Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Slides:

Advertisements

Similar presentations

Office of the Information and Privacy Commissioner, Ontario, Canada

Advertisements

PHIPA: The Year in Review Moderator: Debra Grant Panelists: Pam Slaughter Eric Holowaty Eric Holowaty Ron Heslegrave Ron Heslegrave PHIPA Summit: A Balancing.

Medical Ethics, Law and compliance

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna

NAU HIPAA Awareness Training

1 Opening the Door: Access to Government Information A primer for Media Students Mohawk College Sept. 18, 2002 Bob Spence Communications Co-ordinator Office.

PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.

Data Protection.

Research and the Health Information Act Rachel Hayward Office of the Information and Privacy Commissioner of Alberta.

Building Privacy into Health Information Technology Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Information Technology.

Complying with Privacy to Enable Innovation & Research

Personal Health Information Protection Act: The Role of the IPC Information & Privacy Commissioner/Ontario Toronto, Ontario October 20, 2004.

The Privacy Imperative: Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Bell.

6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.

Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

ICAICT202A - Work and communicate effectively in an IT environment

1 Office of theCommissariat Privacy Commissionerà la protection de of Canadala vie privée du Canada Personal Information Protection and Electronic Documents.

Informed Consent and HIPAA Tim Noe Coordinating Center.

1 Access to Information & Protection of Privacy Information and Privacy Commission, Ontario 2001.

Getting to Privacy A Presentation to: Presented by: Mike Gurski.

Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.

Information Privacy Policy in Canada Presented By: Sue Wu.

DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Protecting information rights – advancing information policy Privacy law reform for APP entities (organisations)

Using Technology in Nursing Practice: Part 1: Complying with Policy 1.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

13 July 2006Susan Joseph Health Privacy It’s My Business Health Records Act 2001 (Vic) eReferral Service Co-ordination System.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Privacy: It’s just good business

Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.

The Privacy Imperative: Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Cambridge.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Getting to the Truth about Privacy & Security Ann Cavoukian Ph.D. Information and Privacy Commissioner/Ontario Privacy & Security: Totally Committed November.

Initial reflections of the privacy commissioner on Ontario’s draft privacy bill Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Toronto.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

Understanding HIPAA (Health Insurandce Portability and Accountability Act)

Health Information Protection Act: A Major Step in Healthcare Privacy Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario St.

PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.

PIPEDA and Receivables Management Robin Gould-Soil Receivables Management Association of Canada November 16, 2011.

BC Public Libraries November, 2008 Privacy Principles.

HIPAA Privacy The Morning After Panel What do we do now? William R. Braithwaite, MD, PhD (moderator) Washington, DC Ross Hallberg, Corporate Compliance.

C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.

Personal Health Information Protection Act: The Role of the IPC Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario OCA/CMCC.

An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.

Fred Carter Senior Policy & Technology Advisor Information and Privacy Commissioner Ontario, Canada MISA Ontario Cloud Computing Transformation Workshop.

Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.

INFORMATION GOVERNANCE AND CONFIDENTIALITY Information Governance Facilitator.

Privacy Information for Advisors. Agenda PIPEDA Advisor Required Privacy Program Our MGA Privacy Program Recommendations for Advisors.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

Data protection—training materials [Name and details of speaker]

The Health Information Protection Act. What is the Health Information Protection Act (HIPA)? HIPA is legislation that speaks to access to, and protection.

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

Freedom of Information Act ‘What you need to know’ Corporate Information Governance Team Strategic Intelligence.

Nassau Association of School Technologists

Health Information Protection Act An Overview

PRIVACY TRAINING For CAILBA members

Privacy Education Session CMHA-WECB/CCHC Volunteers/Students

Privacy principles Individual written policies

Introduction to Records Management, FOI & Data Protection

Move this to online module slides 11-56

D3 Confidentiality.

Good Spirit School Division

HIPAA Privacy and Security Update - 5 Years After Implementation

Ontario’s privacy protective Philadelphia model governance framework

Presentation transcript:

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario Information and Privacy Commissioner

Justice Horace Krever on Health Privacy The individual having to provide information is in an even more difficult predicament. He or she does not know what part of the information is truly essential…how much of that information is stored, where and for how long it is stored, how well it is protected from destruction and disclosure, what is the real potential for unwarranted access, and what, realistically, he or she can do about the situation, if the answers to these questions were known. - Krever Commission, 1980

In the Public Eye Privacy is the No. 1 issue going into the 21 st Century -Wall Street Journal, January 24, 2000

Overview 1.Introduction to the IPC 2.What privacy is – and isn’t 3.Fair Information Practices 4.Need for health privacy legislation 5.Federal privacy legislation 6.Ontario’s proposed Act 7.Summary and questions

Is the Information and Privacy Commissioner part of the government? The Commissioner, similar to the Ombudsman, is an officer of the legislature and is independent of the government of the day to ensure impartiality.

