patients and carers.

There is an alternative perspective, however, that adherence to the requirements should not be seen merely from the standpoint of avoiding punitive fines or reputational damage caused by data breaches or loss, but as a unique opportunity to identify where, why and how data is collected, stored, protected and secured.

The GDPR offers a tremendous opportunity for healthcare organisations to maximise the real value of data in the delivery of patient care.

The initiative will require all organisations to critically review workflow and operational processes, which will lead to a greater understanding of where data resides and the current limitations of its use. Only by understanding the true scope of the data can organisations truly maximise the real value of the data that sits inside departmental and application silos, and the enormous benefit that can be achieved in the delivery of improved patient care and more effective resource utilisation.  

Now is the time for healthcare organisations to achieve the ideal intersection between data and patient care: patient data, presented as quality information, available in a timely manner and in a format that is understood by the clinicians.

The drive for clinical and operational efficiency and effectiveness lies at the heart of the digital transformation journey that is being taken by healthcare organisations. By consolidating data into a manageable and centrally-controlled environment to meet the requirements of GDPR, healthcare organisations can:

  •         Tackle the proliferation of silos of unorganised, unshared data and move toward the production of valuable information
  •         Retire legacy applications that continue to consume significant resources to merely maintain historic data, and invest what’s recovered into new, more patient-centric software
  •         Move toward a holistic view of a patient that can be shared both within the organisation and also between other providers of care and social services

At an enterprise technology level there is significant opportunity to increase efficiency by consolidating and simplifying backup and recovery regimes. This can reduce the number of copies of the data that exist, while safely leveraging the capabilities offered by both private and public cloud. This type of modernisation also ensures genuine business continuity capabilities in the event of ransomware and other cyber threats going forward.

The GDPR requirements, whilst challenging, may just be the catalyst for the first significant change to the collection of valuable, clinically relevant data that can be used for driving improved outcomes, retrospective analytics and more effective resource utilisation to the benefit of all.

Learn more how Commvault is helping companies simplify GDPR compliance.