CIHI Portal P r i v a c y I m p a c t A s s e s s m e n t

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "CIHI Portal P r i v a c y I m p a c t A s s e s s m e n t"

Transcription

1 CIHI Portal P r i v a c y I m p a c t A s s e s s m e n t

2 The contents of this publication may be reproduced in whole or in part, provided the intended use is for non-commercial purposes and full acknowledgement is given to the Canadian Institute for Health Information. Canadian Institute for Health Information 495 Richmond Road, Suite 600 Ottawa, Ontario K2A 4H6 Phone: Fax: Canadian Institute for Health Information

3 Table of Contents CIHI Portal Privacy Impact Assessment... iii Executive Summary... v 1. Introduction PIA Objectives and Scope CIHI Portal Background and Context Background Description of CIHI Portal Description of Data Accessible Through CIHI Portal Organization and Governance Authorities Governing CIHI Portal CIHI Portal Overview Diagram Privacy Analysis Principle 1: Accountability for Personal Health Information Principle 2: Identifying Purposes for Personal Health Information Principle 3: Consent for the Collection, Use or Disclosure of Personal Health Information Principle 4: Limiting Collection of Personal Health Information Principle 5: Limiting Use, Disclosure and Retention of Personal Health Information Principle 6: Accuracy of Personal Health Information Principle 7: Safeguards for Personal Health Information Principle 8: Openness About the Management of Personal Health Information Principle 9: Individual Access to, and Amendment of, Personal Health Information Principle 10: Complaints About CIHI s Handling of Personal Health Information Conclusion Appendix A Summary of Identified Privacy Risks, Mitigation Measures Currently in Place and Recommendations Appendix B Glossary of Terms Appendix C Examples of CIHI Portal Data Appendix D Acknowledgement of the Conditions of Use of CIHI Portal... 26

4

5 CIHI Portal Privacy Impact Assessment Prepared by: Peter Pakeman, Program Consultant, Privacy and Legal Services, CIHI Mary Ledoux, Senior Privacy Consultant, Privacy and Legal Services, CIHI Mimi Lepage, Chief Privacy Officer and General Counsel, Privacy and Legal Services, CIHI Caroline Heick, Director, Acute and Ambulatory Care Information Services, CIHI Sharon Tracy, Manager, Portal Services, CIHI Jean-Marie Berthelot, Vice President, Programs, CIHI David H. Flaherty, PhD, Chief Privacy Advisor, CIHI; David H. Flaherty Inc., Privacy and Information Policy Consultants, Victoria, British Columbia CIHI 2008 iii

6

7 Executive Summary The purpose of this privacy impact assessment (PIA) is to examine the privacy, confidentiality and security risks associated with CIHI Portal. CIHI Portal is an analytical web-based tool for health care data, designed by the Canadian Institute for Health Information (CIHI) to meet the needs of its clients, who are also its data providers. CIHI Portal provides health care service organizations such as hospitals, regional health authorities and ministries of health with online access to pan-canadian health care data in a secure environment that safeguards privacy and confidentiality. In order to be able to use CIHI Portal, CIHI Portal clients must sign a service agreement with CIHI. The service agreement is signed at a senior level in the organization to ensure that clients are aware both of their organizational responsibilities and the responsibilities of their users. The service agreement limits CIHI Portal clients rights to use and disclose confidential information, including personal health information and facility-identifiable information, obtained through CIHI Portal. As well, a mandatory education program (elearning and instructor-led training) exists for users, which reinforces the appropriate uses and disclosures of data from CIHI Portal. CIHI Portal does not contain the names, health card numbers, dates of birth or full postal codes of recipients of health care services. A review of the 10 privacy principles set out in the Canadian Standards Association s Model Code for the Protection of Personal Information as they apply to CIHI Portal was undertaken. While a number of potential privacy risks were identified, this assessment concludes that, except as identified below, the mitigation measures currently in place are such that CIHI and its clients are prepared to accept and manage any remaining risks. The PIA sets out the following four recommendations: Recommendation 1: The threat and risk assessment specific to CIHI Portal scheduled for be completed by the end of that fiscal year. Recommendation 2: A general review of the requirements of the service agreement relating to confidentiality, privacy and security be undertaken by CIHI s Privacy and Legal Services and completed by the end of It is further recommended that a revised agreement be phased in over time. In addition, a specific privacy risk was identified with respect to lack of control of user names and passwords by CIHI Portal clients users, including active passwords that are assigned to users no longer employed by the client and where, after reviewing the mitigation measures currently in place, the PIA has determined that the residual risk was such that additional measures are required. The following two recommendations address this issue: CIHI 2008 v

8 Recommendation 3: As part of the general review of the confidentiality, privacy and security provisions of the service agreement set out in recommendation 2 above, the service agreement should be amended, at minimum, to include a specific requirement for: a. clients to advise CIHI within a set number of working days of any changes in authorized users; b. clients users to exit from their account at the end of each session; and c. clients users to sign an acknowledgement of the conditions of use of CIHI Portal (Appendix D) to reinforce their understanding of their responsibilities and obligations, including control of passwords. Recommendation 4: As part of the education process for users, phase into the training materials a clear and easily understood explanation of the acknowledgement and its implications. vi CIHI 2008

9 1. Introduction The Canadian Institute for Health Information (CIHI) collects and analyses information on health and health care in Canada. Its goal is to provide timely, accurate and comparable information to inform health policies, support the effective delivery of health services and raise awareness among Canadians of the factors that contribute to good health. CIHI obtains data directly from hospitals, regional health authorities and ministries of health, including personal health information about recipients of health services, registration and practice information about health professionals and health facility information. CIHI Portal was developed by CIHI for Canadian health care service organizations specifically those that submit data to CIHI to assist them in monitoring, planning and making decisions on the delivery of health care services. 1.1 PIA Objectives and Scope The purpose of this privacy impact assessment is to examine the privacy, confidentiality and security risks associated with CIHI Portal. It includes a review of the 10 privacy principles set out in the Canadian Standards Association s Model Code for the Protection of Personal Information as they apply to CIHI Portal and a summary of potential privacy risks that have been identified, along with any measures that have been put in place to avoid or mitigate those risks. This privacy impact assessment is specific to CIHI Portal. It builds on a PIA carried out in 2005 that assessed and addressed key data protection issues as CIHI Portal was in a beta test environment. In addition, a formal privacy impact assessment was conducted for the clinical administrative databases; it is available on CIHI s website ( CIHI

10

11 2. CIHI Portal Background and Context 2.1 Background CIHI Portal was developed initially in 2003 as a pilot project involving three data providers. The purpose of the pilot project was to demonstrate the value and evaluate the feasibility of developing and implementing CIHI Portal as an analytical tool that provided access to pan-canadian data to assist health system stakeholders with high-level decision-making and performance management. At the end of the pilot project, the evaluation concluded that there was an external client demand for such a service and that the most significant issue for CIHI Portal was ensuring the protection of individual privacy while allowing appropriate analytical capacity. CIHI Portal moved to a beta test involving approximately 15 data providers in the fall of For the beta test, CIHI addressed potential privacy, confidentiality and security issues that arose from access to CIHI Portal by adopting practices in the area of privacy risk management, including controls on users, service agreements with its clients, data disclosure and disclosure avoidance rules and security practices. 2.2 Description of CIHI Portal CIHI Portal is an analytical web-based tool for health care data, designed by CIHI to meet the needs of its clients, who are also its data providers. CIHI Portal provides health care service organizations such as hospitals, regional health authorities and ministries of health with online access to pan-canadian health care data in a secure environment that safeguards privacy and confidentiality. CIHI Portal also supports communities of practice and includes meta data, a comprehensive education program and a mechanism to provide users with client support. CIHI Portal offers its clients the ability to share and view pre-built reports, to query the data based on their own requirements and to build customized reports for purposes of evaluation to support decision-making and to facilitate knowledge transfer. CIHI Portal supports regular performance measurement and the determination of best practices by allowing clients to compare their organizations with customized peer groups at local, regional, provincial and national levels. Clients can carry out research and planning on clinical administration, resourcing, service provision, cost efficiencies and population demographics. CIHI Portal serves as a focal point for collaboration and the establishment of communities of practice. Through CIHI Portal, clients are able to share reports, methodologies and findings with peers within and across organizations. Together, they can create internal and external networks of collaboration. This unique bundle of features allows users from various levels of health care management across the country to answer the questions that are specific to their needs. CIHI

