Close this search box.
Data Protection

Secure data sharing: The Grand Challenge in Health

Despite the numerous benefits of adopting secure data sharing, data protection and privacy will be the major challenge for these organizations to overcome.

It is not all about adopting technologies, such as electronic medical record systems, there are policies and processes involved, as well as user awareness.

Indeed, data protection and confidentiality are top priorities in the IT sector, and in healthcare it will be no different. But it is not always easy to achieve these goals on a large scale.

It is no wonder that secure data sharing in healthcare is considered the big hurdle for the coming years.

Always keep patient safety in mind

For many health and IT security experts, data sharing in healthcare is a “double-edged sword”.

On the one hand, managers and doctors want innovation in healthcare and for patients to be able to decide what data they want to share and with whom they want to share it.

On the other hand, technology professionals want to ensure data protection and privacy, and therefore when patients allow the sharing of their medical information, they should fully understand what is happening with their data and where that information travels.

Data privacy can become a trap

To give you an idea, 80% of behavioral health apps in the Apple App Store share information with third parties.

Determining who has access to this data once it is shared can be difficult, especially if an end-user license agreement is involved.

Have you read the Facebook end user license agreement? It would probably take hours. So when we talk about secure data sharing, a user license agreement that takes hours to read and understand is not consent with data protection and privacy in mind.

This concern also applies to healthcare institutions. The rules adopted for the storage and use of data by these organizations will also have a significant impact on patients’ lives, putting the permission to share data directly in their hands.

Ultimately, existing legislations have reduced the risk of information sharing between healthcare organizations, but if a patient allows to share their medical data, the General Data Protection Law (LGPD) may not apply, in cases of problems.

Investment in data protection and privacy is critical, but it is only one stage towards secure sharing.

Today, operating systems and healthcare solutions are better protected and attackers have shifted their attention to the human element, aiming to break into the organization’s information systems.

As the number and frequency of cyber attacks designed to take advantage of innocent people are increasing, the importance of the human factor in information security management cannot be underestimated.

To combat cyber-attacks designed to exploit human factors in the data protection and privacy chain, it is paramount to recognize information security with the aim of reducing risks to health information that occur due to user-related vulnerabilities.

Education, policies and processes as the key to safe sharing

In October 2019, the Alabama health system in the United States was the victim of an attack that left it unable to accept new patients at three hospitals. An undisclosed amount was paid to stop a cyberattack and restore the hospitals’ operations.

But investment in data protection and privacy through technology is not the only thing to be done to reduce the risks and attacks that are bound to occur in this new decade. Technological resources are just the “tip of the iceberg” to ensure secure data sharing.

Often, in order for attacks to occur or for data sharing to happen inappropriately, viruses and malware need the help of users to get into computers.

In the context of information security, social engineering is the use of techniques to manipulate individuals into divulging confidential business or personal information that can be used for fraudulent purposes.

In other words, people can be misled into disclosing strategic information that they otherwise would not.

Common vectors of attack on users include:

  • Phishing: fake emails to trick people into clicking on a link or opening an attachment that carries a malware payload;
  • Social media: Social media can be a powerful vehicle to convince a victim to open an image downloaded from a website or take other compromising actions;
  • Instant messaging: Instant messaging clients can be hacked by cybercriminals and used to distribute malware to the victim’s contact list;
  • SMSishing: SMSishing uses text messages to get recipients to navigate to a website or enter personal information on their devices;

Organizations should conduct regular training to help employees avoid common pitfalls of malware and other threats.

And to achieve this goal, there is a wide variety of methods for information security awareness, such as web-based training materials, contextual training and embedded training.

Why do healthcare institutions need IT security policies and procedures?

The goal behind IT Security Policies and Procedures is to address threats, implement strategies on how to mitigate them and how to recover from threats that have exposed a part of your organization.

IT security policies and procedures provide a roadmap for employees on what to do and when to do it. Remember, for example, the annoying password management policies that every company has.

If this policy and procedure did not exist in organizations, how common would it be for people to use simple, easy-to-guess passwords that ultimately open the organization to a greater risk of data theft and/or data loss.

An organization’s information security policies are usually high-level concepts that can cover a large number of security controls.

