Increasingly, healthcare professionals, clinics, laboratories, diagnostic institutes, nurses and patients are using the technology at their disposal to digitize and update medical records, obtain results of medical studies and communicate with each other through messaging applications. Some healthcare institutions also offer telemedicine services through applications or video calls to achieve another means of communication between doctor and patient. 

As in any other field, the importance of data privacy is a primary issue, although, when dealing with medical data, precautions regarding its sensitivity must be multiplied.

El right to privacy is considered a human right and is one of the fundamental freedoms of people, according to which no one should be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence. And it is the law that must prevent such interference from occurring. 

Globally, the executive heads of the United Nations system, urged that, in the context of digital communications, all countries redouble their efforts to respect and protect the right to privacy, as established in Articles 12 of the Universal Declaration of Human Rights  and Article 17 of the International Covenant on Civil and Political Rights.

“There are two legal situations with regard to medical data. The first is that many laws around the world consider medical data to be 'sensitive data'. This category includes all data that, in some way, may cause discrimination, even potentially, and for this reason the law gives them a criterion of preventive protection,” explains the Social Communication graduate and lawyer, María Ludovico. 

The lawyer adds that "the second issue that occurs with the medical data is that health professionals and public and private health establishments are obliged to respect professional secrecy before, during and after their relationship with the owner of said data has ended.” 

How to prevent data leakage?

The sensitivity of the information that personal and medical data often contain means that efforts to prevent its exposure are essential. Leaking it can not only have terrible consequences for the affected people, but also harm doctors and institutions who may even be fined. 

“The leakage of confidential patient data can be compromised when health institutions fail to place focus and resources on the places where this data resides, such as computing centers, public and/or private clouds,” explains Sergio Oroña, Managing Partner of Consulting Services.

There are currently international standards for medical data security, such as the ISO 2700x standards. These types of regulations allow LATAM health providers to adapt their systems from a security perspective., both from institutions and from patients.

“Correct guidance from the CEOs of the institutions and an external audit that certifies compliance with the defined standards is a mechanism that allows shortening possible security breaches,” explains Oroña.

As for the patients -he says- It is important to have the double authentication factor activated in the mobile and desktop apps of the providers through software“The use of tokens, Face ID and/or fingerprints are methods that allow the user to be verified in addition to the username and password, and greatly increase the level of security in a simple manner,” he adds.   

There are four fundamental bastions to ensure a solid barrier in the management of patients' medical data. These are:

• Investment in IT Security by institutions
• That companies have suitable professional IT resources.
• Compliance with safety standards 
• Conducting regular external audits.

“The combination of auditable security technologies and the management of these resources by qualified professionals is the basic requirement to guarantee a high level of data security,” adds the specialist.

What are medical data cybercrimes?

Whenever users of technological devices or systems do not have a preventive culture of security related to computer assets, they can become victims of cybercrime.

La INTERPOL conducted a study on cybercrime in relation to medical data following the COVID-19 pandemic, which highlighted the exponential growth of the following cybercrimes:

• Phishing: Cybercriminals, often posing as health authorities, send their victims phishing emails in which they are encouraged to provide personal data and download malicious content. 
• Disruptive malware (ransomware and DDoS): Spurred on by the prospect of causing serious problems and making a profit, cybercriminals demand ransom in exchange for the return of sensitive data. 
• Malware aimed at identity theft: In the field of cybercrime, malware attacks aimed at obtaining data are also on the rise, such as remote access Trojans, information stealers, spyware or banking Trojans to infiltrate systems and infect networks, steal data and divert funds.

According to Verizon, 85% of cybersecurity breaches are caused by human error. Arkose Labs also estimated that in 2020, due to the digitalization of different industries to deal with COVID-19, there were around 445 million cyberattacks worldwide, double the number in all of 2019. 

“The concept of 100% security does not exist, but if we manage to maintain a culture of IT security in providers, the possibility of data leakage and/or theft is greatly reduced,” concludes Oroña.

To SURA Insurance, protection is paramount. We live in an era where technology has changed the way we do things and it is up to us to put it to work to ensure the fulfilment of fundamental rights for all human beings.