The General Data Protection Regulation (GDPR) will come into force on the 25th May 2018, replacing the existing data protection framework under the EU Data Protection Directive. The GDPR represents one of the most challenging and evolving areas of law facing businesses today. There will now be strict, enforceable obligations governing how practices process the personal data of their patients.
The risks associated with non-compliance with data protection law post 25th May 2018 will change dramatically. Failure to address GDPR obligations may result in fines of up to 4% of yearly turnover. As your software partners, we are committed to facilitating and continuing to develop key features within your practice management system required to meet your GDPR obligations.
Over the last number of months, we have worked with key industry stakeholders and GDPR experts in order to develop a robust and secure GDPR module for our Practice Management systems (Socrates, Helix Practice Manager and Health One. GDPR Sentinel features product enhancements designed to help our customers on their road to GDPR compliance.
Our GDPR Sentinel Module upgrade includes:
- Server encryption for your data – all patient data is encrypted at a server level to make sure that only approved staff and users can access the data. Encryption renders data useless if it is compromised by nefarious means such as ransomware or other potential hacks. This feature is provided by a third-party supplier and will be available from May. Our team will contact you directly to facilitate this change.
- Data subject access requests – investigate and manage all data access requests and export patient notes to ensure that they can easily be completed within the 1-month mandatory timeline outlined by GDPR.
- Data auditing – Reporting functionality to assess, monitor and report on how, when and where your data is accessed. Data audits can also help with internal GDPR compliance by providing you with details on who has accessed specific records.
- Product access security enhancements – improved system passwords to include expiry dates, appropriate levels of character complexity and mandatory minimum password lengths.
- The right to be forgotten – Article 17 of the GDPR states that all data subjects now have the right to request that their personal data be completely erased/forgotten. We will facilitate any right to be forgotten requests that you may receive by providing a dedicated support function to qualify and process any such requests that have met a pre-determined set of GDPR compliant conditions.
GDPR Sentinel has been developed to facilitate our customers’ requirements in meeting the new GDPR regulations and we will continue to update the module to cater to future GDPR requirements.