SlideShare a Scribd company logo

Privacy & Confidentiality

Kevin Kim
Kevin Kim

What is privacy and confidentiality, and how to make sure that clients' and employees' personal information is appropriately collected, used, and disclosed?

Government & Nonprofit
1 of 35
Download to read offline
FNHA Privacy Office privacy@fnha.ca Privacy & Security Awareness
2 Introductions  Presenter Introduction  Introductions around the room Agenda  Discuss Privacy and Security  Support your practices around the protection of personal information  Provide opportunity to discuss privacy and security questions, challenges, and ideas
3  Right to be left alone,  Right to be secure in one’s home and free from unwanted interference.  In the context of modern privacy law, privacy means having control over one’s personal information.  Choice of whether to disclose information at all  Control over with whom, and to what extent it is shared  Control over how it is used  Don’t lose control once you’ve released your information “into the wild“ What is Privacy?
4 What is Confidentiality? Noun. “The state of keeping or being kept secret or private” Obligation of an employee and an organization to ensure that personal information is kept secure, and is collected, used, accessed, disclosed, and disposed of only as authorized
5  Information that can be used to identify someone. Examples:  name, address, gender, image, education, income, date of birth, driver's license number,  photographs,  financial information,  medical and genetic information,  employment history  Categories of p.i.  Not business contact information  Not work product information Personal Information is…
www.fnha.ca …but does not include… (a) contact information, or (b) work product information. (a) Information used to contact an individual at a place of business (b) Information prepared by individuals or employees in the context of their work or business. E.g. a work report prepared and signed by an employee would be that employee’s work product information.  Non-identifiable or aggregate information, e.g. statistical information about groups of individuals, is not personal information. 6
www.fnha.ca FIPPA vs. PIPA  Freedom of Information and Protection Act (FIPPA) governs public sector – Access and Privacy  Personal Information Protection Act (PIPA) governs private sector – Privacy (no provision for access to corporate Information)  FNHA and FNHSOs are subject to PIPA, not FIPPA.
Personal information may reside…  Appointment books  Calendars  Front desk/Reception  Sign-in/sign-up sheets  Conversations  Mail 8  File room  Printers  Fax  Computers  Office/Desks  Shredder, shred bin,  Recycling bin
www.fnha.ca THE 10 PRIVACY PRINCIPLES 9 1. Accountability 2. Identifying Purposes 3. Consent 4. Limiting Collection 5. Limiting Use, Disclosure, and Retention 6. Accuracy 7. Safeguard 8. Openness 9. Individual Access 10. Challenging Compliance
www.fnha.cawww.fnha.ca The 10 Privacy Principles – 1. Accountability “Organization shall designate someone to be accountable for the management of personal information.”  Privacy Officer or equivalent to:  Ensure compliance with the privacy law  Respond to access requests, inquiries and complaints  Under PIPA, you must have a written statement describing your information practices (“policy”), how to request access; how to make a complaint, etc. (“procedures”)  Privacy Policy, IT Security Policy, Acceptable Use Policy, Privacy Breach Management Procedure
www.fnha.cawww.fnha.ca The 10 Privacy Principles – 2. Identifying Purposes “An organization must clearly identify the purposes for which personal information is collected, either before or at time of collection.”  You must explain individuals:  what personal information to collect  for what purposes, and  how you intent to use the information  before or at the time of collection.  Use the “reasonable person test” – think about whether a reasonable person with no special interest would consider the way your business handles personal information appropriate.
www.fnha.cawww.fnha.ca The 10 Privacy Principles – 3. Obtaining consent “You almost always needs an individual's consent whenever you collect, use or disclose their Personal Information.”  Consent = permission, agreement, authorization  Express – notifications involved. Verbal or in writing.  Implied – notification is not needed. Obvious situations.  “Informed Consent”  Capacity to consent  No presumption based on age  Clients can change or withdraw consent  You may collect information without consent, but only in limited and specific circumstances
www.fnha.cawww.fnha.ca The 10 Privacy Principles – 4. Limiting Collection “You should collect only the minimum amounts of Personal Information required to achieve the purpose that you stated.”  Before or at the time of the collection  Clients shall be given enough information about the collection (“informed consent”).  Contact information must be provided (e.g., privacy office). Remember: Collecting too much information puts your organization at risk  “Data is a toxic asset and saving it is dangerous” – Bruce Schneier
www.fnha.cawww.fnha.ca 10 Privacy Principles – 5. Limiting Use, Disclosure, and Retention “You must limit use and disclosure of Personal Information to the original purpose that was explained to the person whose personal information you collected.”  If your business wants to use P.I. for a new purpose, you need to go back and obtain new consent for the purpose.  If the P.I. is used to make a decision that affects someone….it must be kept at least one year after using it  As soon as it is no longer needed for any legal or business reason, it must be destroyed or anonymized.
www.fnha.cawww.fnha.ca The 10 Privacy Principles – 6. Accuracy “The organization must make a reasonable effort to ensure the personal information it collects is accurate, complete, and up-to-date.”  An individual may request the correction of his/her personal information  If the record is incorrect or incomplete (for the purposes for which it was collected or is used), the organization must correct the record unless an exception applies  If your organization does not make the correction you must annotate the personal information noting that a correction was requested but not made.
www.fnha.cawww.fnha.ca The 10 Privacy Principles – 7. Safeguards “The organization needs to implement security safeguards to ensure that its staff or contractors handle personal information properly, and to prevent privacy breaches.”  Security safeguards protect personal information from inappropriate collection, use, access, and disclosure.  Security is the mechanism to protect privacy and includes:  Physical Safeguards  Administrative Safeguards  Technical Safeguards
www.fnha.ca PASSWORD PROTECTION  Do not use common passwords that can easily be guessed.  Use passphrase, instead of password:  @ ! # $ %  I bought my house for $1  Take the first letter of each word = Ibmhf$1 “Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.” — Clifford Stoll 17 The 10 Privacy Principles – 7. Safeguards (continued)
