Investor Presentaiton slide image

Investor Presentaiton

Number 18 August 2012 Secure Transfer Information and Privacy Commissioner of Ontario Fact Sheet The Secure Transfer of Personal Health Information To ensure the timely and effective delivery of healthcare, health information custodians (custodians) may need to transfer personal health information. The need for vigilance in safeguarding the privacy of individuals during such transfers was highlighted when several courier packages sent by Cancer Care Ontario, containing the colon cancer screening information of more than 7,000 individuals, were lost. Following the loss, the Information and Privacy Commissioner of Ontario (IPC) ordered Cancer Care Ontario to stop transferring these records in paper format and to explore secure electronic means of transfer. This Fact Sheet explains what this Order means for custodians. Although the Order is directed at Cancer Care Ontario and was based on the particular circumstances at issue, it provides guidance that may help custodians minimize the risk of breaches when transferring records of personal health information. The Fact Sheet outlines a number of factors that should be considered by custodians in developing policies, procedures and practices for securely transferring records in paper and electronic format, recognizing that while 1 Order HO-011 some custodians have embraced electronic records, for others it is a work-in-progress. Order HO-011 Cancer Care Ontario used a courier service to transfer records containing colon cancer screening information to physicians in paper format after considering but rejecting other options, including transfers via a web portal or encrypted USB drives. It was later discovered that the colon cancer screening information of over 7,000 individuals had not been received by the physicians. In reviewing this incident, the IPC considered the following factors: ⚫the characteristics of the person or organization transferring the records; ⚫ the characteristics of the person or organization receiving the records; ⚫ the number of individuals whose personal health information was contained in the records; the volume and frequency of the transfer(s); and Safeguarding Privacy on Mobile Devices www.ipc.on.ca www.ipc.on.ca Information and Privacy Commissioner of Ontario Commissaire à l'information et à la protection de la vie privée de l'Ontario
View entire presentation