Syeda Uzma Gardazi (uzma.gardazi@gmail.com) is a Lecturer of Computer Science at Women of University Azad Jammu & Kashmir Bagh in Rawalpindi, Pakistan.
A patient record was leaked from a Mandi Bahauddin hospital that contained a video of a woman’s C-section surgery, and it disclosed the patient’s physical condition. This unauthorized disclosure was challenged by the woman’s family. This type of medical record is protected under the cyber security law. The Federal Investigation Agency can arrest doctors and put them in prison for up to seven years. It was unclear how long the C-section records were exposed, but the deputy commissioner immediately took action and suspended the doctors.
International protections
These types of medical records exposed in the data breach are protected under the USA’s Health Insurance Portability and Accountability Act (HIPAA). In its summary of the HIPAA Security Rule, the Department of Health and Human Services noted that “the rise in the adoption rate of these technologies [electronic health records] increases the potential security risks.” We should enhance the awareness level and compliance within the Pakistani healthcare industry, including information security. There is a need for compliance professionals in the Pakistani healthcare industry to review and prevent patient record breaches and to ensure compliance.
Internationally, compliance is controlled by applicable information security regulations (e.g., HIPAA and the General Data Protection Regulation [GDPR]). Countries like the US and the EU have set regulatory and standard requirements for the exchange of information internally and externally.
