Milan Chande graduated from the University of Manchester Dental School in 2014. He say's "My personal interest and knowledge in technology of a fair number of years has encouraged me to write this article." "My intentions were to help young dentists be more aware of the risks of using cloud-based backup services, and to offer advice on protecting their data when using these services."
Whilst increasing numbers of dentists are digitalising their dental images, an ever-growing catalogue of data to backup is being created. Despite the availability of many options to backup data, cloud storage has been the safest and most used option by many in the dental profession. This article explores the risks associated with storing digital images online and ways in which the data can be stored safely, maintaining patient confidentiality and reducing the risk of data loss.
Over the last few years, the management of data in Dentistry has become ever more important. As more radiographs are digital and more dentists are taking digital photographs as part of their patient record keeping. Traditionally, data has been backed up with the use of external hard drives. However in the event of a fire or theft at the practice, the risk of data loss remains high. Therefore a solution to backup data offsite has been sought, that is easy and safe to use.
What is the cloud?
Over the last few years, there have been huge investments by companies in the storage market. This has translated into the formulation of products which allow customers to back up their data to the 'cloud'. The cloud is a designated storage allotment designed for backup purposes. The customer has access to the storage when they have a connection to the Internet.
There are several advantages to online services that make it an attractive backup solution. The cost of these cloud storage services is very reasonable, with many companies offering initial storage space for free and a small monthly fee for larger amounts of data. This gives dentists the advantage of only having to pay for the amount of storage they require and then allows them to expand their storage availability both quickly and cost effectively, without the need to purchase further equipment.
Safety First
To reduce the risk of dental data falling into the wrong hands, firstly a difficult password for the cloud-based account should be created. Google Inc. has produced a series of guidelines to help users to formulate passwords which are virtually impossible to be guessed by others. The guidelines involve the use of numbers, letters and special characters in the password.
However, more importantly a cloud based storage solution should only be used when a multi factor authentication system is used. There are three possible factors of authentication, which can be split into the following categories:
- Something only the user knows e.g password or pin
- Something only the user has e.g mobile phone or bank card
- Something only the user is e.g biometric identification such as a fingerprint.
Whilst three-factor authentication is currently not available for consumer grade products, two-factor authentication is available in the vast majority of cloud-based services.
Two-step authentication
Two-step authentication is a technique whereby the password to the account is not the only determining factor to the access of the cloud storage system. This feature is enabled with the user providing their mobile number. When an attempt is made to log into the account with the correct password, the user is prompted to enter the code that is sent to them via a text message on their mobile phone.
This technique allows greater security when using cloud-based backup solutions. Without such a feature enabled, it would be an unwise decision to use cloud-based backup services to store dental images. At the time of writing this, all major cloud storage providers including OneDrive, Google Drive, Dropbox, iCloud and Box offer this feature for free.
It is important to emphasise that whilst cloud storage may seem like an attractive option for data back-up, some serious risks are associated with it use, which include the loss of data as well as breach of patient confidentiality. Therefore if cloud storage is used then two-step authentication, at the very least, should be used for protection of the dental patient's data.
Data Protection Act 1998
The Data Protection Act controls how organisations, businesses or the government uses personal information. People who have access to data are obliged to follow a strict set of rules termed 'data protection principles'. They must make sure that data is:
- Used fairly and lawfully
- Used for limited, specified purpose
- Used in a way that is adequate, relevant and not excessive
- Accurate
- Kept for no longer than is absolutely necessary
- Handled according to people's data protection rights
- Kept safe and secure
- Not transferred outside the UK without adequate protection
As dental professionals we must all follow these strict criteria when dealing with patient's personal information. We currently do carry out the first six points in our clinical record keeping. The last two points on the list are the most significant in terms of detailing with online storage of data.
Firstly with two-step authentication being available to use on all cloud storage devices, it would be the dental professional's duty to ensure this is enabled to ensure they are keeping data safe and secure. If online data were to be leaked without the dental professional having enabled two-step authentication, it would be looked at very negatively into in a court of law.
When transferring data to online storage services, often the servers are based in foreign countries, such as the USA. Therefore the data is actually being transferred outside the United Kingdom. Consideration must be given to the final data protection principle. Dental professionals must consider whether the data they are transferring to online cloud storage services is with adequate protection. By employing the technique of complex passwords and two-step authentication, the users of cloud storage services can be rest assured that they are maintaining all the data protection principles and ensuring they do whatever is necessary to keep their patients data safe.
Conclusion
Taking into consideration the Data Protection Act 1998 and realising that it does not state anywhere in law that forbids dental professionals to use online cloud services: It therefore can be concluded that online storage services can be utilised by Dental Professionals to store data on, but only when ensuring the correct principles of data protection are followed, as outlined in this article.
On a final note, it must be stressed that the security arrangements of online storage systems are always changing. Dental professionals should routinely check that they have the latest and most protected security arrangements with their storage providers.
Milan Chande
[email protected]