12 2.3 Description of Data Accessible Through CIHI Portal CIHI Data The Discharge Abstract Database (DAD) is a pan-canadian database for information on all acute care hospital separations (discharges, deaths, sign-outs, transfers) in Canada, except Quebec, and is one of the clinical databases used by CIHI for research and statistical purposes. CIHI Portal contains a selected subset of data from DAD. The DAD data accessible through CIHI Portal are broadly categorized in the following manner: Variables related to recipients of health care services (that is, in-patients, same-day surgery out-patients); Variables related to providers of health care services (that is, physicians); and Variables related to the facilities delivering the health care services (that is, hospitals). For each of the above categories, the data are further categorized in the following manner (see Appendix C for examples of CIHI Portal data): Demographic and geographic information about recipients; Identification and geographic information about facilities; Entry/admission/status information about recipients; Patient service information about recipients; 4 CIHI 2008

13 Provider code and type of service information about providers; Clinical information about recipients; Special care units information about recipients Death/discharge/status information about recipients; Date and time periods information about recipients hospitalizations; Derived values (such as statistical calculations, filtering, methodologies) about recipients hospitalizations; and Value-added data based on CIHI methodology for grouping discharges (that is, Case Mix Group, major clinical category). With respect to information about recipients of health care services, it is important to note that names are not submitted to the Discharge Abstract Database and, therefore, are not found in CIHI Portal. As well, although health card numbers, dates of birth and full postal codes of recipients of health care services are found in the original DAD data submitted to CIHI, they are not included in CIHI Portal Other Data CIHI Portal also contains aggregated, non-confidential population statistics from the Statistics Canada census of population and geographic data. 2.4 Organization and Governance Organization CIHI Portal Services was established as a program area in the Acute and Ambulatory Care Information Services Branch (AACIS) in April Governance The following table identifies key internal positions and groups with responsibilities for CIHI Portal in terms of privacy and security risk management. Position/Group Vice President, Programs Director, Acute and Ambulatory Care Information Services Manager, Portal Services Portal Steering Committee Chief Technology Officer Role/Responsibilities The vice president, programs chairs the Portal Steering Committee and is responsible for the overall operations and strategic direction of CIHI Portal. The director is fully accountable for CIHI Portal. The director is responsible for strategic and operational decisions about CIHI Portal and ensuring its continued successful development. The manager is responsible for ongoing management, development and deployment of CIHI Portal. The manager makes operational decisions about CIHI Portal, supports the Portal Steering Committee and consults internally and with CIHI Portal clients as appropriate. Chaired by CIHI s vice president, programs, this committee s role is to make strategic recommendations and decisions about the direction of CIHI Portal. The chief technology officer is responsible for the strategic direction and overall operations/implementation of CIHI s technological and security solutions. CIHI

14 Position/Group IM Steering Committee Chief Privacy Officer and General Counsel Privacy, Confidentiality and Security Team Role/Responsibilities Chaired by CIHI s chief technology officer, the role of this committee is to make strategic recommendations and decisions related to technology. The chief privacy officer is responsible for the strategic direction and the overall implementation of CIHI s privacy program. Chaired by CIHI s chief privacy officer, this team supports CIHI Portal by reviewing privacy-sensitive issues and the service agreement. Chief Privacy Advisor The chief privacy advisor is an external resource available to CIHI. Individuals who do not believe their challenges about CIHI s handling of personal health information have been satisfactorily resolved may be appeal to the chief privacy advisor, who will report his findings to CIHI s president and chief executive officer. Manager, Analytical Systems Senior Program Consultant, Security The manager is responsible for ensuring that technical requirements for the ongoing development and maintenance of CIHI Portal are met. The Analytical Systems team is responsible for acting as system administrator for CIHI Portal. The senior program consultant is responsible for providing guidance on maintaining and enhancing security for CIHI Portal, and assisting with documentation such as security impact assessments and threat and risk assessments. 2.5 Authorities Governing CIHI Portal General CIHI conducts its business activities in accordance with the following: applicable statutory authorities CIHI is a prescribed entity under the Personal Health Information Protection Act (PHIPA) in Ontario CIHI is an information manager for the department of Health and Wellness and several regional health authorities in Alberta under the Alberta Health Information Act; CIHI s Principles and Policies for the Protection of Personal Health Information (updated November 2007, 3rd Edition), which is based on the 10 privacy principles described in the Canadian Standards Association s Model Code for the Protection of Personal Information; and data-sharing agreements negotiated between data providers and CIHI, which set out the purpose, use, disclosure and retention requirements as well as any subsequent data sharing that may be permitted. 6 CIHI 2008

15 2.5.2 CIHI Portal Service Agreement In order to be able to use CIHI Portal, CIHI Portal clients, which could be a hospital, regional health authority or ministry of health, must sign a service agreement with CIHI. The service agreement is signed at a senior level in the organization to ensure that clients are aware both of their organizational responsibilities and the responsibilities of their users. The service agreement limits CIHI Portal clients rights to use and disclose confidential information, including personal health information and facility-identifiable information, obtained through CIHI Portal. Specifically, clients and their users are permitted to use such data solely for internal, non-commercial, local/regional evidence-based decision-making, planning and analytical purposes. Confidential information cannot be disclosed to any third party, except as expressly permitted in the service agreement or as required by law. Specifically, publication or disclosure outside of the client organization is permitted only where all reasonable attempts to prevent the identification of individuals are employed and there are no cell sizes with fewer than five observations. Organization-identifiable information cannot be released unless the written consent of each organization identified in the information has been obtained prior to release. Clients assume responsibility for ensuring that users of CIHI Portal in their organizations are aware of the terms and conditions of the service agreement. Within each client organization, individual users must be made aware of their strict obligation to: keep their user names and passwords strictly confidential; keep de-identified record-level data obtained through CIHI Portal, including any reports, strictly confidential and not disclose such data to persons or organizations outside the client s organization, except as expressly provided for in the service agreement or as required by law; use de-identified record-level data from CIHI Portal solely for non-commercial, internal purposes related to the client s planning, research/analysis or decision-support activities, unless explicitly permitted by an agreement between CIHI and the client; not attempt to identify individuals when accessing and using de-identified record-level data accessible through CIHI Portal, and/or attempt to link these data with personal health information originating from any other source; and access CIHI Portal from the client s corporate network only. Clients agree to immediately notify CIHI of any unauthorized use of any users means of access or any other breach of confidentiality or security of which they become aware. In addition, the service agreement sets out the following specific requirements and responsibilities with respect to user names and passwords: Each user must create a user profile (name, title and address), user name and password on CIHI s website as instructed by CIHI. Clients and their users are responsible for maintaining the confidentiality of the means of access. Clients are fully responsible for all activities that occur under their means of access. CIHI

16 User names and passwords may not be shared and are non-transferable, nor can they be assigned to an un-named individual or occupational position (such as director of health records). Clients and their users must not permit any third party or unauthorized user to access CIHI Portal. Each user will be issued a user name and password that provides him or her with access to those areas of CIHI Portal that he or she is permitted to access. CIHI has put in place a mandatory training program that addresses each of these items. As a reminder for the users, a link to the conditions of the service agreement is provided on CIHI Portal home page. 8 CIHI 2008

17 3. CIHI Portal Overview Diagram Users access CIHI Portal through a secure web interface. Depending on their role, users are able to create ad hoc custom queries and/or access reports created by CIHI and other CIHI Portal users, both within and outside of their organizations. The outputs from these queries may be shared within CIHI Portal or exported to other file formats (such as MS Excel). The underlying record-level data are not exportable. SECURE CIHI PORTAL ENVIRONMENT De-identified record level subset of DAD Secure web interface Queries Aggregate-level reports CIHI Portal clients/users Hospitals Ministries of health Regional health authorities CIHI