Issued by the company to ensure that all employees using information technology assets within the organization comply with established rules and guidelines, the information security policy is designed so that everyone recognizes that there are rules by which they will be held accountable regarding the sensitivity of corporate information and IT assets.

Secure data sharing in healthcare is the convergence of technology and awareness

Senior management in healthcare institutions plays an important role in protecting assets and sharing information in an organization.

Executive management can support the IT security objective by setting security goals and priorities and ensuring the necessary investments for data protection and privacy.

However, even knowing that the use of resources, such as certificates and digital signatures, tools such as antivirus and firewall and personnel specialized in information security.

End users have a responsibility to protect information assets on a daily basis, through security policies and processes that have been defined, communicated and need to be enforced.

End-user compliance with security policies is essential to maintaining information security in an organization, this group primarily represents securing the medical information of patients and family members at what can be considered the most fragile times in a person’s life.

About Eval

A EVAL está há mais de 18 anos desenvolvendo projetos nos segmentos financeiro, saúde, educação e indústria. Desde 2004, oferecemos soluções de Autenticação, Assinatura Eletrônica e Digital e Proteção de Dados. Atualmente, estamos presentes nos principais bancos brasileiros, instituições de saúde, escolas e universidades, além de diferentes indústrias.

Com valor reconhecido pelo mercado, as soluções e serviços da EVAL atendem aos mais altos padrões regulatórios das organizações públicas e privadas, tais como o SBIS, ITI, PCI DSS, e a LGPD. Na prática, promovemos a segurança da informação e o compliance, o aumento da eficiência operacional das empresas, além da redução de custos.

Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível.

Eval, segurança é valor.

Data Protection

Real-Time Payments: Transforming the Digital Economy

One of the characteristics of our digital lives today is that we live online and real-time payments have become an increasingly present reality, such as the use of credit cards.

From downloading media content to booking holidays, the latest news or video calling friends and family, our digital experience is instant. Transactions through instant payment methods in our bank account come to consolidate this new reality.

The next step in developing an efficient digital economy and extending the real-time experience to businesses and the wider financial chain is to accelerate the process of financial operations to transactions with consumers, businesses and government.

A crucial means of addressing this is the development of immediate or instant payment schemes. In some countries, real-time payments already play an increasingly important role in facilitating trade and supporting the business models of the future.

Understanding the value proposition of real-time payments

The idea behind instant payments has several features. It should operate 24/7 with an end-to-end payment process from payer to payee of one minute or less.

Payments are confirmed or rejected immediately, allowing payment instructions to be corrected and retransmitted immediately and without loss of value or time.

In addition, successful payments are final and irrevocable, so they cannot be recovered after transmission. From a banking perspective, participants periodically settle net transactions after payments have been made, either during the day or at the end of the day.

Practical benefits of using instant payments

Banks are using real-time payments to adapt quickly to changes in the environment. The emergence of value-added services and the need for speed are having a growing effect on the real-time payments market.

Adopting a holistic approach to real-time payments should help organizations seize the opportunity for advanced and broader payment initiatives.

In practice, real-time payments bring benefits to financial institutions and customers in several ways. Thus, daily transactions can now be made immediately via mobile devices.

Easy implementation and timelessness of the transaction are the drivers of the real-time market. Faster implementation of real-time payments can be achieved through technology, operational capacity building, organizational impacts, risk analysis and controls.

Real-time transparency and security as real benefits

The increasing rate of cybercrime and lack of security are the main challenges of the real-time payments market. The risk can also be caused when there is a system failure during the execution of a transaction. The operational risks involved can also be constraining factors.

Meanwhile, the growth of the real-time payments market is also expected to offer greater transparency and security within the financial system. The opportunity for the real-time payments market depends on the e-commerce and retail sector as it is expected to grow strongly in the coming years.

As well, the implementation of security requirements set by the Central Bank and a framework of standards in place for most real-time payment service providers will create a platform of real opportunity for consumers through data protection and privacy, which will be key for financial institutions.

A competitive advantage is provided by real-time payment solution providers to e-commerce and retail companies by offering a cheaper, faster and most importantly secure way of payment.

