The privacy dilemma: safeguarding patient data

Cloudera Inc

By Vinicius Cardoso*
Monday, 10 February, 2025

The privacy dilemma: safeguarding patient data

The potential benefits of GenAI and the insights it provides often seem to conflict with the mandate to protect patient data. A privacy-by-design strategy may hold the key to overcoming this.

In today’s healthcare industry, data is recognised as one of the most valuable assets. Many healthcare technology leaders are working to unlock this value by using AI-driven analytics to improve patient outcomes and reduce costs. These tools help healthcare providers better understand patient health issues, create effective treatment plans and evaluate results. With these insights, providers can identify what’s working well and where improvements are needed to support patients and practitioners alike.

The dilemma

However valuable, achieving these insights requires IT teams to process large amounts of personal and highly sensitive patient data through AI models. The challenge is that while the data enhances patient care and experiences, healthcare organisations must also prioritise keeping this information secure and private. Unfortunately, not all organisations succeed in this area. Recent research from the Office of the Australian Information Commissioner revealed that the healthcare sector reported the highest number of data breaches in Australia during the first half of 2024.

The Australian Government emphasises the importance of patient privacy. For example, the My Health Records Rule of 2016 requires healthcare organisations to establish, communicate, and enforce security and access policies. The stakes are high — mishandling data can lead to significant reputational, financial, legal and customer retention risks. To meet regulatory demands and support long-term growth, healthcare providers must invest in secure data management solutions that enhance GRC (governance, risk and compliance).

Organisations with substantial brand value are particularly cautious about reputational risks tied to poor data management. In regulated industries like health care, failing to comply with privacy standards can lead to lawsuits and a long-term loss of patient trust. This creates a dilemma: the potential benefits of GenAI and the insights it provides often seem to conflict with the mandate to protect patient data.

Privacy by design

One way to resolve this conflict is to integrate data privacy into the core of business operations, a concept known as ‘privacy by design’. It’s an approach that embeds privacy measures into IT systems and business practices from the outset. By managing the entire data life cycle — from collection to disposal — organisations can ensure compliance with privacy regulations and protect sensitive information.

By adopting secure data management platforms and a privacy-by-design approach, healthcare providers can harness the power of AI and data analytics without compromising patient privacy. Beyond meeting compliance requirements, this strategy demonstrates a commitment to protecting personal data and improving patient outcomes. Ultimately, safeguarding privacy is not just a regulatory obligation — it’s the right thing to do.

**************************************************

Implementing a privacy-by-design strategy: key steps

Step 1: Adopt a consistent approach

Establish clear and consistent privacy practices across all people, processes and technologies involved in managing data.

Step 2: Be proactive, not reactive

Embed privacy measures into IT systems and business processes during the design phase. This proactive approach ensures practices remain resilient to evolving regulations.

Step 3: KYD, KYI (know your data, know your intent)

Understand what data you have, how it was obtained and the purpose it serves. Whether purchasing, collecting or using data, this knowledge is essential for compliance.

Step 4: Take ownership of the entire data life cycle

Define guidelines for how data is collected, stored, used and secured. Regularly evaluate these strategies to ensure they comply with healthcare privacy regulations.

Step 5: Deploy a modern data platform

A modern data platform can, for example, automatically identify and tag sensitive data, such as PII (personally identifiable information). These platforms can apply consistent security controls across all environments, allowing organisations to innovate while maintaining data security.

**************************************************

*Vinicius Cardoso is Chief Technology Officer, Australia & New Zealand at Cloudera.

Top image credit: iStock.com/Ridofranz

Related Articles

Why data access holds the key to better care

An AI-enabled healthcare sector is a potentially idyllic place, where healthy habits are...

Closing cybersecurity loopholes — lessons from the US

Gregory Garcia was once the most senior cybersecurity professional in all of the United States.

Concept to clinical care: what's holding back healthtech?

Australia is globally recognised for its exceptional medical research output. So why isn't...

Content from other channels on our network

The digital horizon: tracking security trends

Braze opens ANZ headquarters in Sydney

The future of data centres in the age of AI

Employees and leaders not seeing eye to eye on AI

GenAI hype meeting reality for Aussie orgs

Reflecting on the government DeepSeek ban

The zero-sum game: data privacy or data analytics?

DTA signs new whole‍-‍of‍-‍government arrangement with AWS

Thought Leadership Insights, episode 1: sponsored by Neat

Government invests $6.4 million in cybersecurity network for health sector

TAFE NSW students urge women to take up careers in STEM

Drawing out mercury: 'active' packaging for canned tuna

FoodTech Qld returns to the Gold Coast in 2025

Food business in NZ fined over contaminated sugar

Food manufacturer commits to make workplace safer after incident

  • All content Copyright © 2025 Westwick-Farrow Pty Ltd