18

19 4. Privacy Analysis 4.1 Principle 1: Accountability for Personal Health Information CIHI s president and chief executive officer is accountable for ensuring compliance with CIHI s Principles and Policies for the Protection of Personal Health Information (updated November 2007, 3rd Edition). CIHI has a chief privacy officer, a corporate Privacy, Confidentiality and Security team to manage privacy matters at CIHI, a privacy sub-committee of its board of directors and an external chief privacy advisor. CIHI Portal clients are accountable for the application of the service agreement within their respective organizations. They are also subject to the requirements of data protection laws in their respective jurisdictions and the independent oversight of privacy commissioners or their equivalents. 4.2 Principle 2: Identifying Purposes for Personal Health Information CIHI Portal is a service provided by CIHI to meet the needs of its clients for online access to pan-canadian health care data. The service agreement limits CIHI Portal clients rights to use and disclose confidential information, including personal health information and facilityidentifiable information, obtained through CIHI Portal. Specifically, clients and their users are permitted to use such data solely for internal, non-commercial, local/regional evidencebased decision-making, planning and analytical purposes. 4.3 Principle 3: Consent for the Collection, Use or Disclosure of Personal Health Information The de-identified, record-level data found in CIHI Portal are collected in their original form through the administration of the health care system in the various jurisdictions and provided to CIHI as a secondary user. Data providers are responsible for meeting the statutory consent requirements in their respective jurisdictions at the time the data are collected initially. 4.4 Principle 4: Limiting Collection of Personal Health Information CIHI Portal is not collecting or using any new personal health information for the purposes of CIHI Portal. It is a secure means of access to selected data already held at CIHI in the Discharge Abstract Database. 4.5 Principle 5: Limiting Use, Disclosure and Retention of Personal Health Information Limiting Use CIHI limits the use of CIHI Portal to authorized purposes, and only authorized users have access. The CIHI Portal service agreement allows clients to use de-identified record-level data only for their own non-commercial, internal analysis, planning, research and decisionmaking purposes. CIHI

20 Privacy Risk Inappropriate use and/or disclosure of confidential information by CIHI Portal clients users Mitigation Measures Currently in Place As described in Section 2.5.2, CIHI Portal clients are required to sign a service agreement, which imposes confidentiality and security restrictions and obligations. Failure to respect the terms and conditions of the service agreement would jeopardize their continued access to CIHI Portal. CIHI can, and intends to, audit compliance through technological means (electronic audit trails). CIHI Portal clients are also subject to the requirements of data protection laws in their respective jurisdictions Limiting Disclosure As part of its mandate, CIHI publishes aggregated personal health information only in a manner designed to minimize any risk of residual disclosure. This generally requires a minimum of five observations per cell. CIHI recognizes, however, that internal reports produced for clients through CIHI Portal are not reviewed for confidentiality as are the data CIHI publishes and releases into the public domain. Query results obtained through CIHI Portal, therefore, may contain small cell sizes (defined as five or fewer occurrences) that are not suppressed in the reports produced by users. The reason for this practice is that, in general, information obtained through CIHI Portal will not be published by clients but will be used to inform internal decision-making in a specific health care environment. CIHI Portal includes record-level, potentially identifiable data in order to provide essential functionality for its clients. Privacy Risk Residual disclosure (such as the combination of data on age of patient, plus geographic unit, plus facility in rural areas that could re-identify individuals) Mitigation Measures Currently in Place The disclosure of reports produced by authorized users is limited to CIHI Portal clients who have signed a service agreement (see Section 2.5.2), which imposes a variety of confidentiality and security restrictions and obligations on them. The terms of the service agreement provide for: a prohibition against attempts to identify individuals; a prohibition against data linkage using information gained by way of CIHI Portal; safeguards prohibiting further publication by CIHI Portal clients, including a requirement to suppress cell sizes with fewer than five observations; and consequences for institutions in the case of demonstrated breaches, such as denial of further access to CIHI Portal. 12 CIHI 2008

21 Further, within client organizations, users are broken down into three roles: report reader, information consumer and analyst. Access to specific features and data fields in CIHI Portal is controlled on a user-by-user basis, through security and permissions features based on the principle of need-to-know and determined by the role of the user. For example, report readers are permitted only to view reports they cannot create or manipulate reports. Information consumers can manipulate existing reports. Analysts have maximum access and do hands-on work with the data available through CIHI Portal (for example, creating reports). In addition, specific protective measures implemented in CIHI Portal to control disclosures include: Only a selected subset of variables from the DAD is included in CIHI Portal (approximately 100 data elements). De-identification measures are applied to the data; for example, dates of birth, health card numbers and full postal codes of patients are not included in CIHI Portal. CIHI Portal does not allow direct access to individual records. Analysts who have maximum access to the data available through CIHI Portal may submit queries to create reports but cannot see or request the extraction of individual records. There are special protections to mask sensitive abortion data (any procedure that terminates a pregnancy for any reason, including therapeutic abortions). The organizational contact identified in the service agreement is responsible for naming authorized users in each user role and for communicating changes in user access to CIHI. Mandatory education (elearning and instructor-led training) for users reinforces the appropriate use and disclosure of data from CIHI Portal. Technical safeguards (for example, user/id and password, encryption, auditing, system monitoring) regulate the query environment and limit disclosure by minimizing risks of unauthorized access, including only providing access to named users (for further information, see Principle 7 Safeguards) Limiting Retention Data accessible through CIHI Portal form part of CIHI s information holdings and are retained permanently for long-term analyses and reporting purposes. Currently, data are included back to Principle 6: Accuracy of Personal Health Information CIHI has a comprehensive data quality program. Any known data quality issues are addressed by the data provider or documented in data limitations documentation, which is made available to all users. Analytical Systems and Portal Services verify that the data available within CIHI Portal match the data in the Discharge Abstract Database in terms of accuracy (that is, volumes, completeness). Furthermore, policies 9.5 and 9.6 of CIHI s Principles and Policies for the Protection of Personal Health Information (updated November 2007, 3rd Edition) state that when an individual requests an amendment to or correction of his or her personal health information, CIHI refers the individual to the data provider. When a data provider notifies CIHI that the individual has successfully demonstrated the inaccuracy or incompleteness of personal health information, CIHI amends the information as required. See Section 4.9 (below) for information on an individual s right of access to personal health information. CIHI

22 4.7 Principle 7: Safeguards for Personal Health Information CIHI has established physical, technical and administrative security practices to ensure the confidentiality and security of its data holdings. In addition to the general safeguards already in place, CIHI Portal implemented the following technical and administrative safeguards: CIHI Portal security architectures/security filters include security features such as privileges (used to control what features the user can access) and permissions (used to control the level of access a user has, such as what data and reports the user can see) by role. Security filters manage the different functionality of each user role for example, analysts can create reports, information consumers can view and modify reports and report readers can only view reports. Users cannot change or remove a security filter it is enforced automatically when users execute queries. Users of CIHI Portal cannot turn off security features. Only the internal CIHI Portal administrator has the ability to modify security filters, privileges and permissions. Encryption software incorporated in CIHI Portal uses a networking protocol called Secure Sockets Layer (SSL). SSL is cryptographic protocols that provide secure communications on the internet for such things as web browsing, , internet faxing, instant messaging and other data transfers. User names and passwords permit authentication and ensure that only authorized users can access CIHI Portal. Privacy Risk Unauthorized access to CIHI Portal Mitigation Measures Currently in Place Monitoring and auditing through the use of system audit trails and logs for CIHI Portal, which include: what was queried, when and by whom; all system accesses logged by user ID, time and date; all queries run logged by the nature of the query, user ID, time and date; sessions disconnected after a preset time; and intrusion detection system to proactively block undesirable access. In addition: The system will lock out users after a pre-determined number of failed login attempts (because of the complexity of the passwords). Users may be required to attain re-authorization via mandatory training and evaluation if they have not used CIHI Portal within a 12-month period from the date of last access. Ethical hacks: CIHI conducts an annual vulnerability assessment and penetration testing of select information systems (ethical hack). The intent of the assessment is to gather information on the selected systems and applications and then examine this information for weaknesses that could ultimately be used to compromise the underlying system, and hence personal health information. 14 CIHI 2008

23 The latest ethical hack conducted in 2007 found that, in general, external facing systems (via the internet) were well protected. While the results of the 2007 ethical hack are generally positive, they were not specific to CIHI Portal. Threat and risk assessment: The manager of Portal Services, in consultation with the senior program consultant, security, engages appropriate risk management activities, such as commissioning threat and risk assessments and security impact assessments and escalating any issues of concern to the chief privacy officer, the chief technology officer and/or the appropriate management team(s). A threat and risk assessment specific to CIHI Portal is scheduled for Recommendation 1: The threat and risk assessment specific to CIHI Portal scheduled for be completed by the end of that fiscal year. CIHI Portal service agreement As described in Section 2.5.2, CIHI Portal clients are required to sign a service agreement which imposes confidentiality and security restrictions and obligations. Clients and their users must use at least the same degree of care and oversight to maintain confidentiality as they would use to protect their own information, but in no event less than a reasonable degree of care. Further, the terms of the service agreement set out the consequences for clients in the case of demonstrated breaches, such as denial of further access to CIHI Portal. Recommendation 2: The service agreements for CIHI Portal have evolved in order to take into account the various needs of CIHI clients and, while some versions are more stringent than others, some privacy or security requirements may have been lost over time. A general review of the requirements of the service agreement relating to confidentiality, privacy and security, therefore, is recommended to be undertaken by CIHI s Privacy and Legal Services Secretariat and completed by the end of It is further recommended that a revised agreement be phased in over time. Privacy Risk Lack of control of user names and passwords by CIHI Portal clients users, including active passwords that were assigned to users who are no longer employed by the client Mitigation Measures Currently in Place In order to be able to use CIHI Portal, each CIHI Portal client must sign a service agreement with CIHI that sets out specific requirements and responsibilities with respect to user names and passwords. In addition to the requirement to keep their user names and passwords strictly confidential, clients agree to immediately notify CIHI of any unauthorized use of any users means of access or any other breach of confidentiality or security of which they become aware (see Section CIHI Portal Service Agreement). The service agreement requires that the client designate an organizational contact who is responsible for notifying CIHI of who within the client s organization will be named as users and for providing and maintaining accurate, complete, true information about each user. CIHI

24 The Portal Services team provides organizational contacts with quarterly reports outlining names of users as well as usage, and asks for discrepancies to be reported. Recommendation 3: As part of the general review of the confidentiality, privacy and security provisions of the service agreement set out in recommendation 2 above, the service agreement should be amended to include a specific requirement for: a. clients to advise CIHI within a set number of working days of any changes in authorized users; b. clients users to exit from their accounts at the end of each session; and c. clients users to sign an acknowledgement of the conditions of use of CIHI Portal (Appendix D) to reinforce their understanding of their responsibilities and obligations, including control of passwords. Recommendation 4: As part of the education process for users, phase into the training materials a clear and easily understood explanation of the acknowledgement and its implications. 4.8 Principle 8: Openness About the Management of Personal Health Information CIHI makes information available about its privacy policies, data practices and programs relating to the management of personal health information on its corporate website. As well, this PIA is accessible on CIHI s website ( 4.9 Principle 9: Individual Access to, and Amendment of, Personal Health Information CIHI recognizes that individuals have a right of access to their personal health information. However, because the data in CIHI Portal do not contain any direct identifiers (such as name, address, health card number), CIHI cannot accurately authenticate a requester as the person to whom the personal health information relates. It will continue, therefore, its standard practice of referring the requester to the original data provider Principle 10: Complaints About CIHI s Handling of Personal Health Information As set out in CIHI s Principles and Policies for the Protection of Personal Health Information (updated November 2007, 3rd Edition), complaints about CIHI s handling of personal health information are investigated by the chief privacy officer. If an individual does not believe that his or her challenge has been satisfactorily resolved, he or she may appeal to CIHI s chief privacy advisor, who will report his findings to CIHI s president and chief executive officer. If a complaint is found to be justified, CIHI takes appropriate corrective measures. 16 CIHI 2008

25 5. Conclusion This PIA summarizes CIHI s assessment of the privacy implications of CIHI Portal. While a number of potential privacy risks were identified, this assessment concludes that, except as identified under Principle 7 Safeguards for Personal Health Information (Section 4.7) above, the mitigation measures currently in place are such that CIHI and its clients are prepared to accept and manage any remaining risks. A summary of the privacy risks identified, the mitigation measures currently in place and any related recommendations is found in Appendix A. CIHI undertakes to review this PIA to coincide with major enhancements of CIHI Portal or as deemed necessary by the Portal Steering Committee or by the chief privacy officer. CIHI

26

27 Appendix A Summary of Identified Privacy Risks, Mitigation Measures Currently in Place and Recommendations Privacy Risk Inappropriate use and/or disclosure of confidential information by CIHI Portal clients users Residual disclosure (for example, the combination of data on age of patient, plus geographic unit, plus facility in rural areas that could re-identify individuals) Mitigation Measures Currently in Place and Recommendations As described in Section 2.5.2, CIHI Portal clients are required to sign a service agreement, which imposes confidentiality and security restrictions and obligations. Failure to respect the terms and conditions of the service agreement would jeopardize their continued access to CIHI Portal. CIHI can, and intends to, audit compliance through technological means (electronic audit trails). CIHI Portal clients are also subject to the requirements of data protection laws in their respective jurisdictions. The disclosure of reports produced by authorized users is limited to CIHI Portal clients who have signed a service agreement (see Section 2.5.2), which imposes a variety of confidentiality and security restrictions and obligations on them. The terms of the service agreement provide for: a prohibition against attempts to identify individuals; a prohibition against data linkage using information gained by way of CIHI Portal; safeguards prohibiting further publication by CIHI Portal clients, including a requirement to suppress cell sizes with fewer than five observations; and consequences for institutions in the case of demonstrated breaches, such as denial of further access to CIHI Portal. Further, within client organizations, users are broken down into three roles: report reader, information consumer and analyst. Access to specific features and data fields in CIHI Portal is controlled on a userby-user basis, through security and permissions features based on the principle of need-to-know and determined by the role of the user. For example, report readers are permitted only to view reports they cannot create or manipulate reports. Information consumers can manipulate existing reports. Analysts have maximum access and do hands-on work with the data available through CIHI Portal (for example, creating reports). In addition, specific protective measures implemented in CIHI Portal to control disclosures include: Only a selected subset of variables from the DAD was included in CIHI Portal (approximately 100 data elements). De-identification measures are applied to the data; for example, not including dates of birth, health card numbers and full postal codes of patients in CIHI Portal. CIHI Portal does not allow direct access to individual records. Analysts who have maximum access to the data available through CIHI Portal may submit queries to create reports but cannot see or request the extraction of individual records. CIHI

28 Privacy Risk Unauthorized access to CIHI Portal Mitigation Measures Currently in Place and Recommendations There are special protections to mask sensitive abortion data (any procedure that terminates a pregnancy for any reason, including therapeutic abortions). The organizational contact identified in the service agreement is responsible for naming authorized users in each user role and for communicating changes in user access to CIHI. Mandatory education (elearning and instructor-led training) for users reinforces the appropriate use and disclosure of data from CIHI Portal. Technical safeguards (such as user ID and password, encryption, auditing, system monitoring) regulate the query environment and limit disclosure by minimizing risks of unauthorized access, including only providing access to named users (for further information, see Principle 7 Safeguards). Monitoring and auditing through the use of system audit trails and logs for CIHI Portal, which include: what was queried, when and by whom; all system accesses logged by user ID, time and date; all queries run logged by the nature of the query, user ID, time and date; sessions disconnected after a preset time; intrusion detection system to proactively block undesirable access. In addition: The system will lock out users after a pre-determined number of failed login attempts (because of the complexity of the passwords). Users may be required to attain re-authorization via mandatory training and evaluation if they have not used CIHI Portal within a 12-month period from the date of last access. Ethical hacks: CIHI conducts an annual vulnerability assessment and penetration testing of select information systems (ethical hack). The intent of the assessment is to gather information on the selected systems and applications and then examine this information for weaknesses that could ultimately be used to compromise the underlying system, and hence personal health information. The latest ethical hack conducted in 2007 found that, in general, external facing systems (via the internet) were well protected. While the results of the 2007 ethical hack are generally positive, they were not specific to CIHI Portal. Threat and risk assessment: the manager of Portal Services, in consultation with the senior program consultant, security, engages appropriate risk management activities, such as commissioning threat and risk assessments and security impact assessments and escalating any issues of concern to the chief privacy officer, the chief technology officer and/or the appropriate management team(s). A threat and risk assessment specific to CIHI Portal is scheduled for Recommendation 1: The threat and risk assessment specific to CIHI Portal scheduled for be completed by the end 20 CIHI 2008

29 Privacy Risk Lack of control of user names and passwords by CIHI Portal clients users, including active passwords that were assigned to users who are no longer employed by the client Mitigation Measures Currently in Place and Recommendations of that fiscal year. CIHI Portal Service Agreement As described in Section 2.5.2, CIHI Portal clients are required to sign a service agreement, which imposes confidentiality and security restrictions and obligations. Clients and their users must use at least the same degree of care and oversight to maintain confidentiality as they would use to protect their own information, but in no event less than a reasonable degree of care. Further, the terms of the service agreement set out the consequences for clients in the case of demonstrated breaches, such as denial of further access to CIHI Portal. Recommendation 2: The service agreements for CIHI Portal have evolved in order to take into account the various needs of CIHI clients and, while some versions are more stringent than others, some privacy or security requirements may have been lost over time. A general review of the requirements of the service agreement relating to confidentiality, privacy and security, therefore, is recommended to be undertaken by CIHI s Privacy and Legal Services Secretariat and completed by the end of It is further recommended that a revised agreement be phased in over time. In order to be able to use CIHI Portal, each CIHI Portal client must sign a service agreement with CIHI that sets out specific requirements and responsibilities with respect to user names and passwords. In addition to the requirement to keep their user names and passwords strictly confidential, clients agree to immediately notify CIHI of any unauthorized use of any users means of access or any other breach of confidentiality or security they become aware of (see Section CIHI Portal Service Agreement). The service agreement requires that the client designate an organizational contact who is responsible for notifying CIHI of who within the client s organization will be named as users and for providing and maintaining accurate, complete, true information about each user. The Portal Services team provides organizational contacts with quarterly reports outlining names of users as well as usage, and asks for discrepancies to be reported. Recommendation 3: As part of the general review of the confidentiality, privacy and security provisions of the service agreement set out in recommendation 1 above, the service agreement should be amended to include a specific requirement for: a. clients to advise CIHI within a set number of working days of any changes in authorized users; b. clients users to exit from their accounts at the end of each session; and c. clients users to sign an acknowledgement of the conditions of use of CIHI Portal (Appendix D) to reinforce their understanding of their responsibilities and obligations, including control of passwords. Recommendation 4: As part of the education process for users, phase into the training materials a clear and easily understood CIHI

30 Privacy Risk Mitigation Measures Currently in Place and Recommendations explanation of the acknowledgement and its implications. 22 CIHI 2008

31 Appendix B Glossary of Terms Term Case Mix Group (CMG) CIHI Portal CIHI Portal Clients CIHI Portal Clients Users CIHI Portal Service Agreement Confidential Information Data Provider De-Identified Information Discharge Abstract Database (DAD) Ethical Hack Health Information Major Clinical Category (MCC) Meta Data Mitigation Measures Organization- Identifiable Information Definition CIHI s Case Mix Groups categorize patients into statistically and clinically homogeneous groups based on the collection of clinical and administrative data. An analytical tool for health care data that provides hospitals, regional health authorities and ministries of health with online access to pan-canadian health care data in a secure environment that safeguards privacy and confidentiality. Individual hospitals, regional health authorities and ministries of health which have entered into a CIHI Portal service agreement with CIHI. Those employees and contractors of the CIHI Portal client that have successfully completed the CIHI Portal training curriculum and require access to CIHI Portal. An agreement between the client and CIHI with respect to the client s access to and use of CIHI Portal. For purposes of the CIHI Portal service agreement, confidential information includes personal health information and facility-identifiable information. An organization or individual that discloses health information to CIHI. For purposes of CIHI Portal, record-level data that do not include name, date of birth, health card number or full postal code. A national-level database containing information on all acute care hospital separations (discharges, deaths, sign-outs, transfers) in Canada, except Quebec. An assessment of the vulnerability and penetration testing of information systems. A broad term encompassing information of all types about health and health care, including personal health information, health facility information and health expenditure information. Major clinical category is a high-level grouping of clinically similar cases based on body system or other specific type of clinical problem. Summary information that assists data users in the interpretation and use of data. Means of reducing the possibility of privacy risks. Refers to information which includes the identity (that is, name or number) of any health organization, health facility, local health integration network, government ministry, continuing care facility, acute care hospital, specialty hospital, long-term care home, ambulatory agency such as an outpatient clinic, rehabilitation centre, community health centre, home care agency, mental health facility, regional health authority or local health authority. CIHI

National System for Incident Reporting

National System for Incident Reporting National System for Incident Reporting Privacy Impact Assessment The contents of this publication may be reproduced in whole or in part, provided the intended use is for non-commercial purposes and full

More information

Your Health System: Insight Privacy Impact Assessment (October 2015)

Your Health System: Insight Privacy Impact Assessment (October 2015) Your Health System: Insight Privacy Impact Assessment (October 2015) Table of contents 10 quick facts about Your Health System: Insight... 6 Definitions... 7 1 Introduction... 8 2 Background... 8 3 Description

More information

Privacy Policy on the Collection, Use, Disclosure and Retention of Personal Health Information and De-Identified Data, 2010

Privacy Policy on the Collection, Use, Disclosure and Retention of Personal Health Information and De-Identified Data, 2010 pic pic Privacy Policy on the Collection, Use, Disclosure and Retention of Personal Health Information and De-Identified Data, 2010 Updated March 2013 Our Vision Better data. Better decisions. Healthier

More information

Hospital Mental Health Database Privacy Impact Assessment

Hospital Mental Health Database Privacy Impact Assessment Hospital Mental Health Database Privacy Impact Assessment Standards and Data Submission Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information

More information

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information: Information and Privacy Commissioner of Ontario Report of the Information & Privacy Commissioner/Ontario Review of the Canadian Institute for Health Information: A Prescribed Entity under the Personal

More information

Privacy and Security Framework, February 2010

Privacy and Security Framework, February 2010 Privacy and Security Framework, February 2010 Updated April 2014 Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance of comprehensive and

More information

CIHI Submission: 2011 Prescribed Entity Review

CIHI Submission: 2011 Prescribed Entity Review pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health

More information

pic Home Care Reporting System Privacy Impact Assessment

pic Home Care Reporting System Privacy Impact Assessment pic Home Care Reporting System Privacy Impact Assessment Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health system

More information

Our Vision Better data. Better decisions. Healthier Canadians.

Our Vision Better data. Better decisions. Healthier Canadians. Patient-Level Physician Billing Repository Privacy Impact Assessment, January 2015 Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance of

More information

Our Vision Better data. Better decisions. Healthier Canadians.

Our Vision Better data. Better decisions. Healthier Canadians. Canadian Multiple Sclerosis Monitoring System Privacy Impact Assessment, September 2013 Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance

More information

Our Vision Better data. Better decisions. Healthier Canadians.

Our Vision Better data. Better decisions. Healthier Canadians. Population Risk Adjustment Grouping Project Privacy Impact Assessment, January 2015 Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance of

More information

Nursing Database Privacy Impact Assessment

Nursing Database Privacy Impact Assessment pic pic Nursing Database Privacy Impact Assessment Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance of comprehensive and integrated health

More information

A Year in Review: CIHI s 2013 2014 Annual Privacy Report

A Year in Review: CIHI s 2013 2014 Annual Privacy Report A Year in Review: CIHI s 2013 2014 Annual Privacy Report Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance of comprehensive and integrated

More information

Our Vision Better data. Better decisions. Healthier Canadians.

Our Vision Better data. Better decisions. Healthier Canadians. Clinical Administrative Databases Privacy Impact Assessment, November 2012 Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance of comprehensive

More information

National Rehabilitation Reporting System

National Rehabilitation Reporting System National Rehabilitation Reporting System Privacy Impact Assessment The contents of this publication may be reproduced in whole or in part, provided the intended use is for non-commercial purposes and full

More information

United States Trustee Program

United States Trustee Program United States Trustee Program Privacy Impact Assessment for the Credit Counseling/Debtor Education System (CC/DE System) Issued by: Larry Wahlquist, Privacy Point of Contact Reviewed by: Approved by: Vance

More information

PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation )

PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation ) PRIVACY POLICY (Initially adopted by the Board of Directors on November 16, 2007) PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation ) The Corporation is committed to controlling the collection,

More information

SCHEDULE "C" ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL

SCHEDULE C ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING AMONG ALBERTA HEALTH SERVICES, PARTICIPATING OTHER CUSTODIAN(S) AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION

More information

Taking care of what s important to you

Taking care of what s important to you A v i v a C a n a d a I n c. P r i v a c y P o l i c y Taking care of what s important to you Table of Contents Introduction Privacy in Canada Definition of Personal Information Privacy Policy: the ten

More information

INSTITUTE FOR SAFE MEDICATION PRACTICES CANADA

INSTITUTE FOR SAFE MEDICATION PRACTICES CANADA INSTITUTE FOR SAFE MEDICATION PRACTICES CANADA PRIVACY IMPACT ASSESSMENT (PIA) ON ANALYZE-ERR AND CURRENT DATA HANDLING OPERATIONS VERSION 3.0-2 JULY 11, 2005 PREPARED IN CONJUNCTION WITH: ISMP Canada

More information

Privacy and Security Incident Management Protocol

Privacy and Security Incident Management Protocol Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance of comprehensive and integrated health information that enables sound policy and effective

More information

Title Draft Pan-Canadian Primary Health Care Electronic Medical Record Content Standard, Version 2.0 Data Extract Specifi cation Business View

Title Draft Pan-Canadian Primary Health Care Electronic Medical Record Content Standard, Version 2.0 Data Extract Specifi cation Business View pic Title Draft Pan-Canadian Primary Health Care Electronic Medical Record Content Standard, Version 2.0 Data Extract Specifi cation Business View Primary Health Care Who We Are Established in 1994, CIHI

More information

Primary Health Care Voluntary Reporting System Privacy Impact Assessment, January 2013

Primary Health Care Voluntary Reporting System Privacy Impact Assessment, January 2013 Primary Health Care Voluntary Reporting System Privacy Impact Assessment, January 2013 Factors Infl uencing Health Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the

More information

Memorandum of Understanding ( MOU ) Respecting the Oversight of Certain Clearing and Settlement Systems. among:

Memorandum of Understanding ( MOU ) Respecting the Oversight of Certain Clearing and Settlement Systems. among: March 19, 2014 Memorandum of Understanding ( MOU ) Respecting the Oversight of Certain Clearing and Settlement Systems The Parties hereby agree as follows: among: Bank of Canada (the Bank ) Ontario Securities

More information

Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates. Reference Manual

Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates. Reference Manual Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates Guidelines on Requirements and Good Practices For Protecting Personal Health Information Disclaimer

More information

M E M O R A N D U M. Revised Information Technology Security Procedures INFORMATION TECHNOLOGY SECURITY PROCEDURES. I. General

M E M O R A N D U M. Revised Information Technology Security Procedures INFORMATION TECHNOLOGY SECURITY PROCEDURES. I. General M E M O R A N D U M To: From: IT Steering Committee Brian Cohen Date: March 26, 2009 Subject: Revised Information Technology Security Procedures The following is a revised version of the Information Technology

More information

Personal Health Information Privacy Policy

Personal Health Information Privacy Policy Personal Health Information Privacy Policy Privacy Office Document ID: 2478 Version: 6.2 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2014, ehealth Ontario All rights

More information

Taking care of what s important to you

Taking care of what s important to you National Home Warranty Group Inc. Privacy Policy Taking care of what s important to you Table of Contents Introduction Privacy in Canada Definition of Personal Information Privacy Policy: the ten principles

More information

SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION)

SCHEDULE C to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL (AHS AND

More information

Information Governance Management Framework

Information Governance Management Framework Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date

More information

PRIVACY POLICY. I. Introduction. II. Information We Collect

PRIVACY POLICY. I. Introduction. II. Information We Collect PRIVACY POLICY school2life, Inc. ( school2life ) Privacy Policy is designed to provide clarity about the information we collect and how we use it to provide a better social gaming experience. By accepting

More information

Best Practice Guidelines for Managing the Disclosure of De-Identified Health Information

Best Practice Guidelines for Managing the Disclosure of De-Identified Health Information Best Practice Guidelines for Managing the Disclosure of De-Identified Health Information Prepared by the: Health System Use Technical Advisory Committee Data De-Identification Working Group October 2010

More information

PRIVACY POLICY. Privacy Statement

PRIVACY POLICY. Privacy Statement PRIVACY POLICY Privacy Statement Blue Care is one of Australia's leading providers of retirement living, community health, help at home services and aged care homes, caring for more than 12,500 people

More information

Privacy Impact Assessment Guidelines for the Ontario Personal Health Information Protection Act. Ann Cavoukian, Ph.D. Commissioner October 2005

Privacy Impact Assessment Guidelines for the Ontario Personal Health Information Protection Act. Ann Cavoukian, Ph.D. Commissioner October 2005 Privacy Impact Assessment Guidelines for the Ontario Personal Health Information Protection Act Ann Cavoukian, Ph.D. Commissioner October 2005 Information and Privacy Commissioner/Ontario Privacy Impact

More information

Management Standards for Information Security Measures for the Central Government Computer Systems

Management Standards for Information Security Measures for the Central Government Computer Systems Management Standards for Information Security Measures for the Central Government Computer Systems April 26, 2012 Established by the Information Security Policy Council Table of Contents Chapter 1.1 General...

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

Privacy Impact Assessment

Privacy Impact Assessment DECEMBER 20, 2013 Privacy Impact Assessment MARKET ANALYSIS OF ADMINISTRATIVE DATA UNDER RESEARCH AUTHORITIES Contact Point: Claire Stapleton Chief Privacy Officer 1700 G Street, NW Washington, DC 20552

More information

PRIVACY POLICY. comply with the Australian Privacy Principles ("APPs"); ensure that we manage your personal information openly and transparently;

PRIVACY POLICY. comply with the Australian Privacy Principles (APPs); ensure that we manage your personal information openly and transparently; PRIVACY POLICY Our Privacy Commitment Glo Light Pty Ltd A.C.N. 099 730 177 trading as "Lighting Partners Australia of 16 Palmer Parade, Cremorne, Victoria 3121, ( LPA ) is committed to managing your personal

More information

2016 OCR AUDIT E-BOOK

2016 OCR AUDIT E-BOOK !! 2016 OCR AUDIT E-BOOK About BlueOrange Compliance: We specialize in healthcare information privacy and security solutions. We understand that each organization is busy running its business and that

More information

A Physician s Guide to the Information Sharing Framework

A Physician s Guide to the Information Sharing Framework A Physician s Guide to the Information Sharing Framework 1 Table of Contents Background 4 Information Sharing Framework 5 The Shared EMRs 9 Professional Obligations 10 Participation in the Information

More information

Federal Trade Commission Privacy Impact Assessment

Federal Trade Commission Privacy Impact Assessment Federal Trade Commission Privacy Impact Assessment for the: W120023 ONLINE FAX SERVICE December 2012 1 System Overview The Federal Trade Commission (FTC, Commission or the agency) is an independent federal

More information

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices

More information

ChangeIt Privacy Policy - Canada

ChangeIt Privacy Policy - Canada ChangeIt Privacy Policy - Canada 1. Policy on Privacy of Personal Information Formulating Change Inc. ( FCI, we, us or our ) is committed to protecting the privacy and security of your Personal Information

More information

GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS

GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS December 2005 2 GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS I. OBJECTIVE... 1 II. SCOPE... 1 III. APPLICATION OF LOCAL LAWS...

