Information is the most important currency to any business in the modern, highly tech driven world, and as a currency we should treat it with the utmost respect to avoid it being stolen, forged or devalued just like the money in your pocket.
In technical terms, information is data, and data must follow the three principles of information security: Confidentiality, Integrity and Availability.
Confidentiality is the most important aspect of data when it comes to the Healthcare and Life Science industry. Providing assurances that any company will treat information as securely, ethically and with only appropriate access is critical, especially when dealing with patient and pharmaceutical data. MRN takes a proactive approach to confidentially; we secure and segregate data at source and redact information as required by our processes. All of this is backed up by our encryption at rest and in transit for all data to industry standards of AES 256bit encryption, Multi Factor authentication as a standard and pre-expired complex password for users.
Integrity of data ensures that its accurate both in capture and in storage. Tampering with data must be prevented at all points and any change must be logged. This leads on to the backup of data, authorised changes must be reflected in the backups. There are 5 principles that Data Integrity must follow:
- Attributable (Who created or changed the data)
- Legible (Data must be readable)
- Contemporaneous (recorded in a timely manner)
- Original (collected directly at source)
- Accurate (consistent, complete data captured)
MRN has made great strides in data integrity assurance, with eSource solutions capturing data in an electronic format at source, to new back-office systems ensuring data is validated and attributable with consistent backups.
The Availability of data has to be apportioned correctly dependant upon the data classification, the data source, the usage of the data and the time of use. Accessibility and inaccessibility to data has to be monitored and can have a huge adverse impact to any business if it is incorrectly applied. MRN has ensured that all data is classified and made available appropriately based upon the needs of the individual user and the specific use case.
Going back to the money analogy, you wouldn’t leave your wallet or purse unattended, let you bank open the door to your account or have your mortgage company add charges without clearing it with you. We should take the same care with our data.
Over the last 12 months, MRN has taken great strides to ensure that our data capabilities surpass the stringent requirements of our industry and as such have pursued and now obtained our ISO27001 qualification. This dedication to information security sets MRN apart and shines a spotlight the level of quality that we have always taken pride in for our clients and our patients.
Author: Phillip Winters
Executive Director Information Technology