Commissioner Cavoukian urges the health care professionals to secure all portable storage devices - encrypt by default and avoid the harm
TORONTO, Dec. 14, 2012 /CNW/ - As portable storage devices become increasingly prevalent in the health care sector, concerns also arise regarding the privacy and security of personal health information (PHI). Medical professionals in high-availability data environments, from family doctors to large hospitals, need to ensure data security and protect information through encryption as the default, as the potential for privacy breaches that can be costly and cause lasting damage to their reputation. Taking these steps provides a positive-sum, Privacy by Design approach which benefits both patients and caregivers.
That is why Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian, is taking a proactive approach and launching a new joint paper on December 14, 2012 at Sunnybrook Health Sciences Centre co-authored with Sam Marafioti, V.P. and CIO, and Jeff Curtis, CPO, of Sunnybrook Health Sciences Centre, and Nandini Jolly, President and CEO of CryptoMill Technologies Ltd. The paper introduces the "Circle of Trust" concept, modeled by CryptoMill Technologies after PHIPA's "Circle of Care," which refers to the mobile encryption deployment scenarios and role-based access that enables the free flow of PHI among authorized health-care providers as needed, while at the same time, ensuring PHI remains encrypted and inaccessible to everyone else.
The paper entitled, Encryption by Default and Circles of Trust: Strategies to Secure Personal Information in High-Availability Environments, seeks to stimulate discussion of the challenges and opportunities for assuring PHI security beyond the current state of adoption within health care. In the past, doctors, hospitals and other medical professionals had to deal with stacks of paper-based medical records which are now increasingly moving onto portable storage devices. Commissioner Cavoukian emphasizes the message that, "now is the time to address potential security breaches and additional concerns about privacy. Whether you are a large hospital, a small clinic, a research facility, public service institution, or a private-sector contractor, the message remains the same - encrypt by default and avoid the harm of a privacy breach."
The paper also examines the challenges of encrypting numerous portable devices in a large and complex health care institution such as Sunnybrook - one of Canada's largest hospitals, with a world-class reputation for research, innovation and patient care. While Sunnybrook's current policy is to "encrypt by default," it is not always easy to ensure in such a large and dynamic operating environment. However, Sunnybrook has shown its leadership in privacy and security practices by understanding the message that health care can benefit from improvements in security technologies and access to information without significant user or institutional burden.
"Electronic health information improves the quality of health care by enabling informed decision-making wherever the information is needed, but mobile devices have to be kept safe," says Sam Marafioti, Vice President Development and Corporate Strategy and Chief Information Officer, Sunnybrook Health Sciences Centre. "At Sunnybrook, encryption technology is mandatory for all portable storage devices to ensure that personal health information is kept safe and secure wherever these devices go, allowing our health care teams to do what they do best: care for patients."
Nandini Jolly, President and CEO of CryptoMill Technologies, explains that, "At CryptoMill we take a proactive approach to protecting data and preserving privacy - the very basis of Privacy by Design principles. The necessity to make privacy the default while ensuring a win-win outcome is exactly what we want to achieve by establishing a Trust Boundary solution -- Protect Data, Prevent Accidental breaches and allow for Easy Group Sharing."
|Date & Time:||Friday, December 14, 2012, 9:45 a.m.|
|Location:||Sunnybrook Health Sciences Centre|
|E-Wing - Ground Floor|
|2075 Bayview Ave., Toronto, Ontario|
- Dr. Ann Cavoukian, Information and Privacy Commissioner, Ontario, Canada
- Sam Marafioti, V.P. and CIO, Sunnybrook
- Jeff Curtis, CPO, Sunnybrook
- Nandini Jolly, President and CEO, CryptoMill Technologies Ltd.
Members of the media wishing to attend are kindly asked to please register with the contact below.
About the IPC
The Information and Privacy Commissioner is appointed by, and reports to, the Ontario Legislative Assembly, and is independent of the government of the day. The Commissioner's mandate includes overseeing the access and privacy provisions of the Freedom of Information and Protection of Privacy Act and the Municipal Freedom of Information and Protection of Privacy Act, as well as the Personal Health Information Protection Act, which applies to both public and private sector health information custodians. The Commissioner's mandate also includes helping to educate the public about access and privacy issues.
SOURCE: Office of the Information and Privacy Commissioner/Ontario
For further information:
Media Relations Specialist