www.fnha.ca ACCESS CONTROL – ROLE-BASED, RULE-BASED 18 The 10 Privacy Principles – 7. Safeguards (continued)  Limit access to P.I.  Sensitive information is shared on a “need-to-know” basis.  Ensure all staff know how to properly and confidentially handle P.I. and the steps required for dealing with a breach.
www.fnha.ca PRIVACY BREACH: The loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organization’s security safeguards. 1. Contain the breach 2. Evaluate the risk i. identify what P.I. compromised and assess the potential impact. ii. determine whether notification is necessary to those affected. iii. RROSH = Real Risk of Significant Harm 3. Notification – OIPC, police or the RCMP. 4. Prevention strategies - for the future to make sure it doesn't happen again. Review and update privacy management program and ensure staff are provided regular privacy training as well as refresher training. The 10 Privacy Principles – 7. Safeguards (continued)
www.fnha.ca The 10 Privacy Principles – 7. Safeguards (continued) Real Risk of Significant Harm  Risks to their physical safety/security risk  Identity fraud or theft  Hurt, humiliation, reputation damage, damage to relationships  Loss of business or employment opportunities  Loss of trust  Financial exposure To notify, or not to notify?  However, regardless of how severe the breach may be, it is a generally a good practice to be transparent by reporting it.  It may very well save your organization's reputation in the long run.
www.fnha.cawww.fnha.ca The 10 Privacy Principles – 8. Openness “Be open about your information management policies and procedures.”  Upon request, you need to make the following information available for any clients, customers or employees:  the title and contact information of your designated privacy officer,  the process and individual can follow to access their own P.I., and  information on your policies and practices surrounding personal information.
www.fnha.cawww.fnha.ca The 10 Privacy Principles – 9. Individual Access  Every individual has a right to access his/her personal (health) information, subject to limited exceptions  Where a restriction on access applies, an individual has a right to access to that part of the record that can be severed  Organization must respond as soon as possible to a written access request, but no later than 30 days after receiving the request, subject to extension  Organization may still give access if the request is oral or without a formal request
www.fnha.ca The 10 Privacy Principles – 9. Individual Access (continued) MAY refuse to give someone their Personal Information when:  solicitor-client privilege.  confidential commercial information.  investigation or proceeding that is still going on. MUST refuse to give someone their Personal Information if:  the disclosure could reasonably be expected to:  threaten the safety or physical/ mental health of another individual.  cause immediate or serious harm to the safety or to the physical/ mental health of the requester.  If it would reveal Personal Information about someone else. 23
www.fnha.cawww.fnha.ca The 10 Privacy Principles – 10. Challenging Compliance “Any person to question and challenge and organization's compliance with the Personal information Protection Act.”  Organizations are required by PIPA to develop a process to respond to privacy complaints.  Develop written complaint handling policies and procedures that anyone can access.  Organizations should investigate to resolve all complaints received (OIPC)
www.fnha.ca PRIVACY TIPS AND GUIDES 25
www.fnha.ca  What is your organizational policy for social media?  Content communicated via social media is unprotected and publicly accessible.  Remember: Social media is not free, you are “paying” your personal information. TIP – Protecting Privacy on Social Media:  Create strong passwords  Use enhanced privacy options offered by social media sites  Have the latest anti-virus/anti-spyware software installed 26 Social Media
www.fnha.ca A phishing website (a.k.a. "spoofed" site) tries to steal your account, password or other confidential information by tricking you into believing you are on a legitimate website. Tips to help you identify:  Incorrect company name – www.paypa1.com.  The hyperlinked URL is different from the one shown  The email:  Has improper spelling or grammar  Urges you to take immediate action  Includes suspicious attachments  Ask Login Credentials, Payment Information or other Sensitive Information 27 Beware of Phishing
www.fnha.ca  When talking about work it often involves patients/staff  Be aware of your surroundings  Respect the privacy of patients & co-workers – avoid names  Wait for the right opportunity  Find a private location or lower your voice Walking and Talking – We All Do It!
www.fnha.ca How to Protect Privacy in Daily Work?  “Mind your own business.”  “Need to know”: only access the records and information that are necessary for you to perform your job duties.  Do not share your account  information with others or use someone else’s account. 29
www.fnha.ca Storing & Disposing of Paper  File all clinical information in patients charts.  Lock up paper records when unattended.  Shred unwanted paper or place in shredding bin.  Do not recycle or trash paper with Personal Information.  If unsure, contact privacy office.  Do not remove papers with Personal Information from your worksite unless approved and is necessary.  Report any loss or theft of paper or electronic devices immediately to your manager and privacy office. 30
www.fnha.ca Voice mail, and Faxing  Don’t leave messages containing any personal information on voice mail.  Don’t leave incoming and outgoing mail in unattended receptacles. When faxing, follow procedures:  Use cover sheet.  Confirm fax number before keying (x 3).  Arrange and Confirm prompt Fax pick-up. 31
www.fnha.ca Email, and Text Messaging  Email = postcard.  Sending and receiving Personal Information by email vs. fax  How sensitive? How much? How often?  Password-protected attachment  Shared Drive; SFTP; VPN  Do not send or forward Personal Information to any unauthorized email addresses (e.g. Gmail, Shaw, Telus)  If a patient requests to communicate by email or text messaging:  Be smart.  Minimize – or remove - personal information.  NEVER text Personal Information! 32
www.fnha.ca Final Takeaway: Privacy Do’s and Don‘ts Don’t….  use email to send confidential patient or employee information  access health records unless it’s necessary for your job duty  share confidential information with those who do not have a “need to know”  discuss patient information in an unsecure area  collect more personal information than is necessary Do….  pre-program numbers in fax machines to avoid dialing errors  safeguard confidential patient or employee information at all times  report privacy incidents to your manager or Privacy Office immediately
34 Need help for privacy?  Privacy Office privacy@fnha.ca 604-693-6844 Toll Free 1-844-364-7748  Kevin Kim, Privacy Manager 604-693-6784 Kevin.Kim@fnha.ca  Margaret Lee, Privacy Analyst 604-693-6710 Margaret.Lee@fnha.ca
www.fnha.ca 35

Recommended

Confidentiality
ConfidentialityConfidentiality
ConfidentialityJustina Gee
 
Invasion of privacy
Invasion of privacyInvasion of privacy
Invasion of privacyGHULAMFATIMA24
 
Upholding confidentiality
Upholding confidentialityUpholding confidentiality
Upholding confidentialityTheresa Tapley
 
Confidentiality
ConfidentialityConfidentiality
ConfidentialityDeniseMHA
 
The importance of confidentiality
The importance of confidentialityThe importance of confidentiality
The importance of confidentialityswilson0050
 
The importance of confidentiality
The importance of confidentialityThe importance of confidentiality
The importance of confidentialityMOTHOM0556
 
Confidentiality
ConfidentialityConfidentiality
Confidentialityblutoothe
 
Protecting patients confidentiality slide presentation
Protecting patients confidentiality slide presentationProtecting patients confidentiality slide presentation
Protecting patients confidentiality slide presentationplunkk
 

Recommended

Confidentiality
ConfidentialityConfidentiality
ConfidentialityJustina Gee
 
Invasion of privacy
Invasion of privacyInvasion of privacy
Invasion of privacyGHULAMFATIMA24
 
Upholding confidentiality
Upholding confidentialityUpholding confidentiality
Upholding confidentialityTheresa Tapley
 
Confidentiality
ConfidentialityConfidentiality
ConfidentialityDeniseMHA
 
The importance of confidentiality
The importance of confidentialityThe importance of confidentiality
The importance of confidentialityswilson0050
 
The importance of confidentiality
The importance of confidentialityThe importance of confidentiality
The importance of confidentialityMOTHOM0556
 
Confidentiality
ConfidentialityConfidentiality
Confidentialityblutoothe
 
Protecting patients confidentiality slide presentation
Protecting patients confidentiality slide presentationProtecting patients confidentiality slide presentation
Protecting patients confidentiality slide presentationplunkk
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA BasicsKarna *
 
Confidentiality in the Workplace
Confidentiality in the WorkplaceConfidentiality in the Workplace
Confidentiality in the Workplacesalvarez63
 
Confidentiality New Employee Training (First-Week)
Confidentiality New Employee Training (First-Week)Confidentiality New Employee Training (First-Week)
Confidentiality New Employee Training (First-Week)ChildrensHomeIllinois
 
Patient Privacy and Safety in Healthcare
Patient Privacy and Safety in HealthcarePatient Privacy and Safety in Healthcare
Patient Privacy and Safety in HealthcareQueen Myers
 
Health care confidentiality and privacy
Health care confidentiality and privacyHealth care confidentiality and privacy
Health care confidentiality and privacysawanda
 
Confidentiality and Data Protection in Health Care
Confidentiality and Data Protection in Health CareConfidentiality and Data Protection in Health Care
Confidentiality and Data Protection in Health CareVaileth Mdete
 
Privacy & confedentiality
Privacy & confedentialityPrivacy & confedentiality
Privacy & confedentialityHemang Patel
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowCompliancy Group
 
Revised Telemedicine Guidelines
Revised Telemedicine GuidelinesRevised Telemedicine Guidelines
Revised Telemedicine GuidelinesTiE Bangalore
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
Human resources: protecting confidentiality
Human resources: protecting confidentiality Human resources: protecting confidentiality
Human resources: protecting confidentiality KelbySchwender
 
MODULE 8 - PRIVACY AND CONFIDENTIALITY
MODULE 8 - PRIVACY AND CONFIDENTIALITYMODULE 8 - PRIVACY AND CONFIDENTIALITY
MODULE 8 - PRIVACY AND CONFIDENTIALITYDr Ghaiath Hussein
 
Privacy and confidentiality
Privacy and confidentialityPrivacy and confidentiality
Privacy and confidentialityjohnzinn
 
Healthcare confidentiality training.2013bev
Healthcare confidentiality training.2013bevHealthcare confidentiality training.2013bev
Healthcare confidentiality training.2013bevblk70130
 
Confidentiality
ConfidentialityConfidentiality
ConfidentialityLLSS64
 
Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118robint2125
 
HIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYHIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYmariaradziminski
 
Non-Disclosure Agreement: key points
Non-Disclosure Agreement: key pointsNon-Disclosure Agreement: key points
Non-Disclosure Agreement: key pointsLegal artviser
 
Hitech Act
Hitech ActHitech Act
Hitech ActISACA New England
 
Privacy and confidentiality
Privacy and confidentialityPrivacy and confidentiality
Privacy and confidentialityjaredbrady
 
4514611.ppt
4514611.ppt4514611.ppt
4514611.pptssusera4419c
 
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension Inc.
 

More Related Content

What's hot

HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA BasicsKarna *
 
Confidentiality in the Workplace
Confidentiality in the WorkplaceConfidentiality in the Workplace
Confidentiality in the Workplacesalvarez63
 
Confidentiality New Employee Training (First-Week)
Confidentiality New Employee Training (First-Week)Confidentiality New Employee Training (First-Week)
Confidentiality New Employee Training (First-Week)ChildrensHomeIllinois
 
Patient Privacy and Safety in Healthcare
Patient Privacy and Safety in HealthcarePatient Privacy and Safety in Healthcare
Patient Privacy and Safety in HealthcareQueen Myers
 
Health care confidentiality and privacy
Health care confidentiality and privacyHealth care confidentiality and privacy
Health care confidentiality and privacysawanda
 
Confidentiality and Data Protection in Health Care
Confidentiality and Data Protection in Health CareConfidentiality and Data Protection in Health Care
Confidentiality and Data Protection in Health CareVaileth Mdete
 
Privacy & confedentiality
Privacy & confedentialityPrivacy & confedentiality
Privacy & confedentialityHemang Patel
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowCompliancy Group
 
Revised Telemedicine Guidelines
Revised Telemedicine GuidelinesRevised Telemedicine Guidelines
Revised Telemedicine GuidelinesTiE Bangalore
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
Human resources: protecting confidentiality
Human resources: protecting confidentiality Human resources: protecting confidentiality
Human resources: protecting confidentiality KelbySchwender
 
MODULE 8 - PRIVACY AND CONFIDENTIALITY
MODULE 8 - PRIVACY AND CONFIDENTIALITYMODULE 8 - PRIVACY AND CONFIDENTIALITY
MODULE 8 - PRIVACY AND CONFIDENTIALITYDr Ghaiath Hussein
 
Privacy and confidentiality
Privacy and confidentialityPrivacy and confidentiality
Privacy and confidentialityjohnzinn
 
Healthcare confidentiality training.2013bev
Healthcare confidentiality training.2013bevHealthcare confidentiality training.2013bev
Healthcare confidentiality training.2013bevblk70130
 
Confidentiality
ConfidentialityConfidentiality
ConfidentialityLLSS64
 
Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118robint2125
 
HIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYHIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYmariaradziminski
 
Non-Disclosure Agreement: key points
Non-Disclosure Agreement: key pointsNon-Disclosure Agreement: key points
Non-Disclosure Agreement: key pointsLegal artviser
 
Privacy and confidentiality
Privacy and confidentialityPrivacy and confidentiality
Privacy and confidentialityjaredbrady
 

What's hot (20)

HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA Basics
 
Confidentiality in the Workplace
Confidentiality in the WorkplaceConfidentiality in the Workplace
Confidentiality in the Workplace
 
Confidentiality New Employee Training (First-Week)
Confidentiality New Employee Training (First-Week)Confidentiality New Employee Training (First-Week)
Confidentiality New Employee Training (First-Week)
 
Patient Privacy and Safety in Healthcare
Patient Privacy and Safety in HealthcarePatient Privacy and Safety in Healthcare
Patient Privacy and Safety in Healthcare
 
Health care confidentiality and privacy
Health care confidentiality and privacyHealth care confidentiality and privacy
Health care confidentiality and privacy
 
Confidentiality and Data Protection in Health Care
Confidentiality and Data Protection in Health CareConfidentiality and Data Protection in Health Care
Confidentiality and Data Protection in Health Care
 
Privacy & confedentiality
Privacy & confedentialityPrivacy & confedentiality
Privacy & confedentiality
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to know
 
Revised Telemedicine Guidelines
Revised Telemedicine GuidelinesRevised Telemedicine Guidelines
Revised Telemedicine Guidelines
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
 
Human resources: protecting confidentiality
Human resources: protecting confidentiality Human resources: protecting confidentiality
Human resources: protecting confidentiality
 
MODULE 8 - PRIVACY AND CONFIDENTIALITY
MODULE 8 - PRIVACY AND CONFIDENTIALITYMODULE 8 - PRIVACY AND CONFIDENTIALITY
MODULE 8 - PRIVACY AND CONFIDENTIALITY
 
Privacy and confidentiality
Privacy and confidentialityPrivacy and confidentiality
Privacy and confidentiality
 
Healthcare confidentiality training.2013bev
Healthcare confidentiality training.2013bevHealthcare confidentiality training.2013bev
Healthcare confidentiality training.2013bev
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118
 
HIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYHIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGY
 
Non-Disclosure Agreement: key points
Non-Disclosure Agreement: key pointsNon-Disclosure Agreement: key points
Non-Disclosure Agreement: key points
 
Hitech Act
Hitech ActHitech Act
Hitech Act
 
Privacy and confidentiality
Privacy and confidentialityPrivacy and confidentiality
Privacy and confidentiality
 

Similar to Privacy & Confidentiality

Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension Inc.
 
Privacy Information for Nonprofit Organizations in Alberta
Privacy Information for Nonprofit Organizations in AlbertaPrivacy Information for Nonprofit Organizations in Alberta
Privacy Information for Nonprofit Organizations in AlbertaVolunteer Alberta
 
Chapter 5HIPAA and HITECHLearning ObjectivesUnde
Chapter 5HIPAA and HITECHLearning ObjectivesUndeChapter 5HIPAA and HITECHLearning ObjectivesUnde
Chapter 5HIPAA and HITECHLearning ObjectivesUndeWilheminaRossi174
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
2014-09-18 Protection of Personal Information Act readiness workshop
2014-09-18 Protection of Personal Information Act readiness workshop2014-09-18 Protection of Personal Information Act readiness workshop
2014-09-18 Protection of Personal Information Act readiness workshopPaul Jacobson
 
Privacy friend or foe
Privacy friend or foePrivacy friend or foe
Privacy friend or foeMiriam Dayhew
 
Lawyers: What You Don't Know About HIPAA Could Hurt You
Lawyers: What You Don't Know About HIPAA Could Hurt YouLawyers: What You Don't Know About HIPAA Could Hurt You
Lawyers: What You Don't Know About HIPAA Could Hurt YouOregon Law Practice Management
 
Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015Patrick Doyle
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyimehreenx
 
2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness WorkshopPaul Jacobson
 
HIPAA Breach NotificationRule - What you must do to comply - By Compliance Gl...
HIPAA Breach NotificationRule - What you must do to comply - By Compliance Gl...HIPAA Breach NotificationRule - What you must do to comply - By Compliance Gl...
HIPAA Breach NotificationRule - What you must do to comply - By Compliance Gl...Compliance Global Inc
 
Confidentiality & HIPAA Training Week 1 Discussion 2
Confidentiality & HIPAA Training Week 1 Discussion 2Confidentiality & HIPAA Training Week 1 Discussion 2
Confidentiality & HIPAA Training Week 1 Discussion 2Melissa Morris
 
A Case For Information Protection Programs
A Case For Information Protection ProgramsA Case For Information Protection Programs
A Case For Information Protection ProgramsMichael Annis
 
Top 10 Social Media Liability Issues for PR Independent Consultants
Top 10 Social Media Liability Issues for PR Independent ConsultantsTop 10 Social Media Liability Issues for PR Independent Consultants
Top 10 Social Media Liability Issues for PR Independent ConsultantsDeborah Gonzalez, Esq.
 
Information Privacy?! (GDPR)
Information Privacy?! (GDPR)Information Privacy?! (GDPR)
Information Privacy?! (GDPR)Michel Bitter
 

Similar to Privacy & Confidentiality (20)

4514611.ppt
4514611.ppt4514611.ppt
4514611.ppt
 
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
 
Privacy Access Letter I Feb 5 07
Privacy Access Letter I Feb 5 07Privacy Access Letter I Feb 5 07
Privacy Access Letter I Feb 5 07
 
Privacy Information for Nonprofit Organizations in Alberta
Privacy Information for Nonprofit Organizations in AlbertaPrivacy Information for Nonprofit Organizations in Alberta
Privacy Information for Nonprofit Organizations in Alberta
 
Chapter 5HIPAA and HITECHLearning ObjectivesUnde
Chapter 5HIPAA and HITECHLearning ObjectivesUndeChapter 5HIPAA and HITECHLearning ObjectivesUnde
Chapter 5HIPAA and HITECHLearning ObjectivesUnde
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
 
2014-09-18 Protection of Personal Information Act readiness workshop
2014-09-18 Protection of Personal Information Act readiness workshop2014-09-18 Protection of Personal Information Act readiness workshop
2014-09-18 Protection of Personal Information Act readiness workshop
 
Privacy friend or foe
Privacy friend or foePrivacy friend or foe
Privacy friend or foe
 
Can we ask that
Can we ask thatCan we ask that
Can we ask that
 
Lawyers: What You Don't Know About HIPAA Could Hurt You
Lawyers: What You Don't Know About HIPAA Could Hurt YouLawyers: What You Don't Know About HIPAA Could Hurt You
Lawyers: What You Don't Know About HIPAA Could Hurt You
 
Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINAL
 
2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop
 
HIPAA Breach NotificationRule - What you must do to comply - By Compliance Gl...
HIPAA Breach NotificationRule - What you must do to comply - By Compliance Gl...HIPAA Breach NotificationRule - What you must do to comply - By Compliance Gl...
HIPAA Breach NotificationRule - What you must do to comply - By Compliance Gl...
 
Confidentiality & HIPAA Training Week 1 Discussion 2
Confidentiality & HIPAA Training Week 1 Discussion 2Confidentiality & HIPAA Training Week 1 Discussion 2
Confidentiality & HIPAA Training Week 1 Discussion 2
 
A Case For Information Protection Programs
A Case For Information Protection ProgramsA Case For Information Protection Programs
A Case For Information Protection Programs
 
Top 10 Social Media Liability Issues for PR Independent Consultants
Top 10 Social Media Liability Issues for PR Independent ConsultantsTop 10 Social Media Liability Issues for PR Independent Consultants
Top 10 Social Media Liability Issues for PR Independent Consultants
 
HIPPA
HIPPAHIPPA
HIPPA
 
Information Privacy?! (GDPR)
Information Privacy?! (GDPR)Information Privacy?! (GDPR)
Information Privacy?! (GDPR)
 

Recently uploaded

YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdfYHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdfyalehistoricalreview
 
(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证mbetknu
 
(ANIKA) Call Girls Wadki ( 7001035870 ) HI-Fi Pune Escorts Service
(ANIKA) Call Girls Wadki ( 7001035870 ) HI-Fi Pune Escorts Service(ANIKA) Call Girls Wadki ( 7001035870 ) HI-Fi Pune Escorts Service
(ANIKA) Call Girls Wadki ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Vip Vaishali Escorts Service Call -> 9999965857 Available 24x7 ^ Call Girls G...
Vip Vaishali Escorts Service Call -> 9999965857 Available 24x7 ^ Call Girls G...Vip Vaishali Escorts Service Call -> 9999965857 Available 24x7 ^ Call Girls G...
Vip Vaishali Escorts Service Call -> 9999965857 Available 24x7 ^ Call Girls G...ankitnayak356677
 
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...narwatsonia7
 
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...ankitnayak356677
 
(PRIYA) Call Girls Rajgurunagar ( 7001035870 ) HI-Fi Pune Escorts Service
(PRIYA) Call Girls Rajgurunagar ( 7001035870 ) HI-Fi Pune Escorts Service(PRIYA) Call Girls Rajgurunagar ( 7001035870 ) HI-Fi Pune Escorts Service
(PRIYA) Call Girls Rajgurunagar ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012rehmti665
 
Earth Day 2024 - AMC "COMMON GROUND'' movie night.
Earth Day 2024 - AMC "COMMON GROUND'' movie night.Earth Day 2024 - AMC "COMMON GROUND'' movie night.
Earth Day 2024 - AMC "COMMON GROUND'' movie night.Christina Parmionova
 
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...narwatsonia7
 
(NEHA) Bhosari Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(NEHA) Bhosari Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(NEHA) Bhosari Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(NEHA) Bhosari Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...
VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...
VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...Garima Khatri
 
Take action for a healthier planet and brighter future.
Take action for a healthier planet and brighter future.Take action for a healthier planet and brighter future.
Take action for a healthier planet and brighter future.Christina Parmionova
 
VIP High Profile Call Girls Gorakhpur Aarushi 8250192130 Independent Escort S...
VIP High Profile Call Girls Gorakhpur Aarushi 8250192130 Independent Escort S...VIP High Profile Call Girls Gorakhpur Aarushi 8250192130 Independent Escort S...
VIP High Profile Call Girls Gorakhpur Aarushi 8250192130 Independent Escort S...Suhani Kapoor
 
history of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhistory of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhellokittymaearciaga
 
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...yalehistoricalreview
 
DNV publication: China Energy Transition Outlook 2024
DNV publication: China Energy Transition Outlook 2024DNV publication: China Energy Transition Outlook 2024
DNV publication: China Energy Transition Outlook 2024Energy for One World
 

Recently uploaded (20)

YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdfYHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
 
(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证
 
(ANIKA) Call Girls Wadki ( 7001035870 ) HI-Fi Pune Escorts Service
(ANIKA) Call Girls Wadki ( 7001035870 ) HI-Fi Pune Escorts Service(ANIKA) Call Girls Wadki ( 7001035870 ) HI-Fi Pune Escorts Service
(ANIKA) Call Girls Wadki ( 7001035870 ) HI-Fi Pune Escorts Service
 
Vip Vaishali Escorts Service Call -> 9999965857 Available 24x7 ^ Call Girls G...
Vip Vaishali Escorts Service Call -> 9999965857 Available 24x7 ^ Call Girls G...Vip Vaishali Escorts Service Call -> 9999965857 Available 24x7 ^ Call Girls G...
Vip Vaishali Escorts Service Call -> 9999965857 Available 24x7 ^ Call Girls G...
 
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...
 
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
 
(PRIYA) Call Girls Rajgurunagar ( 7001035870 ) HI-Fi Pune Escorts Service
(PRIYA) Call Girls Rajgurunagar ( 7001035870 ) HI-Fi Pune Escorts Service(PRIYA) Call Girls Rajgurunagar ( 7001035870 ) HI-Fi Pune Escorts Service
(PRIYA) Call Girls Rajgurunagar ( 7001035870 ) HI-Fi Pune Escorts Service
 
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
 
Earth Day 2024 - AMC "COMMON GROUND'' movie night.
Earth Day 2024 - AMC "COMMON GROUND'' movie night.Earth Day 2024 - AMC "COMMON GROUND'' movie night.
Earth Day 2024 - AMC "COMMON GROUND'' movie night.
 
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
 
(NEHA) Bhosari Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(NEHA) Bhosari Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(NEHA) Bhosari Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(NEHA) Bhosari Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
The Federal Budget and Health Care Policy
The Federal Budget and Health Care PolicyThe Federal Budget and Health Care Policy
The Federal Budget and Health Care Policy
 
VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...
VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...
VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...
 
Take action for a healthier planet and brighter future.
Take action for a healthier planet and brighter future.Take action for a healthier planet and brighter future.
Take action for a healthier planet and brighter future.
 
VIP High Profile Call Girls Gorakhpur Aarushi 8250192130 Independent Escort S...
VIP High Profile Call Girls Gorakhpur Aarushi 8250192130 Independent Escort S...VIP High Profile Call Girls Gorakhpur Aarushi 8250192130 Independent Escort S...
VIP High Profile Call Girls Gorakhpur Aarushi 8250192130 Independent Escort S...
 
history of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhistory of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptx
 
Model Town (Delhi) 9953330565 Escorts, Call Girls Services
Model Town (Delhi) 9953330565 Escorts, Call Girls ServicesModel Town (Delhi) 9953330565 Escorts, Call Girls Services
Model Town (Delhi) 9953330565 Escorts, Call Girls Services
 
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
 
Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...
 
DNV publication: China Energy Transition Outlook 2024
DNV publication: China Energy Transition Outlook 2024DNV publication: China Energy Transition Outlook 2024
DNV publication: China Energy Transition Outlook 2024
 

Privacy & Confidentiality

  • 2. 2 Introductions  Presenter Introduction  Introductions around the room Agenda  Discuss Privacy and Security  Support your practices around the protection of personal information  Provide opportunity to discuss privacy and security questions, challenges, and ideas
  • 3. 3  Right to be left alone,  Right to be secure in one’s home and free from unwanted interference.  In the context of modern privacy law, privacy means having control over one’s personal information.  Choice of whether to disclose information at all  Control over with whom, and to what extent it is shared  Control over how it is used  Don’t lose control once you’ve released your information “into the wild“ What is Privacy?
  • 4. 4 What is Confidentiality? Noun. “The state of keeping or being kept secret or private” Obligation of an employee and an organization to ensure that personal information is kept secure, and is collected, used, accessed, disclosed, and disposed of only as authorized
  • 5. 5  Information that can be used to identify someone. Examples:  name, address, gender, image, education, income, date of birth, driver's license number,  photographs,  financial information,  medical and genetic information,  employment history  Categories of p.i.  Not business contact information  Not work product information Personal Information is…
  • 6. www.fnha.ca …but does not include… (a) contact information, or (b) work product information. (a) Information used to contact an individual at a place of business (b) Information prepared by individuals or employees in the context of their work or business. E.g. a work report prepared and signed by an employee would be that employee’s work product information.  Non-identifiable or aggregate information, e.g. statistical information about groups of individuals, is not personal information. 6
  • 7. www.fnha.ca FIPPA vs. PIPA  Freedom of Information and Protection Act (FIPPA) governs public sector – Access and Privacy  Personal Information Protection Act (PIPA) governs private sector – Privacy (no provision for access to corporate Information)  FNHA and FNHSOs are subject to PIPA, not FIPPA.
  • 8. Personal information may reside…  Appointment books  Calendars  Front desk/Reception  Sign-in/sign-up sheets  Conversations  Mail 8  File room  Printers  Fax  Computers  Office/Desks  Shredder, shred bin,  Recycling bin
  • 9. www.fnha.ca THE 10 PRIVACY PRINCIPLES 9 1. Accountability 2. Identifying Purposes 3. Consent 4. Limiting Collection 5. Limiting Use, Disclosure, and Retention 6. Accuracy 7. Safeguard 8. Openness 9. Individual Access 10. Challenging Compliance
  • 10. www.fnha.cawww.fnha.ca The 10 Privacy Principles – 1. Accountability “Organization shall designate someone to be accountable for the management of personal information.”  Privacy Officer or equivalent to:  Ensure compliance with the privacy law  Respond to access requests, inquiries and complaints  Under PIPA, you must have a written statement describing your information practices (“policy”), how to request access; how to make a complaint, etc. (“procedures”)  Privacy Policy, IT Security Policy, Acceptable Use Policy, Privacy Breach Management Procedure
  • 11. www.fnha.cawww.fnha.ca The 10 Privacy Principles – 2. Identifying Purposes “An organization must clearly identify the purposes for which personal information is collected, either before or at time of collection.”  You must explain individuals:  what personal information to collect  for what purposes, and  how you intent to use the information  before or at the time of collection.  Use the “reasonable person test” – think about whether a reasonable person with no special interest would consider the way your business handles personal information appropriate.
  • 12. www.fnha.cawww.fnha.ca The 10 Privacy Principles – 3. Obtaining consent “You almost always needs an individual's consent whenever you collect, use or disclose their Personal Information.”  Consent = permission, agreement, authorization  Express – notifications involved. Verbal or in writing.  Implied – notification is not needed. Obvious situations.  “Informed Consent”  Capacity to consent  No presumption based on age  Clients can change or withdraw consent  You may collect information without consent, but only in limited and specific circumstances
  • 13. www.fnha.cawww.fnha.ca The 10 Privacy Principles – 4. Limiting Collection “You should collect only the minimum amounts of Personal Information required to achieve the purpose that you stated.”  Before or at the time of the collection  Clients shall be given enough information about the collection (“informed consent”).  Contact information must be provided (e.g., privacy office). Remember: Collecting too much information puts your organization at risk  “Data is a toxic asset and saving it is dangerous” – Bruce Schneier
  • 14. www.fnha.cawww.fnha.ca 10 Privacy Principles – 5. Limiting Use, Disclosure, and Retention “You must limit use and disclosure of Personal Information to the original purpose that was explained to the person whose personal information you collected.”  If your business wants to use P.I. for a new purpose, you need to go back and obtain new consent for the purpose.  If the P.I. is used to make a decision that affects someone….it must be kept at least one year after using it  As soon as it is no longer needed for any legal or business reason, it must be destroyed or anonymized.
  • 15. www.fnha.cawww.fnha.ca The 10 Privacy Principles – 6. Accuracy “The organization must make a reasonable effort to ensure the personal information it collects is accurate, complete, and up-to-date.”  An individual may request the correction of his/her personal information  If the record is incorrect or incomplete (for the purposes for which it was collected or is used), the organization must correct the record unless an exception applies  If your organization does not make the correction you must annotate the personal information noting that a correction was requested but not made.
  • 16. www.fnha.cawww.fnha.ca The 10 Privacy Principles – 7. Safeguards “The organization needs to implement security safeguards to ensure that its staff or contractors handle personal information properly, and to prevent privacy breaches.”  Security safeguards protect personal information from inappropriate collection, use, access, and disclosure.  Security is the mechanism to protect privacy and includes:  Physical Safeguards  Administrative Safeguards  Technical Safeguards
  • 17. www.fnha.ca PASSWORD PROTECTION  Do not use common passwords that can easily be guessed.  Use passphrase, instead of password:  @ ! # $ %  I bought my house for $1  Take the first letter of each word = Ibmhf$1 “Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.” — Clifford Stoll 17 The 10 Privacy Principles – 7. Safeguards (continued)
  • 18. www.fnha.ca ACCESS CONTROL – ROLE-BASED, RULE-BASED 18 The 10 Privacy Principles – 7. Safeguards (continued)  Limit access to P.I.  Sensitive information is shared on a “need-to-know” basis.  Ensure all staff know how to properly and confidentially handle P.I. and the steps required for dealing with a breach.
