On September 21, 2022, Canada’s privacy regulatory authorities (the Privacy Regulators) passed a resolution to secure public trust in digital health infrastructure (the Resolution). The Resolution calls on governments and health institutions across Canada to cooperate to implement a “modern, secure and interoperable digital health communication infrastructure” in order to phase out the use of unencrypted email and fax communication practices when sharing sensitive personal health information.
The Resolution recognizes the challenges faced by the health care sector brought on by the pandemic that prompted rapid digital changes in the delivery of health services. Nonetheless, data breaches continue to arise from the use of fax machines and unencrypted emails, along with cybersecurity attacks and unauthorized access to health records.
To that end, the Privacy Regulators encourage the adoption of secure digital technologies with built-in privacy protections to facilitate personal health information sharing, such as encrypted email services and secure patient portals. Specifically, the Resolution urges Canadian governments to (i) develop a strategic plan and provide support to phase out the use of traditional fax and email and replace them with more secure methods of communication; (ii) ensure that digital health infrastructure is equitably available and accessible to all Canadians; (iii) promote the adoption of secure technologies and responsible data governance frameworks; and (iv) amend laws to provide meaningful penalties for health care providers that do not take reasonable measures to protect personal health information.
The Resolution also calls on health care providers to, among other things, (i) phase out the use of traditional fax and unencrypted email, as soon as reasonably possible, and replace them with secure digital technologies; (ii) develop responsible data governance frameworks for safeguarding personal health information; (iii) seek guidance from relevant experts when evaluating new digital health solutions; and (iv) complete privacy impact assessments and publish a plain-language summary.
According to the Privacy Regulators, safeguarding personal health information during the shift to digital healthcare is “critical to maintaining Canadians’ trust in the health system”.
Summary By: Anna Troshchynsky
Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.
E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.