Health information should not be shared by fax or unsecured email, urge privacy commissioners – Health
To print this article, all you need to do is be registered or log in to Mondaq.com.
According to a joint statement from Canada’s Privacy Commissioners, the practice of sharing sensitive health information by fax or unencrypted email must end.
On September 21, Philippe Dufresne, the Privacy Commissioner of Canada, endorsed a resolution with his provincial and territorial counterparts calling on governments to establish a digital health communications infrastructure to replace faxes and emails. unencrypted by more secure alternatives.
“Ensuring that the shift to digital health care is supported by reasonable administrative, technical and physical safeguards is essential to maintaining Canadians’ confidence in the health care system,” the resolution states. “In addition, the adoption of secure digital technologies can alleviate the administrative, financial and reputational costs associated with privacy breaches.”
Breaches caused by insecure communications
Privacy commissioners say unencrypted faxes and emails – along with spying and ransomware attacks – have led to many privacy breaches in the care sector health.
To reduce these breaches, privacy commissioners urge governments to:
- develop a plan to phase out the use of fax machines and unencrypted emails and replace them with more secure methods of communication;
- ensuring that digital health infrastructure is accessible to all Canadians, including people living in remote communities, marginalized groups and vulnerable populations;
- promote the adoption of secure technologies and responsible data governance frameworks; and
- Amend laws and regulations to provide meaningful penalties for health care providers who fail to take meaningful steps to protect personal health information.
Privacy commissioners are also asking health care providers to:
- replace unencrypted fax machines and e-mails with more secure methods of communication as soon as possible;
- develop data governance frameworks to protect personal health information;
- seek advice from experts to evaluate digital health solutions;
- assess the compatibility of digital health solutions with existing digital assets and compliance with health and privacy laws;
- conduct a privacy impact assessment and publish a plain language summary; and
- use a procurement process that ensures third parties comply with applicable laws.
Violations can ‘roll back public trust in the healthcare system’
As we’ve mentioned in previous blogs, the average cost of a data breach hit a record US$4.35 million this year and most breaches have the potential to cause significant harm to those affected. .
“Furthermore, breaches can consume an excessive amount of time and effort to contain and remediate, taking valuable healthcare resources away from other important services,” the privacy commissioners warned in their resolution. . “Misdirected communications and data breaches can also lead to delays in the delivery of care to individuals, damage the reputation of institutions, and undermine public confidence in the healthcare system.”
With so much at stake, healthcare organizations would be well advised to act now to ensure they are taking the necessary steps to protect personal health information.
The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.
POPULAR ARTICLES ON: Food, Drugs, Healthcare, Life Sciences Canada