Digital tools are reshaping how healthcare is delivered, but making sure the systems behind it are secure is a challenge facing providers, a leading health law expert warns.\u00a0<\/p>\n
Catherine Deans, a partner at law firm Dentons and co-lead of its health law practice, says the sector\u2019s rapid move toward digital platforms is increasing both opportunity and exposure.<\/p>\n
From electronic patient records to AI-assisted note-taking, \u201chealthcare has always been an early adopter of technology,\u201d she says. \u201cBut that also makes it vulnerable to more sophisticated ways of exploiting the information it holds.\u201d<\/p>\n
The nature of that information raises the stakes, Deans says. Every day, healthcare providers collect personal data, from clinical notes to identifying details such as addresses and national health index numbers. Unlike other forms of personal information, health data is inherently private and, in the wrong hands, highly valuable.<\/p>\n
\u201cIt\u2019s not just about embarrassment or privacy,\u201d Deans says. \u201cHealth records often contain enough information to enable identity or financial fraud as well.\u201d<\/p>\n
That sensitivity is reflected in the law. Health information is governed by its own framework under the Health Information Privacy Code, with clear obligations around how it is collected, stored and accessed. But what \u201creasonable security safeguards\u201d look like in practice is less straightforward, particularly as technology evolves.<\/p>\n
The shift from paper records to digital systems has introduced new layers of complexity. Where files were once stored in locked rooms, data is now held across interconnected systems, often involving third-party providers.<\/p>\n
Artificial intelligence is adding another layer again. Tools that transcribe consultations or assist with record-keeping are becoming more common, offering clear efficiency gains. But they also create new, and sometimes poorly understood, points of risk.<\/p>\n
\u201cWe don\u2019t necessarily know where the exposure points are with AI,\u201d Deans says. \u201cThat means organisations need to be constantly asking questions about how these tools work and how information is being stored and protected.\u201d<\/p>\n
At the same time, the threat landscape is shifting. As digital systems become more advanced, so do the methods used to breach them, with cybercrime often enabled by the same technologies driving innovation.<\/p>\n
\u201cIt\u2019s not going away, and it\u2019s only becoming more sophisticated,\u201d she says.<\/p>\n
That creates a tension. There is pressure to adopt new tools quickly, particularly those that promise better outcomes or more efficient care. But without ongoing risk assessment and oversight, that progress can outpace the safeguards needed to support it.<\/p>\n
\u201cThe obligation to store information securely isn\u2019t a one-off exercise,\u201d Deans says. \u201cIt\u2019s an ongoing responsibility.\u201d<\/p>\n
Crucially, this is no longer something that can sit solely with IT teams. While they play a central role, responsibility sits at a governance level.<\/p>\n
\u201cYou can\u2019t just delegate this to IT and check in once a year,\u201d she says. \u201cThose responsible for governance need to be actively asking questions and making sure the right safeguards are in place.\u201d<\/p>\n
That means understanding how data is handled from the moment it is collected, through to how it is stored, accessed and, where relevant, shared with third parties. It also requires a level of due diligence around the systems organisations rely on, particularly when external providers are involved.<\/p>\n
The consequences of getting this wrong are not abstract. In some cases, breaches can directly affect care and Deans points to incidents where health records have been altered, raising the risk of incorrect treatment or medication.<\/p>\n
More commonly, breaches involve the extraction of large volumes of data, which can then be used for fraud or blackmail. But the longer-term impact is often less visible.<\/p>\n
\u201cPatients place a huge amount of trust in the system,\u201d she says. \u201cIf that trust is undermined, it can lead to people disengaging from healthcare altogether.\u201d<\/p>\n
At scale, that loss of confidence can have broader consequences for the health system.<\/p>\n
Rebuilding trust after a breach is possible, but it takes transparency. Organisations need to be clear about what happened, what information was affected, and what steps are being taken to address it. Just as importantly, patients need to be told what they should do in response.<\/p>\n
Looking ahead, Deans sees two risks standing out: the growing sophistication of cybercrime and the pace of technological change.<\/p>\n
Both point to the same underlying challenge. As systems become more advanced, the room for complacency shrinks.<\/p>\n
\u201cThe risk is not keeping up,\u201d she says. \u201cOrganisations need to make sure they are constantly checking their systems, their practices, and their procedures.\u201d<\/p>\n
Digital healthcare will continue to evolve. The question, Deans believes, is whether the systems designed to protect it can keep up.<\/p>\n