At one look
Corona putting fuel on the fire
In addition, cybercriminals are taking advantage of the ongoing high level of interest in information about corona for extensive spam and phishing campaigns. The BKA reports that in the context of the corona pandemic, the number of malicious domains grew by 569 percent in the February/March 2020 timeframe. Consequently, cybercriminals used 16 percent of domains for phishing attacks, while 84 percent were used to host malware. Due to the heightened threat situation, maintaining IT security in healthcare requires ever greater efforts.
How are IT security and data protection in healthcare regulated by law?
New digital solutions in e-health work with a large number of sensitive data sets such as diagnostic findings, X-ray images, and laboratory results. This information is subject to the strictest security and data protection requirements. The compliance guidelines for the healthcare sector are based on the General Data Protection Regulation (GDPR), the German Social Code (SGB) V and X, the E-Health Act, the Digital Healthcare Act (DVG), and the Patient Data Protection Act (PDSG). Anyone who wants to work with sensitive health information must ensure its integrity and confidentiality and provide an adequate level of protection.
For laboratories, hospitals, and companies that exceed certain thresholds in patient care, the requirements of the BSI Act (BSI-KritisV) and the IT Security Act (IT-SiG) also apply. These include, for example, hospitals that treat more than 30,000 inpatient cases per year. Legislation requires the operators of such critical infrastructure facilities to regularly demonstrate that their IT is secured in accordance with the state of the art. In all cases, the protection must be needs-based and risk-oriented.
What you need to know about IT security and data protection in healthcare
The more the digital transformation in healthcare progresses, the more crucial it becomes to secure the newly implemented systems and processes. These services optimize administration, enable the rapid exchange of important treatment data, and improve collaboration between doctors, laboratories, and pharmacies across the board. If disruptions or failures occur here, the medical care of patients takes a direct hit, and in an emergency, human lives may even be at stake. For this reason, consistent protection is priority number one. Moreover, data protection is also paramount for the healthcare sector. In the EU, the GDPR gives personal data a special protected status. Furthermore, the sector must comply with the SGB, DVG, PDSG, and the E-Health Act in data processing and information security. Violations of security and data protection requirements are punishable by heavy fines.
At the same time, e-health solutions should be as efficient and convenient as possible in order to facilitate the day-to-day work of medical staff and provide patients with real added value. If too many compromises have to be made due to security and data protection requirements, this will considerably lower acceptance and the willingness to implement them. With modern technology and the necessary expertise, however, it is certainly possible to develop fast, convenient, and secure e-health solutions. Specialized service providers can play a key role in supporting the healthcare sector in their implementation. A similar strategy is being pursued by gematik, which is currently pushing ahead with the development of the German Telematics Infrastructure 2 (TI 2.0). As an internet-based platform, TI 2.0 is intended to provide a future-proof basis for e-health services and open communication between services and users. gematik is working closely with industry and service providers to ensure rapid further development and interoperability.