Speakers’ Profile

Speaker 1: Wael Hassan Topic 1: Phipa Updates the profile info text here Speaker 2: A privacyofficerTopic 2: Smart Audit the profile info text here Speaker 3: Bryan YoungerTopic 3: Covid19 and predictive analytics the profile info text Speaker 4: Heath AdamsTopic 4: Health care security threats the profiel text here Speaker 5: Shawn MullicanTopic 5: FOI Innovation the profile …

“HIPAA Compliant” Applications

Canadian healthcare providers have often asked, do health applications advertised as “HIPAA-compliant” offer some legal assurance? Often, the answer is no. The Health Insurance Portability and Accountability Act, the main US law governing privacy and information security in healthcare, does not apply to technological applications as such. Rather, it governs personal health information managed by covered entities such as hospitals, …

Canadian Healthcare and U.S. Cloud Services: Is HIPAA Compliance Good Enough for Canadian Health Data?

Many Canadian healthcare organizations are asking questions about using U.S.-based cloud service providers to manage services such as email and databases. Cloud service providers in the U.S. and public organizations in Canada often ask whether compliance with the Health Insurance Portability and Accountability Act (HIPAA), or with Federal Trade Commission (FTC) recommendations, is relevant in evaluating compliance with Canadian privacy …

Canadian Mobile Health Initiatives: Lessons Learned

Recent Canadian initiatives suggest that mobile health applications can help integrate healthcare into individuals’ daily lives, by enabling remote communication between healthcare providers and patients. These first initiatives have revealed significant opportunities for healthcare, as well as important challenges to be addressed. What lessons do we need to learn from these experiences in order to expand the scope of mobile …

Extending the Reach of Healthcare: Mobile Health Devices, Privacy and CRTC Compliance

Mobile health devices have extended the reach of healthcare by making it possible for clinicians to monitor patients’ health on a day-to-day basis, regardless of their physical location. These technologies have a great potential to improve care for patients who are not well-served by the traditional healthcare system, including people in remote areas and those with complex and chronic health …

Where do we start? Privacy first steps for community health providers

Individual health practitioners and community health organizations usually have some awareness of privacy regulations and have developed a privacy policy, but may struggle to integrate privacy principles into their daily operations. Here are our answers to the question, “Where do we start?” Most community health providers are aware that they are governed by privacy legislation, and have made some effort …

Our Privacy Impact Assessment Approach

Privacy Impact Assessments (PIAs) are a key tool for demonstrating compliance with privacy laws. We outline our approach to basic institutional PIAs, as well as PIAs for multi-institutional or multi-jurisdictional data initiatives. The KI Design approach to a single institutional privacy impact assessment falls in line with the provincial and federal requirements in Ontario and Alberta. The basic purpose of a PIA is …

PHIPA Compliance Meets Innovation

Ontario’s Personal Health Information Protection Act (PHIPA) governs healthcare providers including general practitioners and group practices, long-term care facilities and community care access centres, hospitals, psychiatric facilities, and independent health facilities. PHIPA regulates the collection, use and disclosure of personal health information, and sets out individual rights with regard to personal health information (e.g., consent, access). Healthcare providers are responsible …