Health information should not be shared by fax or unsecured email, urge privacy commissioners – MLT Aikins

According to a joint statement from Canada’s Privacy Commissioners, the practice of sharing sensitive health information by fax or unencrypted email must end.

On September 21, Philippe Dufresne, the Privacy Commissioner of Canada, endorsed a resolution with his provincial and territorial counterparts calling on governments to establish a digital health communications infrastructure to replace faxes and emails. unencrypted by more secure alternatives.

“Ensuring that the shift to digital health care is supported by reasonable administrative, technical and physical safeguards is essential to maintaining Canadians’ confidence in the health care system,” the resolution states. “In addition, the adoption of secure digital technologies can alleviate the administrative, financial and reputational costs associated with privacy breaches.”

Breaches caused by insecure communications

Privacy commissioners say unencrypted faxes and emails – along with spying and ransomware attacks – have led to many privacy breaches in the care sector health.

To reduce these breaches, privacy commissioners urge governments to:

  • develop a plan to phase out the use of fax machines and unencrypted emails and replace them with more secure methods of communication;
  • ensuring that digital health infrastructure is accessible to all Canadians, including people living in remote communities, marginalized groups and vulnerable populations;
  • promote the adoption of secure technologies and responsible data governance frameworks; and
  • Amend laws and regulations to provide meaningful penalties for health care providers who fail to take meaningful steps to protect personal health information.

Privacy commissioners are also asking health care providers to:

  • replace unencrypted fax machines and e-mails with more secure methods of communication as soon as possible;
  • develop data governance frameworks to protect personal health information;
  • seek advice from experts to evaluate digital health solutions;
  • assess the compatibility of digital health solutions with existing digital assets and compliance with health and privacy laws;
  • conduct a privacy impact assessment and publish a plain language summary; and
  • use a procurement process that ensures third parties comply with applicable laws.

Violations can ‘shake public confidence in the healthcare system’

As we’ve mentioned in previous blogs, the average cost of a data breach hit a record US$4.35 million this year and most breaches have the potential to cause significant harm to those affected. .

“Furthermore, breaches can consume an excessive amount of time and effort to contain and remediate, taking valuable healthcare resources away from other important services,” the privacy commissioners warned in their resolution. . “Misdirected communications and data breaches can also lead to delays in delivering care to individuals, damage the reputation of institutions, and undermine public confidence in the healthcare system.

With so much at stake, healthcare organizations would be well advised to act now to ensure they are taking the necessary steps to protect personal health information. MLT Aikins Privacy, Data Protection and Cybersecurity Group lawyers have extensive experience advising healthcare providers on procurement processes, implementing data governance frameworks and conducting health care assessments. impact on privacy. Contact us to find out how we can help you.

Note: This article is of a general nature only and is not exhaustive of all possible legal rights or remedies. Additionally, laws may change over time and should only be interpreted in the context of particular circumstances, so these materials are not intended to be relied upon or considered legal advice or opinions. Readers should consult a legal professional for specific advice in a particular situation.

Comments are closed.