Why it is important to manage SharePoint permissions in healthcare?

By

Whatever industry you work in, it’s wise to manage permissions within SharePoint in order to protect privacy and the security of your data. However, it could be argued that it is even more essential in healthcare, as healthcare organisations are required to handle sensitive patient data and personally identifiable information (PII).

In this post, we will examine the current state of data security in the healthcare sector – a recent deluge of leaks and breaches has led some commentators to describe 2017 as ‘the year of healthcare data breaches’. We will then discuss how effective permissions management is crucial to keeping patient data safe and secure.

 

A deluge of data breaches

In the UK, a recent report revealed that the healthcare industry has seen a disproportionate number of data breaches in recent years. Compiled using data from the ICO, the report analysed the number of data breaches, leaks and other related incidents across all sectors. The results showed that the healthcare sector was responsible for 43% of all such incidents in the UK (2,447 incidents). What’s more, the number of data breaches in the healthcare sector have increased year on year with a 20% increase from 2014 to 2016.

High profile cyberattacks, like the WannaCry ransomware attack in May 2017, understandably grab all the headlines. However, this disguises the fact that internal threats, from human error to negligence or even malicious intent, are just as much of a danger than external threats from cybercriminals. Below is the report’s breakdown, by cause, of 221 incidents that occurred in the UK health sector between October and December, 2016:

  • 24% – theft or loss of paperwork
  • 19% – information being posted/ faxed to the wrong recipient
  • 9% – information being emailed to incorrect recipient
  • 5% – failure to redact data
  • 22% – other

Trust lies at the heart of the doctor-patient relationship. In the past, this would have involved patients trusting their doctor not to verbally disclose their private information. Now, there’s much more to it. As patient data is recorded and stored in the cloud, patients need to trust that healthcare organisations can keep their personal data safe and secure. This includes trusting that the systems deployed to process their data are secure, reliable, easy-to-use and are managed effectively. And, more significantly, that only authorised people have access to personal and sensitive patient information.

Although the examples above all focus on the UK, this is a global trend. In the U.S., 2.7 million people had been affected by healthcare data breaches in 2017 so far.

 

Why it is important to manage permissions effectively

SharePoint permissions control who has access to your content across the breadth of SharePoint. A hospital may build an intranet, where doctors and nurses are regularly updating patient data as they meet with patients throughout the day. Having access to patient history is an essential requirement for every single one of these professionals. Likewise, before performing surgery, a surgeon will need to access all the relevant documentation about the patient and the operation.

However, there are many things to consider when managing permissions to make sure sensitive patient data is safe and secure, including several key questions that need to be addressed:

  • Who has permissions to the content?
  • When were they granted permissions?
  • What level of permissions do they have?
  • Why do they have permissions?

The problem is that administrators – or whoever has been given the role to manage permissions – can find it difficult to answer these questions. There are several reasons for this.

Size, scale and complexity

Not fully understanding how SharePoint permissions work can lead to unnecessary leaks and breaches, simply because the wrong people are given permissions to sensitive patient data. And any poorly managed site will increase the risk of things going wrong. However, SharePoint out-of-the-box can be complex and confusing.

For starters, there are a lot of permissions to manage. SharePoint has a large number of permissions built-in that allow administrators to control how users can access a company’s SharePoint. There are 33 different permissions that can be assigned:

  • Site Permissions (18)
  • List Permissions (12)
  • Personal Permissions (3)

That’s a lot of permissions to get your head around, especially when you consider that each permission needs to be addressed differently. You can read more about the different SharePoint permissions levels here.

Poor visibility

Another common complaint about SharePoint out-of-the-box is that it lacks any kind of centralised visibility, making it hard to see who has permissions assigned to them. It becomes impossible to answer the questions above because there isn’t a way to locate and identify the relevant information easily. Reporting in SharePoint doesn’t provide a clear enough overview of permissions, yet clarity is essential when you have so many different people with different permissions levels across an organisation.

 

Manage permissions with DeliverPoint

The risks associated with human error can be reduced by a more scrupulous approach to permissions management.

DeliverPoint is a tool that helps organisations manage permissions in SharePoint. It provides an easy-to-use UI that makes permissions management comprehensible, as well as a detailed overview of permissions and in-depth reporting that makes it easy to answer the ‘who, where, when, what, why and how’. Add to this the ability to manage permissions in bulk and dead account detection, and it becomes clear to see why so many organisations turn to DeliverPoint.

 

For more information regarding SharePoint permissions and how DeliverPoint can improve permissions management at your organisation, contact us today. You can also learn more about managing SharePoint Permissions with our helpful how-to tutorial videos.