Privacy with advancement in technology and the introduction of social media
This presentation is the property of its rightful owner.
Sponsored Links
1 / 34

PRIVACY With Advancement in Technology and the Introduction of Social Media PowerPoint PPT Presentation


  • 164 Views
  • Uploaded on
  • Presentation posted in: General

PRIVACY With Advancement in Technology and the Introduction of Social Media. HRPA North Bay Chapter November 16, 2010. Marc Bouchard CIO/CPO. Agenda. Who I Am IT & Privacy Evolution of Privacy PHIPA Privacy Trap Privacy and Social Media What You Can Do To Protect Your Organization

Download Presentation

PRIVACY With Advancement in Technology and the Introduction of Social Media

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Privacy with advancement in technology and the introduction of social media

PRIVACYWith Advancement in Technology and the Introduction of Social Media

HRPA North Bay Chapter

November 16, 2010

Marc Bouchard

CIO/CPO


Agenda

Agenda

  • Who I Am

  • IT & Privacy

  • Evolution of Privacy

  • PHIPA

  • Privacy Trap

  • Privacy and Social Media

  • What You Can Do To Protect Your Organization

  • Review Some Cases


Who i am

Who I Am

  • CIO / CPO for NBGH and NEMHC

  • CIO/ CPO for SAH

  • MOHLTC/MCSS/MCYS

  • Chair of NEODIN (60 hospitals)

    • Privacy

  • Chair of CIMS (90 agencies)

  • Privacy from Health Perspectives

  • NE LHIN Security

  • Information Sharing Agreement


It privacy

IT & Privacy

Technology has made it easier to share information.

The need for Privacy has never been greater:

  • increasing electronic exchange of information

  • increased use of technology & portable devices

  • evolution of Social Media

  • increased sensitivity around Privacy


Evolution of privacy

Evolution of Privacy

  • Rules about Privacy have been around for a long time

  • Professional College

    • (i.e. Physician, nurse, etc. had rules)

  • Not always well enforced

    • no one's to job to enforce/interpret

    • rules not always very specific

  • With technology advancements

  • Greater expectation around privacy


Ontario privacy legislation

Ontario Privacy Legislation

Privacy

Health

Information

Protection

Act


Phipa

PHIPA

  • In Health Care this led to the introduction of the “Personal Health Information Protection Act” (PHIPA)

  • PHIPA came into effect November 2004

  • Continue to evolve as precedents are established

  • Still very young legislation

  • Must show reasonable effort

  • Must show due diligence


Privacy with advancement in technology and the introduction of social media

The 10 Principles of Fair Information Practices

  • Accountability

  • Identifying purposes

  • Consent

  • Limiting Collection

  • Limiting Use, Disclosures & Retention

  • Accuracy

  • Openness

  • Individual Access

  • Safeguards

  • Challenging Compliance


Privacy with advancement in technology and the introduction of social media

Requirements of PHIPA

  • Requires consent for the collection, use and disclosure of Personal Health Information (PHI) with limited exceptions

  • KEPT confidential AND secure

  • A statement of our practices must be made available to the public

  • NBGH/NEMHC must establish clear rules for the use and disclosure of PHI for secondary purposes


Privacy with advancement in technology and the introduction of social media

Requirements of PHIPA

  • Take reasonable steps to ensure accuracy and security of PHI

  • Establish remedies for breaches

  • Must have a contact person to ensure compliance with PHIPA

  • e.g.. Chief Information Officer & Chief Privacy Officer

  • Must notify Chief Privacy Officer when there has been or suspected breach- initiate investigation


Privacy with advancement in technology and the introduction of social media

Requirements of PHIPA

  • Patients have a right to…

  • access their own PHI

  • request correction of their own PHI

  • instruct the NBGH not to share any part of their PHI with other health care providers

  • complain to the IPC about NBGH practices pertaining to PHI


Privacy with advancement in technology and the introduction of social media

Consent

  • Implied Consent

  • permits you to conclude from surrounding circumstances that a patient would reasonably agree to the collection, use or disclosure of the patient’s PHI.

