Commissioner Cavoukian urges the health care professionals to secure all
portable storage devices - encrypt by default and avoid the harm
TORONTO, Dec. 14, 2012 /CNW/ - As portable storage devices become
increasingly prevalent in the health care sector, concerns also arise
regarding the privacy and security of personal health information
(PHI). Medical professionals in high-availability data environments,
from family doctors to large hospitals, need to ensure data security
and protect information through encryption as the default, as the
potential for privacy breaches that can be costly and cause lasting
damage to their reputation. Taking these steps provides a positive-sum,
Privacy by Design approach which benefits both patients and caregivers.
That is why Ontario's Information and Privacy Commissioner, Dr. Ann
Cavoukian, is taking a proactive approach and launching a new joint
paper on December 14, 2012 at Sunnybrook Health Sciences Centre co-authored with Sam Marafioti,
V.P. and CIO, and Jeff Curtis, CPO, of Sunnybrook Health Sciences
Centre, and Nandini Jolly, President and CEO of CryptoMill Technologies
Ltd. The paper introduces the "Circle of Trust" concept, modeled by
CryptoMill Technologies after PHIPA's "Circle of Care," which refers to the mobile encryption deployment
scenarios and role-based access that enables the free flow of PHI among
authorized health-care providers as needed, while at the same time,
ensuring PHI remains encrypted and inaccessible to everyone else.
The paper entitled, Encryption by Default and Circles of Trust: Strategies to Secure
Personal Information in High-Availability Environments, seeks to stimulate discussion of the challenges and opportunities for
assuring PHI security beyond the current state of adoption within
health care. In the past, doctors, hospitals and other medical
professionals had to deal with stacks of paper-based medical records
which are now increasingly moving onto portable storage devices.
Commissioner Cavoukian emphasizes the message that, "now is the time to
address potential security breaches and additional concerns about
privacy. Whether you are a large hospital, a small clinic, a research
facility, public service institution, or a private-sector contractor,
the message remains the same - encrypt by default and avoid the harm of
a privacy breach."
The paper also examines the challenges of encrypting numerous portable
devices in a large and complex health care institution such as
Sunnybrook - one of Canada's largest hospitals, with a world-class
reputation for research, innovation and patient care. While
Sunnybrook's current policy is to "encrypt by default," it is not
always easy to ensure in such a large and dynamic operating
environment. However, Sunnybrook has shown its leadership in privacy
and security practices by understanding the message that health care
can benefit from improvements in security technologies and access to
information without significant user or institutional burden.
"Electronic health information improves the quality of health care by
enabling informed decision-making wherever the information is needed,
but mobile devices have to be kept safe," says Sam Marafioti, Vice
President Development and Corporate Strategy and Chief Information
Officer, Sunnybrook Health Sciences Centre. "At Sunnybrook, encryption
technology is mandatory for all portable storage devices to ensure that
personal health information is kept safe and secure wherever these
devices go, allowing our health care teams to do what they do best:
care for patients."
Nandini Jolly, President and CEO of CryptoMill Technologies, explains
that, "At CryptoMill we take a proactive approach to protecting data
and preserving privacy - the very basis of Privacy by Design principles. The necessity to make privacy the default while ensuring a
win-win outcome is exactly what we want to achieve by establishing a
Trust Boundary solution -- Protect Data, Prevent Accidental breaches
and allow for Easy Group Sharing."
Date & Time:
Friday, December 14, 2012, 9:45 a.m.
Sunnybrook Health Sciences Centre
E-Wing - Ground Floor
2075 Bayview Ave., Toronto, Ontario
Dr. Ann Cavoukian, Information and Privacy Commissioner, Ontario, Canada
Sam Marafioti, V.P. and CIO, Sunnybrook
Jeff Curtis, CPO, Sunnybrook
Nandini Jolly, President and CEO, CryptoMill Technologies Ltd.
Members of the media wishing to attend are kindly asked to please
register with the contact below.
About the IPC
The Information and Privacy Commissioner is appointed by, and reports
to, the Ontario Legislative Assembly, and is independent of the
government of the day. The Commissioner's mandate includes overseeing
the access and privacy provisions of the Freedom of Information and Protection of Privacy Act and the Municipal Freedom of Information and Protection of Privacy Act, as well as the Personal Health Information Protection Act, which applies to both public and private sector health information
custodians. The Commissioner's mandate also includes helping to educate
the public about access and privacy issues.
SOURCE: Office of the Information and Privacy Commissioner/Ontario
For further information:
Media Relations Specialist