|
|
|
|
|
PrivacyHORIZON: Vol. 1, No. 7 |
On January 1, 2004 many health care organizations will have to comply with the Federal Personal Information Protection and Electronic Documents Act (PIPEDA). Even for those that do not, best practices dictate that at a minimum, health care organizations should follow the CSA Model Code for the Protection of Personal Information. What exactly must organizations do to be privacy compliant?
- Appoint a privacy officer or designate someone (or several people) who are specifically responsible for privacy
- Implement policies addressing each of the 10 CSA privacy principles
- Implement privacy procedures (e.g. inquiries, complaints, individual access, security, consent)
- Establish an inventory of personal record systems or personal information banks
- Train staff (privacy and security awareness)
- Provide information for clients on information handling practices (e.g. brochures, posters, websites)
- Ensure that all contracts with 3rd parties that access or process personal information adequately address privacy issues
- Enable and implement all of the technical security and privacy safeguards that exist in your information systems
The team at PRIVA-C has developed a free online privacy gap assessment tool to help you judge your state of readiness. At the end of the assessment you can print out a privacy action plan. Take a few minutes and see if your organization is ready. [More…]
|
|
To call it a feeding frenzy is an understatement. When Federal Privacy Commissioner George Radwanski fell, he fell hard. Over a two week period in June 2003 his spending habits and other alleged indiscretions dominated the national media. His political masters, the media, even his staff called for his head. How did George Radwanski go from media superstar as Canada's Number 1 privacy advocate to national pariah? What can we learn from this experience? How was it handled in the media? [More…]
|
|
|
OHA Publishes Privacy Guidelines
The Ontario Hospital Association has published Guidelines for Managing Privacy, Data Protection and Security for Ontario Hospitals. The report provides comprehensive information on how a hospital can self-regulate for data protection, a privacy management package that speaks to the role of the privacy officer, privacy reviews, PIAs, informed consent and implementation issues. Copies are $30 for OHA members and $80 for non-members. To obtain a copy phone OHA Publications at (416) 205-1350, or visit their website to purchase an electronic copy. [More…]
|
Alberta OIPC Releases Stakeholder Survey
The Alberta Privacy Commissioner has published a survey of consumer attitudes towards privacy, including the privacy of personal health information and electronic health records. 82% of Albertans support having personal health information placed in an EHR that can be accessed whenever treatment is sought by an individual. [More…] 
|
Privacy Training
How do you train thousands of people on privacy and security awareness and keep track of it all? Computer based training is an essential tool for enabling access to electronic health records and health information systems. [More…]
|
The Security-Privacy Paradox
The Ontario Information and Privacy Commissioner and Deloitte and Touche have issued a joint report The Security-Privacy Paradox: Issues, Misconceptions, and Strategies. This is an excellent primer on the differences between security and privacy, and their respective roles in a data protection program. [More…]
|
Surveillance Cameras
The Commission d'accès à l'information du Québec has issued guidelines on the use of surveillance cameras in public places. [More…]
|
|
|