    • Required inside health care context

  • Express Consent

  • patients explicitly agree to the collection, use and disclosure of their PHI

    • Required outside health care context


Privacy with advancement in technology and the introduction of social media

Consent

  • Consent is implied for information sharing within the“Circle of Care”on aneed to knowbasis


Privacy with advancement in technology and the introduction of social media

Circle of Care

  • Health care providers that provide direct patient care

  • Other providers who do not work at NBGH and health care institutions to whom a patient may be transferred to

  • The patient has the right to withdraw consent

  • for information sharing at any time


Privacy trap

“Privacy Trap”

  • Most breaches committed by someone with good intention

  • Having access does not give you the right

  • Cannot make assumptions

  • Often individual does not realize they are doing anything wrong

  • Prevent with education


Social media

Social Media


Social media1

Social Media

Web Technologies

+

User Generated Content

+

Social Interactions

=

Social Media


Social media2

Social Media


Social media some numbers

Social Media (Some Numbers)

  • More video is uploaded to Youtube.com in 60 days than all 3 major US networks created in 60 years

  • More than 500 million active users on Facebook.com

  • 28,751,709,706 Tweets and counting

  • Mode of communication for new generation


Social media the mobile connection

Social Media (The Mobile Connection)

  • Location based social applications

  • Status updates and more status updates

  • Always connected


Social media risk

Social Media (Risk)

Everybody brings their own expertise (and risk biases)

  • Privacy and Security: confidentiality risks

  • Public Affairs: reputation risks

  • Human Resources: business and human safety risks

  • Legal: defamation, intellectual property risks

  • IT:availability risks


Social media risk1

Social Media (Risk)

  • When presenting risks, always provide a recommended course of action

  • Without a recommendation, management is just as inclined to think of reasons the risk doesn’t apply to them as they are to think ways of actually addressing the risk


Social media bad news

Social Media (Bad News)

Social media tends to amplify security risks!


Social media good news

Social Media (Good News)

You’re likely already dealing with these risks today, in some manner


Social media security risk

Social Media (Security Risk)

  • Intentional / accidental exposure of confidential information

  • Introduction of viruses and malware into the corporate network

  • Exposure of corporate user credentials on external web sites


Social media security risk1

Social Media (Security Risk)


Best method to improve security

Best Method to Improve Security


Get rid of your users

Get Rid of Your Users?


Social medial security risk

Social Medial (Security Risk)

  • Technology can’t solve your security problems

  • Most risks are introduced by people due to:

    • poor practices

    • lack of knowledge

    • poor judgment

    • making assumptions

  • Good technical controls are also required


Social medial 2 approaches

Social Medial (2 Approaches)

  • Allow Social Media (work with)

    • this approach is growing

    • some required for work

    • way of communication for younger generation

    • provide guidelines

  • Social Medial not allowed

    • corporate equipment is for work only

    • not allowed during work hours


What you can do to protect your organization

What You Can Do To Protect Your Organization

  • Good user practices

    • training and awareness

    • enough to be able to say “should have known”

    • set reasonable expectation

  • Processes

    • incident response

    • system review and assessment

    • Privacy Impact Assessment (PIA)

    • Threat Risk Assessment (TRA)


What you can do to protect your organization1

What You Can Do To Protect Your Organization

  • Good Policies

    • Acceptable Use Policies (eg. cell phone cameras)

    • Confidentiality Agreement

    • Privacy Policies

    • Portable Device Policies

  • Due Diligence

  • Audits + Disclosure (phone, e-mail, etc…)

  • Technical Controls

    • anti-malware suite, patching, web filtering / DLP / IPS


Privacy with advancement in technology and the introduction of social media

Let’s Review Cases

  • Sending information by fax vs. email

  • Occupational Health – employee wants access to own record

  • Discussing case with colleague via Facebook

  • Accessing family/friend/colleague's medical information


References

References

  • Presentation “Managing Risk to Enable Social Media Use in Health Care” by Lyndon Dubeau, Cancer Care Ontario

  • Presentation “Protecting PHI on Mobile and Portable Devices” by Fred Carter, Information & Privacy Commissioner of Ontario

  • Personal Health Information Protection Act: The Role of the IPC, Ann Cavoukian, Information and Privacy Commissioner of Ontario


  • Login