Your SlideShare is downloading. ×
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario

1,438

Published on

Smart Systems for Health Agency (now part of eHealth Ontario) developed an award-winning privacy training and awareness program in 2007 to foster a culture of privacy within the organization. This …

Smart Systems for Health Agency (now part of eHealth Ontario) developed an award-winning privacy training and awareness program in 2007 to foster a culture of privacy within the organization. This slideshow, presented to benefit other healthcare organizations at GTEC 2008 (October 2008) , highlights the approach, messaging and tools used in that program.

1 Comment
1 Like
Statistics
Notes
No Downloads
Views
Total Views
1,438
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
55
Comments
1
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Transcript

    • 1. Developing a Privacy Culture in Health Care Organizations The Experiences of eHealth Ontario
    • 2. Notes
      • eHealth Ontario formed by regulation in September 2008
      • The transition of SSHA into eHealth Ontario has commenced.
      • Comments today reflect experiences of SSHA and not new Agency.
    • 3. Personal Health Information is Increasingly Vulnerable
    • 4. Canada: Privacy & Healthcare
      • 2007 Canada Health Infoway survey
      • Canadians reasonably confident that responsible stewardship of personal health data exists.
          • 79% considers the health information that exists about them to be at least moderately secure.
          • Trust in health professionals (e.g., doctors, nurses, pharmacists) is very high; but slightly lower for other groups (e.g., administrators, government departments).
          • Trust levels are more mixed outside the realm of immediate health care providers (e.g., computer technicians, insurance companies, researchers).
      • “ If you can protect my privacy, I am okay with [electronic health records].”
    • 5. United States: Privacy & Healthcare
      • May 2008 CDT report on privacy and healthcare cites 2006 survey
      • When Americans were asked about the benefits of and concerns about online health information:
          • 80% said they are very concerned about identity theft or fraud;
          • 77% reported being very concerned about their medical information being used for marketing purposes;
          • 56% were concerned about employers having access to their health information; and
          • 53% were concerned about insurers gaining access to this information.
    • 6. The Problem is Not External
      • Gartner Group:
          • Employees commit 70% of data breaches.
      • 2006 CSI/FBI survey:
          • 92% of insider data thieves had negative work evaluations before breach.
      • Univ. of Washington research:
          • 31% of data breaches between 1980 and 2006 were committed by external parties (e.g. “hackers”).
    • 7. What to Do?
      • In building a culture of privacy, an organization must:
          • clearly articulate privacy as an organizational priority;
          • communicate key privacy and security messages;
          • educate across the organization;
          • raise awareness of the importance of registering privacy incidents and breaches;
          • build privacy into the fabric of the organization’s activities; and
          • make privacy information and guidance readily accessible.
      • Think Training AND Awareness
    • 8. Management Communication
      • Management must have effective messaging:
          • Information protection isn’t solely a technical or policy issue; it also involves behavior.
          • The protection of personal information is a personal responsible for each staff member.
          • Information protection is an ongoing initiative, not a short-term project or goal.
          • Objective is to change organizational behavior to develop a “culture of privacy”.
    • 9. Use Marketing Approach
      • Brand “privacy awareness,”
          • Integrate all the materials into a coherent, consistent, and instantly recognizable campaign.
          • Strategy should be to continuously inform and motivate staff and managers.
      • SSHA adopted its own theme
          • “Get Caught! Doing the Right Thing.”
    • 10. SSHA Awareness Campaigns
      • Objectives:
          • Tie campaign to:
              • Updated Privacy and Security Standard of Conduct.
              • Mandatory staff training.
              • Enterprise Security and Privacy Incident Management.
          • Raise profile of Privacy and Security:
              • “Desk tour”
              • Poster campaign
              • Telephone hotline and central e-mail
              • “Jeopardy” sessions
    • 11.  
    • 12.  
    • 13. Award-Winning Program
      • GET CAUGHT! won the following International Association of Business Communicators (IABC) awards:
      • An international Gold Quill Award of Merit in the Other Graphic Design category;
      • A Canadian Silver Leaf Award of Merit in the Other Graphic Design category
      • A Toronto chapter Ovation Award of Excellence for Other Graphic Design; and
      • A Toronto chapter Ovation Award of Merit for Employee/Member Communications
    • 14.  
    • 15. Privacy Training @ SSHA
      • Online Learning Management System (LMS) with two modules for Privacy and Information Security.
      • Mandatory for new employees: to be completed within 30 days of on-boarding date.
      • Compliance monitoring done by PS from HR data.
      • Non-compliance with requirement results in system lockout.
    • 16. Privacy Training
    • 17. Privacy Training
    • 18. Privacy Training
    • 19. Conclusion
      • A “culture of privacy” is privacy-aware conduct in day-to-day business activities.
      • Developing a “culture of privacy”
          • Is a long-term exercise;
          • Intended to create environment in which personnel automatically behave appropriately with respect to privacy requirements.
      • A “culture of privacy” fosters greater confidence among stakeholders in your organization’s information-handling practices.
      • A “culture of privacy” requires committed leadership to promote active participation by all staff.
    • 20. www.ssha.on.ca/privacy
    • 21. Questions
      • Michael Power
      • Vice President, Privacy and Security
      • eHealth Ontario
      • [email_address]

    ×