Canadian healthcare providers have often asked, do health applications advertised as “HIPAA-compliant” offer some legal assurance? Often, the answer is no. The Health Insurance Portability and Accountability Act, the main US law governing privacy and information security in healthcare, does not apply to technological applications as such. Rather, it governs personal health information managed by…
Read more
Many Canadian healthcare organizations are asking questions about using U.S.-based cloud service providers to manage services such as email and databases. Cloud service providers in the U.S. and public organizations in Canada often ask whether compliance with the Health Insurance Portability and Accountability Act (HIPAA), or with Federal Trade Commission (FTC) recommendations, is relevant in…
Read more
Recent Canadian initiatives suggest that mobile health applications can help integrate healthcare into individuals’ daily lives, by enabling remote communication between healthcare providers and patients. These first initiatives have revealed significant opportunities for healthcare, as well as important challenges to be addressed. What lessons do we need to learn from these experiences in order to…
Read more
Mobile health devices have extended the reach of healthcare by making it possible for clinicians to monitor patients’ health on a day-to-day basis, regardless of their physical location. These technologies have a great potential to improve care for patients who are not well-served by the traditional healthcare system, including people in remote areas and those…
Read more
Individual health practitioners and community health organizations usually have some awareness of privacy regulations and have developed a privacy policy, but may struggle to integrate privacy principles into their daily operations. Here are our answers to the question, “Where do we start?” Most community health providers are aware that they are governed by privacy legislation,…
Read more
Privacy Impact Assessments (PIAs) are a key tool for demonstrating compliance with privacy laws. We outline our approach to basic institutional PIAs, as well as PIAs for multi-institutional or multi-jurisdictional data initiatives. The KI Design approach to a single institutional privacy impact assessment falls in line with the provincial and federal requirements in Ontario and Alberta. The basic…
Read more
Ontario’s Personal Health Information Protection Act (PHIPA) governs healthcare providers including general practitioners and group practices, long-term care facilities and community care access centres, hospitals, psychiatric facilities, and independent health facilities. PHIPA regulates the collection, use and disclosure of personal health information, and sets out individual rights with regard to personal health information (e.g., consent,…
Read more