|
|
|
|
|
PrivacyHORIZON: Vol. 1, No. 3 |
Who's Responsible for Privacy? For 55% of Canadian Hospitals the Answer is "Nobody"!
During the month of February 2003, PRIVA-CTM Research surveyed 100 Canadian hospitals to gauge their compliance with the CSA Model Code for the Protection of Personal Information. The survey asked three questions: "Does your organization have a privacy officer or someone who is specifically responsible for information privacy?" (45% said yes, 55% said no); "Does your organization have a written privacy policy?" (50% said yes, 50% said no); and "Has your staff received privacy awareness training?" (33% said yes, 67% said no).
While national averages tell one story, one of the most interesting findings is the vast difference between provinces that have privacy legislation covering the entire health sector (Quebec, Manitoba and Alberta) and those that do not (Atlantic Canada, Ontario, Saskatchewan and BC). For provinces that have comprehensive health sector-wide privacy legislation in place the results were (affirmative responses): Privacy Officer or person responsible for privacy: 85%; Privacy Policy: 90%; Privacy Training: 59%. For provinces that do not have comprehensive health sector-wide privacy legislation the results were: Privacy Officer or person responsible for privacy: 20%; Privacy Policy: 25%; Privacy Training: 16%.
The scary thing about these results is that from an information management point of view, hospitals are the most sophisticated organizations in the Canadian health sector. One would expect worse results from medical practices, community care agencies and other health care organizations that have not had the resources to invest in information technology. This must be a sobering thought for EHR proponents who hope that electronic health records will be used ubiquitously throughout the health system. [More...] 
|
|
On January 16, 2003, it was discovered that a computer hard drive containing the personal records of more than one million Canadians was missing from ISM Canada. The incident was one of the largest privacy breaches in recent Canadian history and sparked a massive response. What can Canadian health care organizations learn from this incident? How was the incident handled in the Media?
PRIVA-CTM Research has assembled a "Lessons Learned" page that gives a chronology of the events as reported in the media (including links to articles) and a number of suggestions to help health organizations avoid or manage similar events. [More...]
|
|
|
Privacy Toolkit
Canada Health Infoway and the Nova Scotia Department of Health are partnering on the development of a privacy toolkit for the health care sector that will be used in the development of electronic health records across the country. [More...]
|
Identity Theft
More than a million Canadians learned about the threat of identity theft last month when a hard disk drive containing personal information was stolen from a Regina data centre. Identity theft is a frightening epidemic with no immediate prospects for a cure. How can you protect yourself against identity theft?
[More...]
|
Saskatchewan Privacy Assessment
The Saskatchewan Government has released a comprehensive assessment of its privacy practices. Of particular interest are the sections covering Saskatchewan Health and the Saskatchewan Health Information Network. [More...]
|
Privacy Management Plan
How do you start tackling privacy in your organization? Where do you finish? Follow this ten step plan to privacy nirvana. If you're motivated you can do it without expensive consultants. [More...]
|
Privacy and Security Standards
PRIVA-CTM Research has assembled a collection of links to essential privacy and security standards for health care organizations. These national and international standards should form the basis of your privacy and security program.
[More...]
|
|
|
