Your SlideShare is downloading. ×
0
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Developing a Privacy Culture in Health Care Organizations:The Experiences of eHealth Ontario

1,449

Published on

Smart Systems for Health Agency (now part of eHealth Ontario) developed an award-winning privacy training and awareness program in 2007 to foster a culture of privacy within the organization. This …

Smart Systems for Health Agency (now part of eHealth Ontario) developed an award-winning privacy training and awareness program in 2007 to foster a culture of privacy within the organization. This slideshow, presented to benefit other healthcare organizations at GTEC 2008 (October 2008) , highlights the approach, messaging and tools used in that program.

1 Comment
1 Like
Statistics
Notes
No Downloads
Views
Total Views
1,449
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
56
Comments
1
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Transcript

    • 1. Developing a Privacy Culture in Health Care Organizations The Experiences of eHealth Ontario
    • 2. Notes <ul><li>eHealth Ontario formed by regulation in September 2008 </li></ul><ul><li>The transition of SSHA into eHealth Ontario has commenced. </li></ul><ul><li>Comments today reflect experiences of SSHA and not new Agency. </li></ul>
    • 3. Personal Health Information is Increasingly Vulnerable
    • 4. Canada: Privacy & Healthcare <ul><li>2007 Canada Health Infoway survey </li></ul><ul><li>Canadians reasonably confident that responsible stewardship of personal health data exists. </li></ul><ul><ul><ul><li>79% considers the health information that exists about them to be at least moderately secure. </li></ul></ul></ul><ul><ul><ul><li>Trust in health professionals (e.g., doctors, nurses, pharmacists) is very high; but slightly lower for other groups (e.g., administrators, government departments). </li></ul></ul></ul><ul><ul><ul><li>Trust levels are more mixed outside the realm of immediate health care providers (e.g., computer technicians, insurance companies, researchers). </li></ul></ul></ul><ul><li>“ If you can protect my privacy, I am okay with [electronic health records].” </li></ul>
    • 5. United States: Privacy & Healthcare <ul><li>May 2008 CDT report on privacy and healthcare cites 2006 survey </li></ul><ul><li>When Americans were asked about the benefits of and concerns about online health information: </li></ul><ul><ul><ul><li>80% said they are very concerned about identity theft or fraud; </li></ul></ul></ul><ul><ul><ul><li>77% reported being very concerned about their medical information being used for marketing purposes; </li></ul></ul></ul><ul><ul><ul><li>56% were concerned about employers having access to their health information; and </li></ul></ul></ul><ul><ul><ul><li>53% were concerned about insurers gaining access to this information. </li></ul></ul></ul>
    • 6. The Problem is Not External <ul><li>Gartner Group: </li></ul><ul><ul><ul><li>Employees commit 70% of data breaches. </li></ul></ul></ul><ul><li>2006 CSI/FBI survey: </li></ul><ul><ul><ul><li>92% of insider data thieves had negative work evaluations before breach. </li></ul></ul></ul><ul><li>Univ. of Washington research: </li></ul><ul><ul><ul><li>31% of data breaches between 1980 and 2006 were committed by external parties (e.g. “hackers”). </li></ul></ul></ul>
    • 7. What to Do? <ul><li>In building a culture of privacy, an organization must: </li></ul><ul><ul><ul><li>clearly articulate privacy as an organizational priority; </li></ul></ul></ul><ul><ul><ul><li>communicate key privacy and security messages; </li></ul></ul></ul><ul><ul><ul><li>educate across the organization; </li></ul></ul></ul><ul><ul><ul><li>raise awareness of the importance of registering privacy incidents and breaches; </li></ul></ul></ul><ul><ul><ul><li>build privacy into the fabric of the organization’s activities; and </li></ul></ul></ul><ul><ul><ul><li>make privacy information and guidance readily accessible. </li></ul></ul></ul><ul><li>Think Training AND Awareness </li></ul>
    • 8. Management Communication <ul><li>Management must have effective messaging: </li></ul><ul><ul><ul><li>Information protection isn’t solely a technical or policy issue; it also involves behavior. </li></ul></ul></ul><ul><ul><ul><li>The protection of personal information is a personal responsible for each staff member. </li></ul></ul></ul><ul><ul><ul><li>Information protection is an ongoing initiative, not a short-term project or goal. </li></ul></ul></ul><ul><ul><ul><li>Objective is to change organizational behavior to develop a “culture of privacy”. </li></ul></ul></ul>
    • 9. Use Marketing Approach <ul><li>Brand “privacy awareness,” </li></ul><ul><ul><ul><li>Integrate all the materials into a coherent, consistent, and instantly recognizable campaign. </li></ul></ul></ul><ul><ul><ul><li>Strategy should be to continuously inform and motivate staff and managers. </li></ul></ul></ul><ul><li>SSHA adopted its own theme </li></ul><ul><ul><ul><li>“Get Caught! Doing the Right Thing.” </li></ul></ul></ul>
    • 10. SSHA Awareness Campaigns <ul><li>Objectives: </li></ul><ul><ul><ul><li>Tie campaign to: </li></ul></ul></ul><ul><ul><ul><ul><ul><li>Updated Privacy and Security Standard of Conduct. </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Mandatory staff training. </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Enterprise Security and Privacy Incident Management. </li></ul></ul></ul></ul></ul><ul><ul><ul><li>Raise profile of Privacy and Security: </li></ul></ul></ul><ul><ul><ul><ul><ul><li>“Desk tour” </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Poster campaign </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Telephone hotline and central e-mail </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>“Jeopardy” sessions </li></ul></ul></ul></ul></ul>
    • 11.  
    • 12.  
    • 13. Award-Winning Program <ul><li>GET CAUGHT! won the following International Association of Business Communicators (IABC) awards: </li></ul><ul><li>An international Gold Quill Award of Merit in the Other Graphic Design category; </li></ul><ul><li>A Canadian Silver Leaf Award of Merit in the Other Graphic Design category </li></ul><ul><li>A Toronto chapter Ovation Award of Excellence for Other Graphic Design; and </li></ul><ul><li>A Toronto chapter Ovation Award of Merit for Employee/Member Communications </li></ul>
    • 14.  
    • 15. Privacy Training @ SSHA <ul><li>Online Learning Management System (LMS) with two modules for Privacy and Information Security. </li></ul><ul><li>Mandatory for new employees: to be completed within 30 days of on-boarding date. </li></ul><ul><li>Compliance monitoring done by PS from HR data. </li></ul><ul><li>Non-compliance with requirement results in system lockout. </li></ul>
    • 16. Privacy Training
    • 17. Privacy Training
    • 18. Privacy Training
    • 19. Conclusion <ul><li>A “culture of privacy” is privacy-aware conduct in day-to-day business activities. </li></ul><ul><li>Developing a “culture of privacy” </li></ul><ul><ul><ul><li>Is a long-term exercise; </li></ul></ul></ul><ul><ul><ul><li>Intended to create environment in which personnel automatically behave appropriately with respect to privacy requirements. </li></ul></ul></ul><ul><li>A “culture of privacy” fosters greater confidence among stakeholders in your organization’s information-handling practices. </li></ul><ul><li>A “culture of privacy” requires committed leadership to promote active participation by all staff. </li></ul>
    • 20. www.ssha.on.ca/privacy
    • 21. Questions <ul><li>Michael Power </li></ul><ul><li>Vice President, Privacy and Security </li></ul><ul><li>eHealth Ontario </li></ul><ul><li>[email_address] </li></ul>

    ×