Wednesday, February 12, 2014

Security and breach of health information in Alberta


Keeping in mind, from our discussion, the “special” nature of health information, it appears that there have been recent problematic processes found in Alberta. In light of the upcoming topic on security and breaches of information, it turns out that Alberta Health Services has been sending faxes of health information to recipients rather than encrypted emails and other more secure processes. Wrong fax numbers have been entered, meaning that confidential health information has been received by people other than the intended recipient. According to Alberta's Health Information Act ss 60(1) and (2), the question is if reasonable steps are being taken to ensure that the personal health information was sent to the intended recipient, and if adequate measures are taken for security and confidentiality. It appears that there may have been safeguards in place with the regard to the health information, yet perhaps they were not adequately implemented.

Another issue in relation to the data protection is that patients are not being informed of these (admittedly inadvertent) releases of personal information. The situation raises the issue that there is no legal obligation to inform the patients of the data breaches. However, great care should be taken to maintain a high level of accountability especially in regards to the protection of sensitive information. 

This is only the latest in a long list of problems in Alberta health information protection, where there has been an investigation recently because a laptop with birth dates, health card numbers, and billing codes was lost or stolen. There were also other mishaps such as health employees leaving files on top of cars and driving away. 

The article can be found here:


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.