More information

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL ...The auditor general shall conduct post audits of financial transactions and accounts of the state and of

More information

Department of the Interior Privacy Impact Assessment

Department of the Interior Privacy Impact Assessment Department of the Interior August 15, 2014 Name of Project: email Enterprise Records and Document Management System (eerdms) Bureau: Office of the Secretary Project s Unique ID: Not Applicable A. CONTACT

More information

The Journey to Create Document Standards and Guidelines for Occupational Therapists. Christine Fleming Legislation and Bylaws Committee

The Journey to Create Document Standards and Guidelines for Occupational Therapists. Christine Fleming Legislation and Bylaws Committee The Journey to Create Document Standards and Guidelines for Occupational Therapists Christine Fleming Legislation and Bylaws Committee Objectives To describe the process and tools used to create the document

More information

Personal Information Protection and Electronic Documents Act

Personal Information Protection and Electronic Documents Act PIPEDA Self-Assessment Tool Personal Information Protection and Electronic Documents Act table of contents Why this tool is needed... 3 How to use this tool... 4 PART 1: Compliance Assessment Guide Principle

More information

DHS / UKvisas Project

DHS / UKvisas Project for the DHS / UKvisas Project November 14, 2007 Contact Point Elizabeth Gaffin Associate Counsel United States Citizenship and Immigration Services 202-272-1400 Reviewing Official Hugo Teufel III Chief

More information

Recommendations for the PIA. Process for Enterprise Services Bus. Development

Recommendations for the PIA. Process for Enterprise Services Bus. Development Recommendations for the PIA Process for Enterprise Services Bus Development A Report by the Data Privacy and Integrity Advisory Committee This report reflects the consensus recommendations provided by

More information

Privacy Policy Version 1.0, 1 st of May 2016

Privacy Policy Version 1.0, 1 st of May 2016 Privacy Policy Version 1.0, 1 st of May 2016 THIS PRIVACY POLICY APPLIES TO PERSONAL INFORMATION COLLECTED BY GOCIETY SOLUTIONS FROM USERS OF THE GOCIETY SOLUTIONS APPLICATIONS (GoLivePhone and GoLiveAssist)

More information

Data Quality Documentation, Hospital Morbidity Database Multi-Year Information

Data Quality Documentation, Hospital Morbidity Database Multi-Year Information pic pic pic Data Quality Documentation, Hospital Morbidity Database Multi-Year Information Types of Care Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development

More information

Children's Hospital, Boston (Draft Edition)

Children's Hospital, Boston (Draft Edition) Children's Hospital, Boston (Draft Edition) The Researcher's Guide to HIPAA Evervthing You Alwavs Wanted to Know About HIPAA But Were Afraid to Ask 1. What is HIPAA? 2. What is the Privacy Rule? 3. What

More information

Physical Access Control System

Physical Access Control System for the Physical Access Control System DHS/ALL 039 June 9, 2011 Contact Point David S. Coven Chief, Access Control Branch (202) 282-8742 Reviewing Official Mary Ellen Callahan Chief Privacy Officer (703)

More information

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013 INFORMATION SECURITY GUIDE Cloud Computing Outsourcing Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Background...2 2. Legislative and Policy Requirements...3 3.

More information

Accountable Privacy Management in BC s Public Sector

Accountable Privacy Management in BC s Public Sector Accountable Privacy Management in BC s Public Sector Contents Accountable Privacy Management In BC s Public Sector 2 INTRODUCTION 3 What is accountability? 4 Steps to setting up the program 4 A. PRIVACY

More information

PACS JOINT SERVICES/ACCESS POLICY

PACS JOINT SERVICES/ACCESS POLICY PACS JOINT SERVICES/ACCESS POLICY 1. High Level Policy The identifiable Diagnostic Imaging Data stored in PACS constitutes personal health information and is subject to the provisions of The Health Information

More information

Privacy Impact Assessment for the Volunteer/Contractor Information System

Privacy Impact Assessment for the Volunteer/Contractor Information System Federal Bureau of Prisons Privacy Impact Assessment for the Volunteer/Contractor Information System Issued by: Sonya D. Thompson Deputy Assistant Director/CIO Reviewed by: Approved by: Vance E. Hitch,

More information

Credit Union Code for the Protection of Personal Information

Credit Union Code for the Protection of Personal Information Introduction Canada is part of a global economy based on the creation, processing, and exchange of information. The technology underlying the information economy provides a number of benefits that improve

More information

Were there other system changes not listed above? No 3. Check the current ELC (Enterprise Life Cycle) Milestones (select all that apply)

Were there other system changes not listed above? No 3. Check the current ELC (Enterprise Life Cycle) Milestones (select all that apply) Date of Approval: October 9, 2015 PIA ID Number: 1448 A. SYSTEM DESCRIPTION 1. Enter the full name and acronym for the system, project, application and/or database. AIMS Centralized Information System,

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

Cloud Computing and Privacy Toolkit. Protecting Privacy Online. May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1

Cloud Computing and Privacy Toolkit. Protecting Privacy Online. May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1 Cloud Computing and Privacy Toolkit Protecting Privacy Online May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1 Table of Contents ABOUT THIS TOOLKIT... 4 What is this Toolkit?... 4 Purpose of this Toolkit...

More information

Federal Trade Commission Privacy Impact Assessment for:

Federal Trade Commission Privacy Impact Assessment for: Federal Trade Commission Privacy Impact Assessment for: DCBE Websites and Blogs Consumer.ftc.gov, Consumidor.ftc.gov, OnGuardOnline, AlertaenLinea, Consumer.gov, Consumidor.gov and the BCP Business Center

More information

STANDARDS OF PRACTICE (2013)

STANDARDS OF PRACTICE (2013) STANDARDS OF PRACTICE (2013) COLLEGE OF ALBERTA PSYCHOLOGISTS STANDARDS OF PRACTICE (2013) 1. INTRODUCTION The Health Professions Act (HPA) authorizes and requires the College of Alberta Psychologists

More information

Paladin Computers Privacy Policy Last Updated on April 26, 2006

Paladin Computers Privacy Policy Last Updated on April 26, 2006 Paladin Computers Privacy Policy Last Updated on April 26, 2006 At Paladin Computers ( Service Provider ), we respect our Users and Clients right to privacy with regards to the use of their email and our

More information

Foundation Working Group

Foundation Working Group Foundation Working Group Proposed Recommendations on De-identifying Information for Disclosure to Third Parties The Foundation Working Group (FWG) engaged in discussions around protecting privacy while

More information

Automated Threat Prioritization Web Service

Automated Threat Prioritization Web Service for the Automated Threat Prioritization Web Service DHS/ICE/PIA-028 June 6, 2011 Contact Point Luke McCormack Chief Information Officer U.S. Immigration and Customs Enforcement (202) 732-3100 Reviewing

More information

Record Keeping. Guide to the Standard for Professional Practice. 2013 College of Physiotherapists of Ontario

Record Keeping. Guide to the Standard for Professional Practice. 2013 College of Physiotherapists of Ontario Record Keeping Guide to the Standard for Professional Practice 2013 College of Physiotherapists of Ontario March 7, 2013 Record Keeping Records tell a patient s story. The record should document for the

More information

Estate Agents Authority

Estate Agents Authority INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in

More information

PRIVACY IMPACT ASSESSMENT (PIA) GUIDE

PRIVACY IMPACT ASSESSMENT (PIA) GUIDE U.S. Securities and Exchange Commission Office of Information Technology Alexandria, VA PRIVACY IMPACT ASSESSMENT (PIA) GUIDE Revised January 2007 Privacy Office Office of Information Technology PRIVACY

More information

National Drug Treatment Monitoring System (NDTMS) Statement of Compliance. With the National Statistics Code of Practice and Protocols

National Drug Treatment Monitoring System (NDTMS) Statement of Compliance. With the National Statistics Code of Practice and Protocols National Drug Treatment Monitoring System (NDTMS) Statement of Compliance With the National Statistics Code of Practice and Protocols Page 1 1. INTRODUCTION The National Treatment Agency (NTA) is a Special

More information

POLICY SUBJECT: EFFECTIVE DATE: 5/31/2013. To be reviewed at least annually by the Ethics & Compliance Committee COMPLIANCE PLAN OVERVIEW