IPC’s Five Key Roles resolving appeals when government organizations refuse to grant access to information investigating privacy complaints about government-held information ensuring that government organizations comply with both Acts research on access and privacy issues in order to advise on proposed legislation and programs educating the public

Ontario’s Existing Privacy Acts  Freedom of Information and Protection of Privacy Act (effective 1988)  Municipal Freedom of Information and Protection of Privacy Act (effective 1991)

Privacy Defined  Information Privacy: Data Protection Freedom of choice, control; Informational self-determination; and Personal control over the collection, use and disclosure of any recorded information about an identifiable individual.

What Privacy is Not Security  Privacy (A common misconception)

Privacy and Security: The Difference  Authentication  Data Integrity  Confidentiality  Non-repudiation  Privacy; Data Protection  Fair Information Practices Security

Fair Information Practices  Accountability  Consent  Limiting use, disclosure, and retention  Safeguards  Individual access  Identifying purposes  Limiting collection  Accuracy  Openness  Challenging compliance

Accountability  Someone within the organization is directly responsible for protecting personal information.  It’s not enough to have a privacy policy: someone has to bear responsibility.

Identifying Purposes  Make sure your patients know why you are collecting personal information – and how it will be used and disclosed.  If you ask for a customer’s telephone number, who will be calling, and why?

Consent  Ask permission before collecting, using, or disclosing personal information.  If you are considering sharing your mailing list, ask your patients first if they consent to this.

Limiting Collection  Limit the collection of personal information to that which is necessary to fulfil the specified purpose.  If you don’t need a particular piece of personal information, then don’t collect it. The less personal information you collect, the easier it is to manage.

Limiting Use, Disclosure, Retention  Limit use of personal information to those purposes for which you have consent.  If you collect information for a specific purpose, you should not use it for anything else.

Accuracy  Personal information should be accurate, complete, and up-to-date.  Inaccurate information is a problem for you and your patients. Imagine the flawed decisions that could be based on an inaccurate report.

Safeguards  Personal information must be stored with adequate security measures.  If you keep personal information on file, it should be kept secure. More sensitive information should be afforded a greater degree of security.

Openness  Information practices and policies should be transparent, and customers should be made aware of them.  All organizations should have an easily accessible privacy policy, written in simple language. Web sites should have their privacy policies clearly posted.

Individual Access  Individuals must have the right to inspect and correct their personal information.  This is not simply a right; it is also essential to ensure accuracy of information.

Challenging Compliance  Customers must have some recourse if any of the other principles should be violated.  It’s not enough to have a Chief Privacy Officer; there has to be some forum for complaint and redress.

Why Legislate Fair Information Practices for Health?  Foundation for protection and trust for health care reform;  Consistent, predictable rules across the health sector, and right of access;  Unique nature of health information. Extremely sensitive information that is frequently used, disclosed for purposes beyond providing care.

Health Privacy is Critical  The need for privacy has never been greater Extreme sensitivity of personal health information Differing rules across the health sector; most areas currently unregulated Increasing electronic exchanges of health information Development of health networks Growing emphasis on improved use of technology including electronic patient records

Federal Privacy Legislation  Personal Information Protection and Electronic Document Act (PIPEDA)  Staggered implementation: Federally regulated businesses, 2001 Federal health sector, 2002 Provincially regulated private sector, 2004

Privacy of Personal Information Act, 2002 A draft of the new bill has been released for public comment. This represents the first step towards Ontario’s first privacy law covering the private sector and health sector.

Ontario’s Privacy of Personal Information Act, 2002  Integrated health and private sector privacy protection  Guide to Ontario’s Consultation on Privacy Protection  Privacy of Personal Information Act,  IPC submission to MCBS  Ontario Medical Association submission

Be prepared to answer questions such as…

Five Key Questions  Why are you asking for this information?  How will my information be used?  Who will be able to see my information?  Will there be any secondary uses?  How can I control my data?

Obtaining Consent  Opt-in An individual’s personal information cannot be used unless he checks off a box, etc., that says the information can be used.  Opt-out An individual’s personal information can be used unless he checks off a box, etc., saying it cannot be used.

How to Contact Us Bob Spence Communications Co-ordinator Information & Privacy Commissioner, Ontario 80 Bloor St. W., Suite 1700, Toronto, M5S 2V1 Phone: Web: