The issue of privacy is not for us simply as a matter of business practice. It’s just fundamental to human dignity.
– Gerald Levin
As of August 31, 2018, changes to the Alberta Health Information Act took place. Not only is Bethany responsible for ensuring the integrity of the collection, use, and disclosure of health information; we are now obligated to report to the Privacy Commissioner, the Minister of Health, and the individual who is the subject of the individually identifying information, notice of any loss or unauthorized access to their information if there is a ‘risk of harm’ to that individual. The new provisions in the Health Information Regulation provide a non-exhaustive list of factors that must be considered by a custodian like Bethany when assessing whether there is a risk of harm. These factors include whether there is a reasonable basis to believe that the applicable information:
- has been or may be accessed by or disclosed to a person;
- has been misused or will be misused;
- could be used for the purpose of identity theft or to commit fraud; and
- could cause embarrassment or physical, mental or financial harm to, or damage the reputation of the subject individual.
The above factors are non-exhaustive (in essence, the Privacy Commissioner will make the call whether or not there was a risk of harm). As such, any potential breaches (both involving a resident, or otherwise) should always be reported through privacy@bethanyseniors.com to not only ensure that we remain in compliance, but more importantly, continue to live our mission of Creating Caring Communities by protecting the integrity of our residents’ personal information.
Some of my golden rules…
- Keeping health records private begins by thinking about the people permitted to see them.
- If you are not directly involved in the care of the resident, you should generally not access their information.
- The same principles apply whether you’re seeing a physical file, speaking on the phone, even writing a Post-it Note with resident information.
As everyone is aware, privacy breaches are not uncommon, and there are many ways to prevent them, including education, policy, and ensuring the integrity and security of our data, for our residents, our employees, and other stakeholders of whom we may hold their information (e.g. donors). Some of the instances where our own personal information may have been affected occurred in recent years in the “Biggest Data Breaches of the 21st Century“…
- When Verizon was going to buy Yahoo in 2016, Yahoo was forced to disclose that its data had been breached in 2013, compromising the names, e-mail addresses, dates of birth, telephone numbers and passwords of 3 billion user accounts, knocking $350 million off their sale price.
- In 2014, hackers were able to access the accounts of three eBay corporate employees, resulting in the data of 145 million users being compromised.
- In 2017, an application vulnerability on one of Equifax’s websites resulted in a data breach of the information of 150 million customers, including social security and driver’s license numbers.
- And of course, just last Friday, Facebook announced that an attack on its computer network has exposed the personal information of nearly 50 million users.
During my short time at Bethany, I have watched all of you live and breath the values of Bethany. We Care, We Show Respect, and We Are Responsible – all integral components of thinking about privacy in our day-to-day lives and while we are at work. If any of you ever have any questions as to the above, my door is always open.
Of course, I welcome ideas, suggestions and any questions that you may have. Please feel free to send them to me at leanne.likness@bethanyseniors.com.
Have a great week everyone!
Yours truly,
– Leanne
Leave a Reply