Taking Steps to Protect Privacy. A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario Information and Privacy Commissioner. Justice Horace Krever on Health Privacy.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario Information and Privacy Commissioner
Justice Horace Krever on Health Privacy The individual having to provide information is in an even more difficult predicament. He or she does not know what part of the information is truly essential…how much of that information is stored, where and for how long it is stored, how well it is protected from destruction and disclosure, what is the real potential for unwarranted access, and what, realistically, he or she can do about the situation, if the answers to these questions were known. - Krever Commission, 1980
In the Public Eye Privacy is the No. 1 issue going into the 21st Century -Wall Street Journal, January 24, 2000
Overview • Introduction to the IPC • What privacy is – and isn’t • Fair Information Practices • Need for health privacy legislation • Federal privacy legislation • Ontario’s proposed Act • Summary and questions
Is the Information and Privacy Commissioner part of the government? The Commissioner, similar to the Ombudsman, is an officer of the legislature and is independent of the government of the day to ensure impartiality.
IPC’s Five Key Roles • resolving appeals when government organizations refuse to grant access to information • investigating privacy complaints about government-held information • ensuring that government organizations comply with both Acts • research on access and privacy issues in order to advise on proposed legislation and programs • educating the public
Ontario’s Existing Privacy Acts • Freedom of Information and Protection of Privacy Act (effective 1988) • Municipal Freedom of Information and Protection of Privacy Act (effective 1991)
Privacy Defined • Information Privacy: Data Protection • Freedom of choice, control; • Informational self-determination; and • Personal control over the collection, use and disclosure of any recorded information about an identifiable individual.
What Privacy is Not Security Privacy (A common misconception)
Privacy and Security: The Difference • Authentication • Data Integrity • Confidentiality • Non-repudiation • Privacy; Data Protection • Fair Information Practices Security
Accountability Consent Limiting use, disclosure, and retention Safeguards Individual access Identifying purposes Limiting collection Accuracy Openness Challenging compliance Fair Information Practices
Make sure your patients know why you are collecting personal information – and how it will be used and disclosed. If you ask for a customer’s telephone number, who will be calling, and why? Identifying Purposes
Ask permission before collecting, using, or disclosing personal information. If you are considering sharing your mailing list, ask your patients first if they consent to this. Consent
Limit the collection of personal information to that which is necessary to fulfil the specified purpose. If you don’t need a particular piece of personal information, then don’t collect it. The less personal information you collect, the easier it is to manage. Limiting Collection
Limit use of personal information to those purposes for which you have consent. If you collect information for a specific purpose, you should not use it for anything else. Limiting Use, Disclosure, Retention
Personal information should be accurate, complete, and up-to-date. Inaccurate information is a problem for you and your patients. Imagine the flawed decisions that could be based on an inaccurate report. Accuracy
Personal information must be stored with adequate security measures. If you keep personal information on file, it should be kept secure. More sensitive information should be afforded a greater degree of security. Safeguards
Individuals must have the right to inspect and correct their personal information. This is not simply a right; it is also essential to ensure accuracy of information. Individual Access
Customers must have some recourse if any of the other principles should be violated. It’s not enough to have a Chief Privacy Officer; there has to be some forum for complaint and redress. Challenging Compliance
Why Legislate Fair Information Practices for Health? • Foundation for protection and trust for health care reform; • Consistent, predictable rules across the health sector, and right of access; • Unique nature of health information. • Extremely sensitive information that is frequently used, disclosed for purposes beyond providing care.
Health Privacy is Critical • The need for privacy has never been greater • Extreme sensitivity of personal health information • Differing rules across the health sector; most areas currently unregulated • Increasing electronic exchanges of health information • Development of health networks • Growing emphasis on improved use of technology including electronic patient records
Federal Privacy Legislation • Personal Information Protection and Electronic Document Act (PIPEDA) • Staggered implementation: • Federally regulated businesses, 2001 • Federal health sector, 2002 • Provincially regulated private sector, 2004
Privacy of Personal Information Act, 2002 A draft of the new bill has been released for public comment. This represents the first step towards Ontario’s first privacy law covering the private sector and health sector.
Ontario’s Privacy of Personal Information Act, 2002 • Integrated health and private sector privacy protection • Guide to Ontario’s Consultation on Privacy Protection • www.cbs.gov.on.ca/mcbs/english/56Y2QL.htm • Privacy of Personal Information Act, 2002 • www.cbs.gov.on.ca/mcbs/english/56Y2UJ.htm • IPC submission to MCBS • www.ipc.on.ca/english/pubpres/reports/cbs-0202.pdf • Ontario Medical Association submission • www.oma.org/phealth/privinfo.pdf
Be prepared to answer questions such as…
Five Key Questions • Why are you asking for this information? • How will my information be used? • Who will be able to see my information? • Will there be any secondary uses? • How can I control my data?
Opt-in An individual’s personal information cannot be used unless he checks off a box, etc., that says the information can be used. Opt-out An individual’s personal information can be used unless he checks off a box, etc., saying it cannot be used. Obtaining Consent
How to Contact Us Bob Spence Communications Co-ordinator Information & Privacy Commissioner, Ontario 80 Bloor St. W., Suite 1700, Toronto, M5S 2V1 Phone: 416-326-3939 Web:www.ipc.on.ca e-mail:email@example.com