DisData protection
Data protection in daily working life:
awareness is what counts
Health data are particularly worthy of protection and must be treated confidentially. Particularly in view of the increasing digitalisation, this is creating frequent challenges in the daily working lives of chiropractors. Our tips will enable you to gain an awareness of the stumbling blocks.
Chiropractors wish to offer their patients the best possible care. This includes both medical treatment on the one hand and careful handling of sensitive health data on the other, as patients entrust their chiropractor not only with their health but also with very personal information. This trust deserves the best possible protection.
Data protection can influence treatment quality
The degree of attention a chiropractor pays to data protection can influence the quality of treatment, as the amount of information patients disclose depends on the relationship and level of trust. Should a patient fear a breach of confidence, he may withhold important details such as health-related patterns of behaviour. A medical service can therefore only be of high quality if it attaches sufficient value to data protection.
The best possible treatment of patients also includes careful handling of their data. Photo: iStock by Getty Images
Data protection: The legal aspects
Just like physicians, dentists and pharmacists, chiropractors are also bound by professional secrecy, i.e. a duty of confidentiality, under Swiss Penal Code. They are obliged to maintain secrecy concerning information entrusted to them within the scope of their professional duties. According to the Federal Act on Data Protection (FADP), health data are deemed particularly sensitive and worthy of protection and must therefore be handled in an appropriately responsible manner. Suitable technical and organisational measures must be taken to ensure that personal data are protected against unauthorised access and processing.
Conduct plays a major role
Chiropractor Stefan Muster has had a long day. Shortly before his last afternoon appointment, a former patient telephones: she wishes to show her new GP Stefan’s treatment notes. Normally Stefan sends patient information by post, but there’s no time for this as the doctor’s appointment is the next morning. The patient therefore gives him her e-mail address. Stefan is briefly surprised that it isn’t the same address he has noted in his documents… but as his next patient is now entering the practice, he doesn’t enquire why. It’s only in the evening that he starts feeling uneasy. What has Stefan done wrong? Our example shows that breaches of data protection only take place due to maliciousness in the rarest of cases. Generally speaking, nobody infringes data protection knowingly and willingly, as chiropractors are too attached to their patients to do this. It is normally carelessness that leads to breaches of data protection.
The key is to be constantly alert
A person’s knowledge influences their attitude, and this in turn exerts an impact on their everyday behaviour. With regard to data protection and IT security, this means that only persons familiar with the challenges in their daily working life and aware of the potential consequences of carelessness will adjust their behaviour accordingly. Data protection is not a one-off thing; rather, it needs to be practised every day
Knowledge, attitude and behaviour are linked together, also with regard to data protection.
Image: Own illustration by HIN.
Data protection principles: what you need to know
There are some principles concerning data protection that form a good basis for the daily working life of chiropractors:
Purpose limitation: Patient data may only be used for the curative treatment.
Proportionality: The collection, processing and forwarding of personal data must be appropriate, necessary and reasonable. For example, patient data may only be collected or forwarded that are required for treatment purposes and task fulfilment.
Right of inspection / right to information: Each person affected may request inspection of or information about their data. No fees may be charged for this.
Digitalisation is creating new challenges
Digitalisation offers a wide range of opportunities for dialogue and cooperation in healthcare and for internal procedures. However, it is also placing healthcare before new challenges:
Secure IT infrastructure
One prerequisite for sufficient IT security is secure IT infrastructure. The e-learning programme of ChiroSuisse on basic IT protection for medical practices on our awareness portal offers good tips for this. For example, the entire IT environment needs to be protected with a firewall and each terminal device protected against malware. Furthermore, data must be regularly backed up. If IT is outsourced to specialised service providers, this should be protected by contract. The SMA offers useful resources for this.
Always send health data in encrypted form
Conventional e-mails can be compared with a postcard:both the sender and recipient details and the message content are transported in plain language via the Internet and sent from server to server. It’s easy for cybercriminals to intercept them. In order to meet data security requirements, e-mails with sensitive health data must be transmitted in encrypted form. HIN has established itself in the Swiss healthcare sector as the standard for secure electronic communication. Find out more on the HIN website.
Not all electronic tools take account of data protection.
Photo: iStock by Getty
Tools conforming with data protection
WhatsApp, iCloud, Dropbox and the like can facilitate collaboration in daily working life. But it’s often difficult for users to trace where data are stored and who is able to view them. Only use tools specially developed for the Swiss healthcare sector.
Data protection in practice: tips for daily working life
A number of stumbling blocks for breaches of data protection lie in wait in the daily working lives of chiropractors. The following examples can help to identify them in the future:
| Situation | Risk | Our tip |
|---|---|---|
| A chiropractor spontaneously leaves his computer and does not lock his screen. | Anyone could go to the computer and access the data on it. | Always lock your screen when leaving your computer – even for just two minutes. |
| A treatment dossier is left lying unprotected on the desk or reception counter. | Anyone who happens to walk by can view the sensitive health data contained in it – be this colleagues, patients or the cleaner. | Always carefully put away physical patient data at all times, even when you’re in a hurry or only leaving your workplace briefly. |
| While travelling home on the train, a chiropractor receives a call from a patient asking detailed questions about her treatment. | The other passengers on the train are able to hear the conversation. | Make sure that you only hold confidential discussions at places where no third parties are able to listen in. |
| A patient sends his chiropractor photos of his treatment dossier held by his GP via WhatsApp. He uses the chat function to ask for the chiropractor’s opinion. | The chiropractor has no control over where the sensitive data are stored and who might be able to view them. | Never exchange sensitive data via apps or tools if you are unfamiliar with their data protection provisions. Only use tools specially developed for the Swiss healthcare sector. |
| To enable a chiropractor also to be able to access specific patient information at any time from home, she stores it in Dropbox. | The chiropractor has no control over where the sensitive data are stored and who might be able to view them. | Only use tools specially developed for the Swiss healthcare sector. |
| A chiropractor sends a patient dossier to a patient via his GMX e-mail address. | The patient data are transmitted in unencrypted form, enabling third parties to intercept them easily. | When sending sensitive information electronically, always do so in encrypted form, be this to other health experts or to patients. A solution for this established in the healthcare sector is HIN Mail. |
Data protection is not rocket science
Although devoted to your patients as a chiropractor, the issues of data protection and IT security are frequently neglected in the hustle and bustle of everyday life. However, these also influence the quality of any treatment. Stefan Muster as mentioned in the example shows how important it is to be aware at all times of the relevance of data protection in daily working life – and to act accordingly. For data protection is not a one-off thing but must instead become a part of daily working life.
Would you like to learn more about data protection and IT security?
The HIN Academy offers training courses in the fields of data protection and IT security that are especially tailored to the needs of health experts. The aim is not simply to convey information but rather to create a sustained awareness of the challenges concerning data protection and the threats posed by cybercrime.
HIN website
Health Info Net AG protects patient data in the digital world.
Jona Karg is Head of Training and alongside a degree in applied psychology has also completed an apprenticeship as a graphic designer and has several years’ professional experience as a multimedia developer in e-learning.
More about HIN