Health Information Privacy Breaches

Date:  November 14th 2011 from 12pm to 1pm EST

Abstract:  Private and sensitive patient health records are held in trust by health care professionals and organizations. Because of this trusted relationship, patients assume their health information has been properly safeguarded by those responsible for its care, yet reports of lost, stolen, hacked and inappropriately viewed health data continue to surface.

In 2002 the Alberta Information and Privacy Commissioner issued his first investigation report on a privacy breach under the Health Information Act. This investigation targeted abandoned paper health records found in a parking lot. Since then, the Alberta IPC’s investigations have evolved to reflect increased use of information technology in the health sector. Recent investigations have concentrated on reviewing computer audit logs to detect inappropriate use, data encryption and protecting against malicious software in electronic health records systems. Despite these advances, the root causes of privacy breaches remain remarkably similar.

This webinar traces the evolution of health privacy breaches, reviewing common themes such as why privacy breaches happen, breach detection, mitigation strategies and incident response. Participants will benefit from practical experience gained through over 10 years of privacy investigations led by the Alberta Information and Privacy Commissioner.

Speaker:  Frank Work, Q. C. , Information and Privacy Commissioner of Alberta

Biography:  Alberta appointed its second Information and Privacy Commissioner, Franklin J. Work, Q.C in 2002. Mr. Work oversees the access to information and protection of privacy provisions of Alberta’s Freedom of Information and Protection of Privacy (FOIP) Act, the Health Information Act (HIA) and the Personal Information Protection Act (PIPA). Additionally, Mr. Work informs and educates Albertans about the Acts, taking time to listen to concerns, administer constructive advice to public bodies and custodians and investigate potential abuses.

Speaker: Brian Hamilton, Director, Health Information Act, Office of the Information and Privacy Commissioner of Alberta

Biography: Brian Hamilton joined the Office of the Information and Privacy Commissioner of Alberta as an investigator/mediator in 2006 where he conducted precedent-setting investigations involving health data encryption, biometric identification, and malware attacks and was the lead investigator on Canada’s first successful privacy offence conviction. In 2011, Brian was appointed Director, Health Information Act. Brian’s team investigates health privacy and access complaints, provides advice to Alberta’s health sector, and reviews Privacy Impact Assessments (PIAs).

From 2001 to 2006 Brian was Manager, Privacy and Security at Alberta Health and Wellness, Alberta’s provincial health Ministry. Brian was responsible for over 50 PIA submissions, implemented the Ministry’s first privacy and security policies, led an initiative to ensure that Alberta’s heath sector met minimum information security standards and developed a privacy and security audit framework for the health sector. Brian serves as a member of the COACH Privacy and Security Steering Committee, which produces national guidelines for privacy and security in Canada’s health sector and has also worked as a part-time instructor with the University of Alberta’s Information Access and Privacy program. Brian holds a Masters in Public Administration from Dalhousie University, a B.A. in Political Science and French from Mount Allison University and the Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP) designations.

Download the slides here.