POLICY SUBJECT: EFFECTIVE DATE: 5/31/2013. To be reviewed at least annually by the Ethics & Compliance Committee COMPLIANCE PLAN OVERVIEW Compliance Policy Number 1 POLICY SUBJECT: EFFECTIVE DATE: 5/31/2013 Compliance Plan To be reviewed at least annually by the Ethics & Compliance Committee COMPLIANCE PLAN OVERVIEW Sound Inpatient Physicians,

More information

Health Care Provider Guide

Health Care Provider Guide Health Care Provider Guide Diagnostic Imaging Common Service Project, Release 1 Version: 1.4 Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document may be reproduced

More information

3. Consent for the Collection, Use or Disclosure of Personal Information

3. Consent for the Collection, Use or Disclosure of Personal Information PRIVACY POLICY FOR RENNIE MARKETING SYSTEMS Our privacy policy includes provisions of the Personal Information Protection Act (BC) and the Personal Information Protection and Electronic Documents Act (Canada),

More information

Commonwealth of Massachusetts Center for Health Information & Analysis (CHIA) Non-Governmental Application for Case Mix Data

Commonwealth of Massachusetts Center for Health Information & Analysis (CHIA) Non-Governmental Application for Case Mix Data Commonwealth of Massachusetts Center for Health Information & Analysis (CHIA) Non-Governmental Application for Case Mix Data This form is to be used by all applicants, except Government Agencies, as defined

More information

CÚRAM. Government of Alberta. Privacy Impact Assessment. Final Report. March 2009

CÚRAM. Government of Alberta. Privacy Impact Assessment. Final Report. March 2009 Government of Alberta Final Report Submitted by: Information and Privacy Office Employment and Immigration Table of Contents 1. Background...1 2. Purpose of This Review...2 3. Managing Access and System

More information

Federal Bureau of Prisons. Privacy Impact Assessment for the HR Automation System. Issued by: Sonya D. Thompson Deputy Assistant Director/CIO

Federal Bureau of Prisons. Privacy Impact Assessment for the HR Automation System. Issued by: Sonya D. Thompson Deputy Assistant Director/CIO Federal Bureau of Prisons Privacy Impact Assessment for the HR Automation System Issued by: Sonya D. Thompson Deputy Assistant Director/CIO Reviewed by: Approved by: Eric Olson, Acting Chief Information

More information

AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN. 1250 Siskiyou Boulevard Ashland OR 97520

AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN. 1250 Siskiyou Boulevard Ashland OR 97520 AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN 1250 Siskiyou Boulevard Ashland OR 97520 Revision History Revision Change Date 1.0 Initial Incident Response Plan 8/28/2013 Official copies

More information

Shared EMR Access Administrator (AA) Guide ~ External

Shared EMR Access Administrator (AA) Guide ~ External Shared EMR Access Administrator (AA) Guide ~ External Developed and maintained by: Information Stewardship Office (ISO) Information Sharing Framework Governance Committee (ISF GC) TABLE OF CONTENTS Purpose

More information

Service Line Warranties of Canada PRIVACY STATEMENT

Service Line Warranties of Canada PRIVACY STATEMENT Service Line Warranties of Canada PRIVACY STATEMENT We at Service Line Warranties of Canada ( us, our we, or Company ) consider the protection of your personal information to be a priority when you visit

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

Federal Bureau of Prisons

Federal Bureau of Prisons Federal Bureau of Prisons Privacy Impact Assessment for the Forensic Laboratory Issued by: Sonya D. Thompson, Senior Component Official for Privacy, Sr. Deputy Assistant Director/CIO Approved by: Erika

More information

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential

More information

Helpful Tips. Privacy Breach Guidelines. September 2010

Helpful Tips. Privacy Breach Guidelines. September 2010 Helpful Tips Privacy Breach Guidelines September 2010 Office of the Saskatchewan Information and Privacy Commissioner 503 1801 Hamilton Street Regina, Saskatchewan S4P 4B4 Office of the Saskatchewan Information

More information

Act on the Supervision of Financial Institutions etc. (Financial Supervision Act)

Act on the Supervision of Financial Institutions etc. (Financial Supervision Act) FINANSTILSYNET Norway Translation update January 2013 This translation is for information purposes only. Legal authenticity remains with the official Norwegian version as published in Norsk Lovtidend.

More information

Information Protection Readiness for Securing Personal Information

Information Protection Readiness for Securing Personal Information for Securing Personal Information Information Protection Readiness for Securing Personal Information May 23, 2014 Office of the City Auditor The Office of the City Auditor conducted this project in accordance

More information

Information Security Plan May 24, 2011

Information Security Plan May 24, 2011 Information Security Plan May 24, 2011 REVISION CONTROL Document Title: Author: HSU Information Security Plan John McBrearty Revision History Revision Date Revised By Summary of Revisions Sections Revised

More information

Privacy Policy. What is Covered in This Privacy Policy. What Information Do We Collect, and How is it Used?

Privacy Policy. What is Covered in This Privacy Policy. What Information Do We Collect, and How is it Used? Privacy Policy The Friends of the Public Garden ("FoPG" or "We") is a non-profit corporation and the owner and operator of www.friendsof thepblicgarden.org (the "Website"), which is intended to supply

More information

Cloud Computing: Privacy and Other Risks

Cloud Computing: Privacy and Other Risks December 2013 Cloud Computing: Privacy and Other Risks by George Waggott, Michael Reid and Mitch Koczerginski, McMillan LLP Introduction While the benefits of outsourcing organizational data storage to

More information

Privacy Policy. If you have questions or complaints regarding our Privacy Policy or practices, please see Contact Us. Introduction

Privacy Policy. If you have questions or complaints regarding our Privacy Policy or practices, please see Contact Us. Introduction Privacy Policy This Privacy Policy will be effective from September 1 st, 2014. Please read Pelican Technologies Privacy Policy before using Pelican Technologies services because it will tell you how we

More information

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution. Written Information Security Plan (WISP) for HR Knowledge, Inc. This document has been approved for general distribution. Last modified January 01, 2014 Written Information Security Policy (WISP) for HR

More information

Web Time and Attendance

Web Time and Attendance Privacy Impact Assessment for the Web Time and Attendance October 31, 2006 Contact Point Mr. Mark Danter Bureau of Alcohol, Tobacco, Firearms and Explosives Office of Management/ Financial Management Division

More information

Retention & Destruction

Retention & Destruction Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of

More information

Coffey International Limited Privacy Policy. July 2014

Coffey International Limited Privacy Policy. July 2014 Coffey International Limited Privacy Policy July 2014 Privacy Policy 1. Introduction Coffey International Limited and its related bodies corporate (we, our, us) recognise your rights under the Privacy

More information

Authorized. User Agreement

Authorized. User Agreement Authorized User Agreement CareAccord Health Information Exchange (HIE) Table of Contents Authorized User Agreement... 3 CareAccord Health Information Exchange (HIE) Polices and Procedures... 5 SECTION

More information

National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada

National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada Introduction National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada This Privacy Policy describes the manner in which the National Association of Pharmacy

More information

Information Circular

Information Circular Information Circular Enquiries to: Brooke Smith Senior Policy Officer IC number: 0177/14 Phone number: 9222 0268 Date: March 2014 Supersedes: File No: F-AA-23386 Subject: Practice Code for the Use of Personal

More information

Pan-Canadian Primary Health Care Electronic Medical Record Content Standard, Version 3.0

Pan-Canadian Primary Health Care Electronic Medical Record Content Standard, Version 3.0 pic Pan-Canadian Primary Health Care Electronic Medical Record Content Standard, Version 3.0 Technical Guide Types of Care Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To

More information

Responsibilities of Custodians and Health Information Act Administration Checklist

Responsibilities of Custodians and Health Information Act Administration Checklist Responsibilities of Custodians and Administration Checklist APPENDIX 3 Responsibilities of Custodians in Administering the Each custodian under the Act must establish internal processes and procedures

More information

Cloud Computing: Trust But Verify

Cloud Computing: Trust But Verify Cloud Computing: Trust But Verify 14th Annual Privacy and Security Conference February 8, 2013, Victoria Martin P.J. Kratz, QC Bennett Jones LLP Cloud Computing Provision of services available on the Internet

More information