Canadian Healthcare and U.S. Cloud Services: Is HIPAA Compliance Good Enough for Canadian Health Data?

01 May

Many Canadian healthcare organizations are asking questions about using U.S.-based cloud service providers to manage services such as email and databases. Cloud service providers in the U.S. and public organizations in Canada often ask whether compliance with the Health Insurance Portability and Accountability Act (HIPAA), or with Federal Trade Commission (FTC) recommendations, is relevant in evaluating compliance with Canadian privacy …

Extending the Reach of Healthcare: Mobile Health Devices, Privacy and CRTC Compliance

01 May

Mobile health devices have extended the reach of healthcare by making it possible for clinicians to monitor patients’ health on a day-to-day basis, regardless of their physical location. These technologies have a great potential to improve care for patients who are not well-served by the traditional healthcare system, including people in remote areas and those with complex and chronic health …

Where do we start? Privacy first steps for community health providers

01 May

Individual health practitioners and community health organizations usually have some awareness of privacy regulations and have developed a privacy policy, but may struggle to integrate privacy principles into their daily operations. Here are our answers to the question, “Where do we start?” Most community health providers are aware that they are governed by privacy legislation, and have made some effort …

Our Privacy Impact Assessment Approach

01 May

Privacy Impact Assessments (PIAs) are a key tool for demonstrating compliance with privacy laws. We outline our approach to basic institutional PIAs, as well as PIAs for multi-institutional or multi-jurisdictional data initiatives. The KI Design approach to a single institutional privacy impact assessment falls in line with the provincial and federal requirements in Ontario and Alberta. The basic purpose of a PIA is …