Even with the many benefits, there are major challenges

Scheduled to launch in November 2020, PIX, the new payment system of the Central Bank of Brazil, aims to speed up and reduce the costs of bank transfers between individuals and companies.

However, to make real-time payments a reality, financial institutions such as banks, cooperatives, payment institutions and payment initiation service providers need to adapt to a common set of requirements, rules and standards defined by the Central Bank for security.

A challenge for financial institutions

One of the main challenges financial institutions face in rolling out instant payments is IT systems that are not adapted to the modern customer.

Above all, there is a lack of talent, financial institutions need to attract people who bring new creative thinking to implement the dynamics of real-time payments.

Another challenge is to accelerate the innovation process, with a focus on new technologies and agile scaling, financial institutions need to overcome low levels of customer trust.

The fear of fraud or other financial losses will cause the acceptance of real-time payments to go through a phase of mistrust that can be overcome in its implementation phase.


Real-time payments is all about the customer experience

The digital revolution is reshaping the industry’s view on instant payments based on a few key elements: speed, security, data protection and privacy, and total customer experience.

Indeed, the payments industry is undergoing a profound transformation, with customer needs shifting from simple payments to ‘beyond payment solutions’.

Continuous improvement of the customer experience, both collectively and individually, is required at all times.

The total customer experience needs to be considered when providing value propositions: payments are an important element, but not the only one, even if they are becoming real-time.

Real-time payments or real-time payment are now a reality, with several countries implementing instant payment functionality, such as Brazil, and others actively considering the imminent roll-out of such projects in their home market.

EVAL’s commitment to implementing instant payment transactions

Clearly, there are challenges and opportunities arising from the evolving payments landscape: on the one hand, margins are falling and the traditional banking model needs to adapt quickly to new trends: speed, security, ease of use and simplicity.

On the other hand, the innovation proposed by the new payment system will open up possibilities for startups and Fintechs that are already active in the market. Leading to a strong transformation in the financial market.

Eval firmly believes that PIX will drive innovation in payment platforms, transforming the way we make payments in the coming years, adding value and opening up all kinds of possibilities for all market segments, consumers and businesses.

Exclusive benefits for Eval customers

Thinking about all the transformation generated by PIX and the revolution of real-time payments, Eval brings through its commitment to innovation and security, exclusive benefits for customers when hiring our services in the implementation of real-time payment transactions.

  1. Scalability and Elasticity: Prepared for millions of transactions and peak hours.
  2. Security: Transactions with the highest possible level of security.
  3. 24x7x365 availability: An essential infrastructure for society.
  4. Rapid Implementation: System implemented before November 2020.
  5. Speed: estimated transaction time between payee and payer less than 10s.
  6. Experience since 2004 in regulatory digital signature projects;
  7. Qualified staff for such care based on SPB/Compe experiences;
  8. Complete offer for SPI Digital Signature (Digital Signature and Verification Software, HSM and SPB Digital Certificate);

Eval is a company specialized in high-tech services and solutions focused on Digital Signature, Authentication and Data Protection.

The company has excelled in developing critical solutions and emerging technologies, e-service enhancements to add value and improvements for our customers.

Our main goal is to support your institution’s authentication, signature and data protection projects, reducing costs and maintaining a high level of security and reliability.

For real-time payments, in particular PIX, Eval is providing a complete solution for digital signature, from the digital signature and verification software, as well as the digital certificates required for communication and the HSM that the Central Bank recommends using. And so if you want to know more please contact us.

About Eval

A Eval está há mais de 18 anos desenvolvendo projetos nos segmentos financeiro, saúde, educação e indústria. Desde 2004, oferecemos soluções de Autenticação, Assinatura Eletrônica e Digital e Proteção de Dados. Atualmente, estamos presentes nos principais bancos brasileiros, instituições de saúde, escolas e universidades, além de diferentes indústrias.  

Com valor reconhecido pelo mercado, as soluções e serviços da Eval atendem aos mais altos padrões regulatórios das organizações públicas e privadas, tais como o SBIS, ITI, PCI DSS, e a LGPD. Na prática, promovemos a segurança da informação e o compliance, o aumento da eficiência operacional das empresas, além da redução de custos.  

Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível.  

Eval, segurança é valor.