by Newlife IVF Team, updated on February 28, 2019
Data Protection aims to protect people's personal information by ensuring individuals have rights over their data, creating rules on how companies and governments can use data, and placing regulators to enforce the application of the laws. Nowadays, data protection has become more complicated than ever. New challenges have emerged in the form of new technologies and business models, especially considering that new services and systems highly rely on Big Data analytics, data sharing, tracking and profiling. The majority of the digital interfaces and platforms used in our everyday lives collect lots of data deriving from human behaviour. Almost all of the devices we wear, carry and interact within our homes, generate and track more and more data. In the modern era, protecting people's privacy is critical to effective and good democratic governance.
Data Privacy, which is also known as information privacy, constitutes a significant aspect of information technology (IT) dealing with the organisation's or individual's ability to define what data a computer system can share with third parties. Compliance regulations have been repeatedly created in response to the needs of a particular industry or section of the population. Such examples include the Children’s Online Privacy Protection Act (COPPA), giving parents control over what information websites collect from their kids, as well as the Health Insurance Portability and Accountability Act (HIPPA), securing patient confidentiality for all healthcare-related data.
Nevertheless, despite increasing awareness in regards to the right to data privacy in many countries, there is still a lack of legal and institutional infrastructure to support the protection of human rights. In particular, some parts of the world suffer from either a lack of regulatory and legal frameworks or a poor implementation and enforcement plan.
In the healthcare sector, data privacy issues often have a substantial impact. For example, Australia government officials have recently warned a “significant” technical glitch affecting an Australian Digital Health Agency's system, called My Health Record. The issue that emerged resulted in critical information to be missing or incomplete from the patient file.
Under this prism, the European Union has recently decided to proceed with the application of a new General Data Protection Regulation, which includes a set of important data protection rules ensuring that individuals have more control over their personal data while businesses can benefit from a level playing field. The Facebook/Cambridge Analytica revelations have shown that EU made the right choice to conduct an ambitious data protection reform, which applies as of 25 May 2018 to all companies operating in EU, regardless of their base location.
More specifically, the new EU regulation brings several improvements to deal with data protection violations:
Here at Newlife IVF, we consider the protection and security of personal data a matter of high importance and priority due to the extremely sensitive environment in which we operate.
There are a variety of reasons for placing a high value on protecting the privacy, confidentiality, and security of health information. Medical records may include some of the most intimate details about a person’s life, such as a patient’s physical or mental health, personal relationships or even financial status. A potential data breach can have a huge negative impact, leading to scenarios of medical fraud or even identity theft.
The goals of our security plan are threefold: to ensure that (a) only authorized staff members can see stored data, (b) they only see the data when they need to use it for an authorized purpose, and (c) what they see is accurate. When it comes to security, we strongly believe that prevention is a matter of extreme importance. We maintain a comprehensive risk register that includes all the cases where something can go wrong and anticipates problems so we can correct things before even the problem occurs. Regarding patient data, we deploy several techniques to prevent any potential data loss starting from a well-designed backup plan. The preventive measures of our disaster recovery plan include the storage of data on local, as well as, remote backup servers. Moreover, our users can request their data to “be removed” or “transferred” at any time.
The security and reliability of our services are also a top priority. We invest heavily in the training of our staff and our infrastructure to ensure that best practices are followed in everything that we do. We use two-factor authentication for all critical systems and communications services, and automatically log all staff activity using an internal logging tool. Moreover, we only use third-party services, such as Amazon Web Services, which are fully vetted and adhere to the highest levels of privacy and security practices. All the information stored and transmitted is encrypted with AES 256-bit military grade encryption technology, which is the strongest and most robust encryption standard that is commercially available today.