Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
2Activity
0 of .
Results for:
No results containing your search query
P. 1
Investigation Report F13-02 - Ministry of Health - By Elizabeth Denham Information and Privacy Commissioner for BC

Investigation Report F13-02 - Ministry of Health - By Elizabeth Denham Information and Privacy Commissioner for BC

Ratings: (0)|Views: 294|Likes:
B.C.'s Health Ministry must improve privacy controls following three massive data breaches involving the personal records of millions of British Columbians, a report from B.C.'s privacy commissioner concludes.
B.C.'s Health Ministry must improve privacy controls following three massive data breaches involving the personal records of millions of British Columbians, a report from B.C.'s privacy commissioner concludes.

More info:

Published by: Langley Teachers' Association on Jun 26, 2013
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

09/09/2014

pdf

text

original

 
 
INVESTIGATION
 
REPORT
 
F13-02
MINISTRY 
 
OF
 
HEALTH
E
LIZABETH
D
ENHAM
I
NFORMATION AND
P
RIVACY 
C
OMMISSIONER FOR
BC
 
J
UNE
26,
 
2013
CanLII Cite: 2013 BCIPC No. 14Quicklaw Cite: [2013] B.C.I.P.C.D. No. 14
 
Investigation Report F13 -02 – Information & Privacy Commissioner for BC 
2
 ______________________________________________________________________
TABLE OF CONTENTS
PAGE
COMMISSIONER’S MESSAGE 3EXECUTIVE SUMMARY 51.0 PURPOSE AND SCOPE OF THIS REPORT 7
1.1 Introduction 71.2 Background 71.3 Disclosure of Personal Information at Issue 8
2.0 ISSUES 10
2.1 Preliminary Issues 102.2 Ministry’s Response to the Breaches 20
3.0 THE VALUE OF A PRIVACY MANAGEMENTPROGRAM 254.0 CONCLUSIONS 31
 
5.0 MINISTRY ACTIONS ADDRESSING PRIVACYDEFICIENCIES 316.0 SUMMARY OF FINDINGS AND RECOMMENDATIONS 337.0 ACKNOWLEDGEMENTS35
 
Investigation Report F13 -02 – Information & Privacy Commissioner for BC 
3
 ______________________________________________________________________
Commissioner’s Message:
Personal health information is much more than ‘just data’ – it is sensitiveinformation provided confidentially in the context of care. The Ministry of Health(“Ministry”) has custody of a large volume and wide range of health data aboutevery British Columbian who receives publicly-funded health care, from suchsources as the Medical Services Plan, PharmaNet, hospitals and mental healthand addictions services.This data is invaluable to health researchers seeking new solutions for patientsand improved health outcomes for citizens. BC is fortunate to have a strong andvibrant community of researchers who are developing and testing new healthtreatments, and pioneering innovative drug therapies that are saving lives.These innovations have their roots in timely and secure access to health data.It is therefore in the public interest for there to be active and effective researchwithin the Ministry, health authorities and post-secondary institutions. However,the public, whose data it is, expects this research to be conducted responsiblyand that their personal health data is managed securely in the research process.This investigation examined three breaches of personal health data for researchpurposes that happened because the Ministry failed to translate privacy andsecurity policies into meaningful business practices. The primary deficiency atthe Ministry was a lack of effective governance, management and controls over access to personal health information. At the time the breaches occurred, there was a lack of clear responsibility for privacy within the Ministry. This was due, in part I believe, to a lack of clarity of roles and responsibilities following the centralization of some information accessand privacy functions. Ministry privacy governance was further weakened by acomplete lack of audit and review of employee and contractor functions relatingto privacy. There were no mechanisms to ensure that researchers werecomplying with the privacy requirements, as stipulated in contracts and writtenagreements, and to ensure that Ministry employees were taking appropriateprivacy training and following privacy policies. As a result, Ministry employees were able to download large amounts of personalhealth data onto unencrypted flash drives and share it with unauthorizedpersons, undetected.These breaches indicate that the Ministry needs to establish clear leadership,responsibility and accountability for the proactive management of personal healthinformation. The Ministry must establish control over personal health databasesby developing an inventory that can be updated regularly. The Ministry needs to

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->