Are Medical Privacy Breaches a Concern for Canadians?

Increased use of portable electronic devices in the healthcare industry to store confidential medical data is contributing to a significant rise of medical privacy breaches around the world. So says a new, 13-page report from Redspin, a US company that assesses information technology security. According to the report, from 2010 to 2011 the US experienced a 97% increase in the number of health records breached. Laptops and other computer devices accounted for 54% of those breaches. Two recent incidents illustrate the heightened concern over privacy breaches in the sector. An employee of Howard University Hospital, Laurie Napper, was charged with violating the Health Insurance Portability and Accountability Act (HIPAA) as she allegedly used her position at the hospital as a medical technician to gain access to patients' names, addresses and Medicare numbers in order to sell their information. Prior to this incident, the hospital also notified 34,000 patients that their medical data had been compromised because the personal laptop of a contractor working for the hospital was stolen from his vehicle and it contained confidential medical information of these patients. Should hospitals be sanctioned for such breaches? Recently, a National Health Services (NHS) trust in Brighton (England) received the largest-ever data-breach penalty, a £325,000 fine, levied by the Information Commissioner's Office (ICO) after hard drives were sold containing sensitive data on tens of thousands of patients and staff. In Canada, most information regulations in the health care sector has been enacted at the provincial level such as the Ontario Personal Health Information Protection Act (PHIPA), which governs the collection, use and disclosure of personal information and imposes administrative requirements on custodians of personal information. Any privacy breaches must be reported to the Ontario Information and Privacy Commissioner, as was done in a medical privacy breach event in Durham region, reported in an earlier issue of E-TIPS® “Ontario Privacy Commissioner’s Order Regarding Durham Region Health Data” Vol 8, Number 15 (January 27, 2010). For a table of numerous other large-scale data breaches in the United States, visit: http://tinyurl.com/6pq4x2f For more details on Canadian medical breaches, visit the Canadian Medical Association Journal site: http://www.cmaj.ca/content/184/4/E215.full Summary by: Sumaiya Sharmeen