Blog

How we ensure data security

By 25/01/2021 February 10th, 2021 No Comments
Someone is typing on a laptop. Over the photo are lock icons that are connected by lines, indicating data security.

We keep your employee data safe with world-class data security measures.

By Dean Mohr

Someone is typing on a laptop. Over the photo are lock icons that are connected by lines, indicating data security.

Do you have HR data security measures in place?

My Occ Health Record is a sophisticated ecosystem for the management of employee health data. It makes it easy for businesses to capture health information, from pre-employment health screening to regular assessments and on-site injury prevention activities, and more.

One thing we’re most proud of is our security and data storage protections. We understand the sensitive nature of the information that is collected and stored within our platform, which is why security always comes first.

Why is employee information security so important?

Employee data security often isn’t taken as seriously as it should be, says Brian Borowsky, head of My Occ Health Record.

“Businesses should take employee health data as seriously as they do intellectual property and customer data. There’s so much energy and resources spent on securing that data, but health data often doesn’t get the same level of seriousness.”

“With employee health data, you’re held to a certain standard to hold data safely and securely. If there’s a leak, you’re at risk of fines, regulatory injunction, and even litigation, if you haven’t shown your duty of care to protect someone’s private information.”

Data breaches can happen more easily than you think, and it’s not just nefarious hackers attacking your networks and systems. For instance, imagine one of your staff members has done a regular medical assessment. The medical provider sends you the results so you print them out, but forget to pick it up straight away. You’ve left personal health data on the printer and you have no idea who has seen it.

“It’s not an intentional breach but it’s still a data breach. We’ve designed our system to try to avoid the things like this, the things that people don’t think about. If you’re using the system as designed, you’re more likely to be safe,” says Borowsky.

MOHR's Daily Health Check shown across laptop, desktop computer, phone and tablet.

MOHR is a sophisticated ecosystem to manage employee health data.

Data security with My Occ Health Record

MOHR takes data security very seriously and has multiple types of protection.

1. World-class cloud provider

MOHR uses Amazon Web Services, a world-class cloud provider which offers rigorously tested services and continuous monitoring for up-to-date security information. Data is stored on multiple devices across multiple facilities to ensure the security and durability of the data within the system.

It’s trusted and used by global banks, government agencies and health companies such as Moderna.

2. Data encryption

In MOHR, your data is encrypted both at rest and in transit. This double encryption means your data has the best possible protection.

3. International certification

MOHR is ISO 27001 certified. This is a global standard for the quality of our information security management systems.

“To get this certification requires a lot of detail and a real commitment to following the processes. We then get annual audits to make sure we are walking the talk.”

With this gold-standard certification, you can be sure that we have systems in place to support data protection.

4. Levels of permissions

Employee data should only available on a need-to-know basis. This means that everyone should have their own log in and only the relevant managers can see their staff’s health information.

“You lock in those permissions so that the data isn’t revealed to someone who shouldn’t see it.”

The same restrictions even apply to MOHR staff.

“Even in our business there are a couple of service people who can access accounts, with permission, to help with a query or problem. I’m the head of the business and I do not have access to that data.”

5. Sophisticated user authentication

With sophisticated user authentication systems, which can include two-factor authentication, you can make sure everyone who logs in is who they say they are.

Your company’s role in data security

As a business, you play a key role in protecting your employees’ data. This starts with creating a culture of data security awareness, through regular communication and training.

“You have to emphasise that if you have employee health data you really have to be careful with it,” says Borowsky.

Hacking and data breaches are on the rise. But that doesn’t mean we’re getting better at avoiding them. The average number of cybersecurity incidents caused by employees rose by 47% since 2018, according to the Ponemon Institute. And many of these threats were caused by negligence rather than malicious intent.

Some of these threats can be avoided with simple practices, like:

  • Don’t share or write down your passwords
  • Lock your computer when you walk away from it, or at least log out of programs like MOHR with sensitive information
  • Don’t use public wi-fi to access company information
  • Never enter your credentials unless you’re sure of the link or website
  • Have an easy-to-read security policy
  • Keep systems up to date

See more tips on preventing data breaches from the Australian Cyber Security Centre.

To learn more about MOHR and how we keep your employee data safe, email us or call on 1300 222 639.