GDPR: when you need support – Richard LishmanFeatured Products Promotional Features
Posted by: The Probe 17th October 2019
You may have seen on the news recently that the Information Commissioner’s Office (ICO) has levied some huge fines against well-known brands for breaking GDPR guidelines. Both British Airways and the Marriott hotel chain have been found guilty of breaking laws that protect consumer’s data, and this has resulted in them being fined almost £300 million.[i]
This is just part of the first wave of fines being handed out by the ICO to those who break GDPR guidelines. So, what does this mean for dental professionals?
Trust and finances
Although both of these examples feature huge, multinational companies, dental professionals still need to remain vigilant in order to protect their practices from accruing penalties. Indeed, a hefty fine could be enough to put a practice out of business financially, and the ICO has reported that these sorts of fines are only going to become more commonplace in the future as the crack down on GDPR malpractice becomes stricter.
It’s also worth considering the impact that a GDPR breach will have on the reputation of your practice. Trust underpins so much of the dentist-patient relationship, and if a patient knows that their data may not be necessarily safe with your practice, this spells big trouble. It’s likely that even if your practice survived a large fine from the ICO, patients would look elsewhere for treatment if they believed that their personal data was at risk. But why is it so important to protect patient information?
The value of patient data
It’s easy to underestimate the value of something like patient data. However, what you have to consider is that unlike something like credit card details, patient data contains a wealth of information that can be sold on the black market for different reasons. A good patient record will not only reveal their name and their current address, but also supply a whole history of any conditions they suffer from, their past addresses, possibly their financial details and so much more. This can all be sold off to the right bidder for considerable profit, especially as unscrupulous individuals can use these records to demand ransom if they find anything that incriminating that will give them enough cause to do so.
According to some sources, medical data can be worth as much as £40 for an individual person. To put that into context, this is compared to other information that you may imagine to be more lucrative such as credit card numbers, which are only roughly worth around £1.20.[ii]This means that details of even one patient can be a lucrative source of money if it falls into the wrong hands.
Vigilance is key
It’s necessary for every practice to have already put GDPR protocols in place. However, that doesn’t mean that the very concept of GDPR is free from confusion, and it can be difficult to understand where you become liable for legal action against you. Therefore, it’s important to ensure that all staff are fully aware of the GDPR guidelines and take the time to walk through these with anybody in your practice who may come into contact with patient data of any kind. This includes any emails that have patient photos attached or any of their information written in them.
Another thing to bear in mind is how you share your work with your colleagues. It’s not unusual for dentists to have WhatsApp groups or other digital chats where you can share case studies etc. However, whilst this may seem harmless, these groups are just as prone to cyber threats, and therefore it’s much safer to avoid this sort of behaviour, especially as it violates GDPR guidelines in the first place.
Advice when you need it
The best way to avoid falling into a pitfall with GDPR is to consult professionals who are fully acquainted with the new laws and whom will be able to offer you advice about how to keep patient data safe, as well as how to proceed should you make a mistake.
The award-winning team of Independent Financial Advisers at money4dentists have years of experience doing business with individuals in the dental sector, and are fully up to date with all changes in legislation and other matters that may affect your practice.
This includes giving you advice surrounding GDPR and ensuring that you and your practice avoid any workflows, date storage methods or communication which could result in accidental infractions.
Better safe than sorry
GDPR may seem confusing, but as you can see from the fines levied by the ICO, it’s not something to be uncertain about. If you are unsure about anything surrounding GDPR guidelines or want advice on how to proceed with how your practice stores and uses patient data, it’s always good to get a second opinion so that you can be certain that your practice will be safe from litigation.
[i]The Guardian. GDPR Fines: Where will BA and Marriott’s £300M Go? Link: https://www.theguardian.com/business/2019/jul/10/gdpr-fines-ba-british-airways-marriott-data-watchdog[Last accessed July 19].
[ii]VERIPHYR. Medical Records are Worth $50 Each on the Black Market. Link: https://veriphyr.com/patient-data-worth-50-each-on-black-market/[Last accessed July 19].