  • 19. www.fnha.ca PRIVACY BREACH: The loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organization’s security safeguards. 1. Contain the breach 2. Evaluate the risk i. identify what P.I. compromised and assess the potential impact. ii. determine whether notification is necessary to those affected. iii. RROSH = Real Risk of Significant Harm 3. Notification – OIPC, police or the RCMP. 4. Prevention strategies - for the future to make sure it doesn't happen again. Review and update privacy management program and ensure staff are provided regular privacy training as well as refresher training. The 10 Privacy Principles – 7. Safeguards (continued)
  • 20. www.fnha.ca The 10 Privacy Principles – 7. Safeguards (continued) Real Risk of Significant Harm  Risks to their physical safety/security risk  Identity fraud or theft  Hurt, humiliation, reputation damage, damage to relationships  Loss of business or employment opportunities  Loss of trust  Financial exposure To notify, or not to notify?  However, regardless of how severe the breach may be, it is a generally a good practice to be transparent by reporting it.  It may very well save your organization's reputation in the long run.
  • 21. www.fnha.cawww.fnha.ca The 10 Privacy Principles – 8. Openness “Be open about your information management policies and procedures.”  Upon request, you need to make the following information available for any clients, customers or employees:  the title and contact information of your designated privacy officer,  the process and individual can follow to access their own P.I., and  information on your policies and practices surrounding personal information.
  • 22. www.fnha.cawww.fnha.ca The 10 Privacy Principles – 9. Individual Access  Every individual has a right to access his/her personal (health) information, subject to limited exceptions  Where a restriction on access applies, an individual has a right to access to that part of the record that can be severed  Organization must respond as soon as possible to a written access request, but no later than 30 days after receiving the request, subject to extension  Organization may still give access if the request is oral or without a formal request
  • 23. www.fnha.ca The 10 Privacy Principles – 9. Individual Access (continued) MAY refuse to give someone their Personal Information when:  solicitor-client privilege.  confidential commercial information.  investigation or proceeding that is still going on. MUST refuse to give someone their Personal Information if:  the disclosure could reasonably be expected to:  threaten the safety or physical/ mental health of another individual.  cause immediate or serious harm to the safety or to the physical/ mental health of the requester.  If it would reveal Personal Information about someone else. 23
  • 24. www.fnha.cawww.fnha.ca The 10 Privacy Principles – 10. Challenging Compliance “Any person to question and challenge and organization's compliance with the Personal information Protection Act.”  Organizations are required by PIPA to develop a process to respond to privacy complaints.  Develop written complaint handling policies and procedures that anyone can access.  Organizations should investigate to resolve all complaints received (OIPC)
  • 26. www.fnha.ca  What is your organizational policy for social media?  Content communicated via social media is unprotected and publicly accessible.  Remember: Social media is not free, you are “paying” your personal information. TIP – Protecting Privacy on Social Media:  Create strong passwords  Use enhanced privacy options offered by social media sites  Have the latest anti-virus/anti-spyware software installed 26 Social Media
  • 27. www.fnha.ca A phishing website (a.k.a. "spoofed" site) tries to steal your account, password or other confidential information by tricking you into believing you are on a legitimate website. Tips to help you identify:  Incorrect company name – www.paypa1.com.  The hyperlinked URL is different from the one shown  The email:  Has improper spelling or grammar  Urges you to take immediate action  Includes suspicious attachments  Ask Login Credentials, Payment Information or other Sensitive Information 27 Beware of Phishing
  • 28. www.fnha.ca  When talking about work it often involves patients/staff  Be aware of your surroundings  Respect the privacy of patients & co-workers – avoid names  Wait for the right opportunity  Find a private location or lower your voice Walking and Talking – We All Do It!
  • 29. www.fnha.ca How to Protect Privacy in Daily Work?  “Mind your own business.”  “Need to know”: only access the records and information that are necessary for you to perform your job duties.  Do not share your account  information with others or use someone else’s account. 29
  • 30. www.fnha.ca Storing & Disposing of Paper  File all clinical information in patients charts.  Lock up paper records when unattended.  Shred unwanted paper or place in shredding bin.  Do not recycle or trash paper with Personal Information.  If unsure, contact privacy office.  Do not remove papers with Personal Information from your worksite unless approved and is necessary.  Report any loss or theft of paper or electronic devices immediately to your manager and privacy office. 30
  • 31. www.fnha.ca Voice mail, and Faxing  Don’t leave messages containing any personal information on voice mail.  Don’t leave incoming and outgoing mail in unattended receptacles. When faxing, follow procedures:  Use cover sheet.  Confirm fax number before keying (x 3).  Arrange and Confirm prompt Fax pick-up. 31
  • 32. www.fnha.ca Email, and Text Messaging  Email = postcard.  Sending and receiving Personal Information by email vs. fax  How sensitive? How much? How often?  Password-protected attachment  Shared Drive; SFTP; VPN  Do not send or forward Personal Information to any unauthorized email addresses (e.g. Gmail, Shaw, Telus)  If a patient requests to communicate by email or text messaging:  Be smart.  Minimize – or remove - personal information.  NEVER text Personal Information! 32
  • 33. www.fnha.ca Final Takeaway: Privacy Do’s and Don‘ts Don’t….  use email to send confidential patient or employee information  access health records unless it’s necessary for your job duty  share confidential information with those who do not have a “need to know”  discuss patient information in an unsecure area  collect more personal information than is necessary Do….  pre-program numbers in fax machines to avoid dialing errors  safeguard confidential patient or employee information at all times  report privacy incidents to your manager or Privacy Office immediately
  • 34. 34 Need help for privacy?  Privacy Office privacy@fnha.ca 604-693-6844 Toll Free 1-844-364-7748  Kevin Kim, Privacy Manager 604-693-6784 Kevin.Kim@fnha.ca  Margaret Lee, Privacy Analyst 604-693-6710 Margaret.Lee@fnha.ca