The EU GDPR Challenge for Healthcare

Healthcare EU GDPR Challenges

Technical innovation, digitisation and online working and collaboration in the healthcare sector helps to improve medical care and services for us all. However, along with all this ‘tech’ come genuine worries about data handling, privacy and protection.

Here’s the frightening thing about the healthcare industry. For the three years to the end of 2016, it experienced 43% of all UK data breaches (see theregister report here)! This is the highest of any industry.


Healthcare Regulation

As a result, the secure and confidential processing, sharing and archiving of patient data is of particular concern to everyone, inside and outside the industry. Healthcare is (and arguably needs to be) a highly regulated industry. For example, GPs in England must keep patient records for 10 years after death. This is a very onerous responsibility on small organisations that must securely hold vast amounts of data.

In addition to industry specific legislation, healthcare organisations also need to prepare for the looming EU General Data Protection Regulation (EU GDPR). It comes into force on 25th May 2018. If any have not started taking action in response to this legislation, they need to – and VERY quickly.

For further information, please check out our other blogs on the subject of the EU GDPR.

Two Key Challenges

Many organisations working in the healthcare industry are failing to notice two key areas in the forthcoming EU GDPR regulation. These are RESPONSIBILITY and COLLABORATION.


In the area of responsibility, the penalties for non-compliance go right to the top of any organisation. This does not mean the top person of that particular facility, but the head of the whole enterprise.

So, any penalties for a breach will be up to 4% of the whole organisation’s income, not just the ‘guilty’ facility. How this will pan out for NHS institutions is yet unclear. For those (pseudo) private healthcare organisations, it is 100% clear!


Within the EU GDPR there is the requirement on the ‘Data Controller’ to ensure that everyone with whom they share patient data meets these regulations. This means that any provider, or supplier of services to the industry can have their contract put on hold (or cancelled) if they cannot prove compliance.

The same principle applies to the very critical sharing of (often) life-saving patient data between primary, secondary and tertiary providers. This begs the question, can a compliant hospital share data with a non-compliant GP practice? As a patient myself, I (worryingly) think not!

Meeting the Regulations

Hospitals, medical centres, other health care providers and suppliers, will all need to introduce additional security and processing measures to meet the requirements.

Of course, EGOSECURE cannot control your internal processes and procedures to achieve compliance. However, our suite of data security solutions DO address the technology requirements of the regulation. This is key, since so many others profess to do so, but fail to deliver.

Where does EgoSecure Data Protection Support the EU GDPR?

EgoSecure Data Protection version 12 offers a COMPLETE  security solution portfolio. This helps ensure compliance with EU-GDPR Articles 25, 30, 32, 33 and 34. These Articles relate to:

  • preventing attacks by encrypting data,
  • monitoring data breaches without encryption,
  • privileged user access control,
  • audit data and control of data transfer in real time.

Now, here’s where everyone else fails. It is so difficult to get accurate and unbiased information on the risks, what to protect and where your protection focus needs to be.

The good news is that EGOSECURE offers the very tool that everyone needs……..

Protect What Needs to be Protected

EGOSECURE’s Insight Analysis provides factual data showing the overall picture of the data security situation for any organisation. The results of this analysis are processed, then displayed in graphs and tables so management can easily see which protective measures need to be taken.

This analysis software forms the baseline of our protection policy, i.e. protecting corporate networks according to their individual needs.

We then deploy EgoSecure Data Protection. Now, we don’t advocate that everyone deploys all the modules and functions of our comprehensive solution; it covers ALL areas of data security at endpoints. However, the beauty of our solution is that we use that data from Insight, to determine exactly which of the modules need to be deployed.

Insight then delivers ongoing advice on any changes to the organisation’s security needs.

What is of paramount importance for compliance with the EU GDPR is that EGOSECURE uniquely both reports and secures all confidential data in the event of a leak or attack.

It’s worthwhile understanding that our solution is entirely in-house developed. It enjoys the advantage of a single installation, a single database accessed by all modules and functions, managed via a single intuitive management console. For customers, this means simplicity and truly agile security.

Now, don’t just listen to us, check out what other healthcare organisations are saying about EGOSECURE here.

If you would like to hear more about Egosecure Data Protection, contact us:


Telephone:   +44 (0) 203 876 8310