In our latest interview series we speak with Michael Abtar from IG Smart, a specialist GDPR & cybersecurity consultancy, ahead of a seminar the company is holding on 26th November focusing on ‘Simplifying Privacy & Security for Healthcare Tech’.
Could you tell me a bit about yourself and your organisation?
I founded IG Smart Ltd in 2009, after having previously worked as a lawyer on a wide variety of cases across London and South East – from high value civil cases at the Royal Courts of Justice to murder trails at the Old Bailey.
It was working in a consulting capacity for health and social care organisations and local authorities in London that first introduced me into the worlds of Information Governance and Data Protection. I learned rapidly just how impactful two key pieces of legislation were having organisations, at the time. The Data Protection Act 1998 and Freedom of Information Act 2000 were (and in their current form, still are for some) the bane of so many people’s day jobs.
People generally do not have the time, inclination or ability to learn how to interpret complex legislation to understand what they actually needed to do in practice to ensure legal compliance. I soon realised that there was a huge demand for people with the ability to decipher complex legislation and convey simplified practical interpretations for clients, and huge potential risks for organisations that failed to comply.
At the time, there was also a rapid uptake of digital ways of working – from digitising paper records to enabling remote and multi-disciplinary ways of working. Opening a whole new can of worms from information governance, cyber security and data protection compliance perspectives. Seeing that this was going to continue to be the direction of travel, I gathered as many eggs as I could muster at the time (in the midst of still paying off a hefty law school loan and at the start of a major recession), put them all into one basket, and established IG Smart Ltd.
Once we started to simplify the challenges of legal and regulatory compliance for clients, in terms of what they could and could not do with personal data, we started to see other key challenges they faced, which were primarily; ensuring that the right people had access to the right information, at the right time (with the challenges of having disparate systems in place that often did not speak to each other and unreliable data when systems were integrated); and keeping data secure from constantly evolving and increasingly malicious threats.
Over time, we expanded the sphere of our expertise by building a world-class team of multi-disciplinary professionals from legal, cyber security, technical and digital change and transformation programme management backgrounds. From our experience of working around the globe across a broad range of industries (having spent our first 6 years working predominantly in the health space) we started to apply the lessons we learned in what I believe to be one of, if not the most complex environments, to other industries and our capabilities by leveraging leading-edge technologies. So as to provide our clients with a single trusted partner and point of contact to help enable them to holistically understand and overcome the challenges of running an organisation in the digital age.
Could you tell me about your upcoming seminar on Simplifying Privacy & Security for Health Tech?
The seminar is titled “Simplifying Privacy & Security for Healthcare Tech” and I’ll be personally delivering it on the 26th of November at St. Joseph’s Hospice in East London. It’s designed for anyone with responsibilities for designing, developing, delivering or managing healthcare technology solutions that process identifiable patient data. We’ll be exploring real-world, scenario-based insights into data privacy, quality and security best practice and people will learn tried and tested organisational, people-based and technological measures they can implement.
We’ve also recently published a whitepaper Simplifying Patient Privacy & Cyber Security for Healthcare Tech for anyone intending to use personally identifiable or pseudonymised patient data to develop and/or deliver healthcare technology solutions for use within the UK. By reading it people will gain high-level understanding of the key opportunities, challenges and threats that exist in the UK healthcare technology sector and learn key best practices.
The seminar and the whitepaper are both aimed at helping people to design, develop and/or deliver healthcare technology solutions which are cyber resilient and compliant with the General Data Protection Regulation (GDPR), UK Data Protection Act 2018 (DPA) and NHS Information Governance (IG) – including the Data Security & Protection Toolkit (DS&PT).
What are some of the main challenges the company addresses?
Today, we are predominantly focused on helping our clients to ensure that they; keep up with the pace of change in terms of compliance with new data protection and privacy laws like the EU’s General Data Protection Regulation and the UK’s Data Protection Act 2018; proactively identify and respond to cyber security threats and generally develop more mature approaches to cyber security; and meet international (eg ISO 27001:2013) and industry specific (eg the Data Security & Protection Toolkit for health and social care organisations and those that provide goods and services to them – where access to NHS patient data and/or NHS IT networks/systems is a requirement) standards.
What are the most significant achievements for your organisation in the past 12 months and what will be over the next 12 months?
Our two most significant achievements over the past 12 months has undoubtedly been us celebrating or 10th Anniversary and being recipients of the UK Enterprise Award for Best Cybersecurity Consultancy Firm 2019. We have been labouring away for the past ten years being focused on getting things done and adding value for our clients without actively seeking awards, so to receive such a prestigious award on our anniversary was a cause for double celebrations.
In terms of achievements over the next 12 months, I am really excited about some of the new clients we are working with that are doing some really interesting an innovative things with technology, particularly in the Healthcare Tech and Fintech spaces. From working with small start-ups to global enterprises that operate in over 150 different countries, I am really looking forward to helping our clients overcome the challenges they face.
I am also excited about the new cyber security vulnerability assessment capabilities that we have just launched, which will better enable us to help our clients to keep their data secure by automating vulnerability scanning and reporting, identifying whether they are exposed to common cyber security threats (99.99% of known threats), and providing them with simplified workflows which will let them know exactly what they need to do in order to keep their data safe.
What are some of the key lessons from your work within the health and healthcare technology sectors?
One of the key crosscutting lessons we have learned is that the entire UK health and social care economy is facing unprecedented challenges, with increasingly growing and ageing populations with complex comorbidities, target and cost pressures, increased regulatory scrutiny and fears about losing valuable staff to Brexit, all adding to the pressure.
We have had the pleasure of working with organisations across the entire health and social care spectrum. The message is the same across the board; better access to better quality data, and better use of digital technologies results in better care (e.g. by enabling patient-centric care, self-care and multi-disciplinary and digital ways of working).
The challenge for the healthcare and healthcare technology sectors are the actual and perceived Information Governance, Data Protection, Cyber Security and technical barriers often prevent organisations from achieving successful outcomes.
Whilst great efforts are being made at national, regional and sub-regional levels, there is still a lack of a joined-up approach towards addressing these significant barriers. Some key systems are still disparate and disintegrated and some organisations have still not managed to get their governance, risk and compliance processes in order, to facilitate better information sharing. To add to these challenges, there is a skills shortage (for example, there are more Data Protection Officers required than there are suitably qualified people with industry specific experience and there are not enough security experts in the system to keep up with constantly evolving cyber threats) that is compounded an apparent lack of centralised coherent industry specific guidance.
What advice would you give to other organisations or professionals?
Keep calm under pressure and apply logical and lateral thinking. There are always solutions; it’s a question of finding the right solutions to fit your organisation and your way of working and using tried and tested methodologies to get things done.
What is next in your space?
Like with all industries, technology is what is driving disruption in our space. Artificial Intelligence and Machine Learning will help optimise the processes of identifying and controlling data privacy, quality and security vulnerabilities and risks, and Automation will be a key time saving device which will significantly reduce the margin for human error.
What are you working on at the moment?
We are constantly researching the threat and opportunity landscape for our clients and our industry and developing new ways to combat challenges. We are currently focused on the launch of our new cyber security vulnerability scanning and reporting capabilities and the GDPR compliance and audit programmes that we are deeply embedded within, as well as developing some solutions that we are really excited about, but will keep under wraps for now. One thing we are currently working on that is specifically for the healthcare and healthcare technology sectors that you should keep an eye out for over the coming weeks is some much needed industry specific guidance.
For more information on the Simplifying Privacy & Security for Health Tech Seminar, please click here.
