Investor Presentaiton
Number 18
August 2012
Secure Transfer
Information and Privacy Commissioner of Ontario
Fact Sheet
The Secure Transfer of Personal Health Information
To ensure the timely and effective delivery of
healthcare, health information custodians
(custodians) may need to transfer personal
health information. The need for vigilance
in safeguarding the privacy of individuals
during such transfers was highlighted
when several courier packages sent by
Cancer Care Ontario, containing the
colon cancer screening information of
more than 7,000 individuals, were lost.
Following the loss, the Information and
Privacy Commissioner of Ontario (IPC)
ordered Cancer Care Ontario to stop
transferring these records in paper format
and to explore secure electronic means of
transfer. This Fact Sheet explains what
this Order means for custodians.
Although the Order is directed at
Cancer Care Ontario and was based on
the particular circumstances at issue,
it provides guidance that may help
custodians minimize the risk of breaches
when transferring records of personal
health information. The Fact Sheet
outlines a number of factors that should
be considered by custodians in developing
policies, procedures and practices for
securely transferring records in paper and
electronic format, recognizing that while
1 Order HO-011
some custodians have embraced electronic
records, for others it is a work-in-progress.
Order HO-011
Cancer Care Ontario used a courier service
to transfer records containing colon cancer
screening information to physicians in
paper format after considering but rejecting
other options, including transfers via a web
portal or encrypted USB drives. It was later
discovered that the colon cancer screening
information of over 7,000 individuals had
not been received by the physicians.
In reviewing this incident, the IPC
considered the following factors:
⚫the characteristics of the person or
organization transferring the records;
⚫ the characteristics of the person or
organization receiving the records;
⚫ the number of individuals whose
personal health information was
contained in the records;
the volume and frequency of the
transfer(s); and
Safeguarding Privacy
on Mobile Devices
www.ipc.on.ca
www.ipc.on.ca
Information and Privacy
Commissioner of Ontario
Commissaire à l'information et à la
protection de la vie privée de l'OntarioView entire presentation