Incident: Sick Kids physician loses portable hard-drive with unencrypted personal health information

A physician from Sick Kids hospital who decided to travel with a portable hard-drive containing unencrypted health information on 3,300 patients lost the drive in Canada's busiest airport. This happened six weeks after the Information and Privacy Commissioner ordered that the hospital not allow electronic health information to leave the hospital unless it was encrypted. See: TheStar.com - living - Sick Kids doctor loses data on 3,300 patients.

Federal Privacy Commissioner releases privacy breach guidelines

The Federal Privacy Commissioner has just released privacy breach guidelines, which are similar to guidelines produced by the Ontario and British Columbia commissioners. Here is the press release, with links to the guidelines:

News Release: Privacy Commissioner releases privacy breach guidelines (August 1, 2007) - Privacy Commissioner of Canada

Privacy Commissioner releases privacy breach guidelines

Ottawa, August 1, 2007 – New guidelines will help organizations take the right steps after a privacy breach, including notifying people at risk of harm after their information has been stolen, lost or mistakenly disclosed, says the Privacy Commissioner of Canada, Jennifer Stoddart.

The guidelines outline some of the key steps in responding to a breach, such as containing the breach, evaluating the risks associated with it, notifying the people affected and preventing future breaches.

“It’s clear that most businesses take seriously their responsibilities under Canada’s private-sector privacy law. I want to thank the industry groups, civil societies groups and privacy commissioners' offices that helped my office in developing these,” Commissioner Stoddart says.

The Office of the Privacy Commissioner (OPC) has become increasingly concerned about privacy breaches and breach notification following some major data breaches in recent months. Earlier this year, Commissioner Stoddart urged the federal government to amend the Personal Information Protection and Electronic Documents Act (PIPEDA) to make it mandatory for businesses to notify people when their personal information has been breached.

“Our new voluntary guidelines do not take away from the need for breach notification legislation,” the Commissioner says. “I would once again urge the Minister of Industry and his cabinet colleagues to help better protect Canadians by making breach notification a legal requirement for businesses.” The guidelines call on businesses to notify people that their personal information has been compromised in cases where the breach raises a risk of harm. For example, there may be a risk of identity theft or fraud in cases where sensitive personal information has been lost or stolen.

Organizations are also encouraged to inform the appropriate privacy commissioner(s) of a privacy breach. (In British Columbia, Alberta and Quebec, provincially regulated businesses should speak to their provincial privacy commissioners. In Ontario, breaches involving personal health information must be reported to the provincial commissioner.)

The OPC is currently investigating two high-profile privacy breach cases involving large amounts of personal information.

In one case, the Canadian Imperial Bank of Commerce reported to the OPC the disappearance of a hard drive containing the personal information and financial data of close to half a million clients of its subsidiary, Talvest Mutual Funds.

The other investigation, being conducted jointly with the Information and Privacy Commissioner of Alberta, is looking at a breach at TJX Companies Inc., which affected thousands of Canadians who shopped at TJX’s Winners and HomeSense stores.

The new guidelines as well as a privacy breach checklist and a list of organizations which participated in the consultation process to develop the guidelines are available on the OPC website, http://www.privcom.gc.ca/.

The Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman, advocate and guardian of privacy and the protection of personal information rights of Canadians.

Going postal over privacy

This is very interesting ....

Worker: Postal Service sold private data on Yahoo! News

By GENE JOHNSON, Associated Press Writer

Mon Jul 30, 11:08 PM ET

A Postal Service employee sued the agency Monday, accusing it of selling the personal information of its workers to credit card and other companies without consent.

Lance McDermott, a mechanic for mail-processing equipment, said in the complaint in U.S. District Court that he has been inundated with credit card, cell phone and life insurance offers in the past two years.

In some instances, it appears the agency provided the companies with eight-digit employee identification numbers, used for sensitive tasks such as accessing health care records, the complaint said.

McDermott said he was deluged with offers from Visa, Sprint Nextel Corp. and other companies.

The lawsuit seeks class-action status on behalf of other Postal Service workers, the return of any money the agency may have made by violating the federal Privacy Act, and other damages.

An agency spokesman in Seattle said he could not immediately comment.

"His major concern is that he doesn't want to take the risk that his personal information is going to be released to a third party and be subject to identity theft," McDermott's lawyer, Steve Berman, said. "And he doesn't think his employer should be benefiting from his personal information without his permission."

Berman said he does not know how much the companies may have paid the Postal Service for access to its "master file" of employee information. Nearly 800,000 people work for the agency, he said.

McDermott's complaint cited the Postal Service's April 2005 "Guidelines for Privacy" handbook, which included a section on direct marketing to workers: "Growing revenue is a critical strategy for the Postal Service," it said, and for that reason, the agency would allow companies to bid for the right to mail promotional offers to Postal Service workers. The offers arrive "cobranded" with the Postal Service's logo.

While employees could choose not to have their information forwarded to other companies, the policy still violated the Privacy Act by releasing data to companies without explicit permission from the employees, the complaint said.

With few exceptions, the law forbids federal agencies from releasing personal information of employees without consent.

Representatives of Visa and Sprint Nextel did not immediately return calls seeking comment.

Cedars Sinai reserves the right to disclose your personal info ....

This is pretty amazing. Cory Doctorow of Boing Boing! has posted a picture of a notice received from Cedars Sinai hospital, providing the purposes for which patients' health information may be disclosed.

The purposes include "Protective services for the President and [unnamed] others", and "national security, intelligence purposes".

Originally uploaded by gruntzooki, via Boing Boing. And thanks to Rob Hyndman for pointing me to it....

The "but I've got nothing to hide" argument

Daniel Solove, at the University of George Washtington School of Law, has written an interesting article on the "But I've got nothing to hide." Here's a link to the download site and the introduction:

SSRN-'I've Got Nothing to Hide' and Other Misunderstandings of Privacy by Daniel Solove

INTRODUCTION

Since the September 11 attacks, the government has been engaging in
extensive surveillance and data mining. Regarding surveillance, in December
2005, the New York Times revealed that after September 11, the Bush
Administration secretly authorized the National Security Administration
(NSA) to engage in warrantless wiretapping of American citizens’ telephone
calls.2 As for data mining, which involves analyzing personal data for patterns
of suspicious behavior, the government has begun numerous programs. In
2002, the media revealed that the Department of Defense was constructing a
data mining project, called “Total Information Awareness” (TIA), under the
leadership of Admiral John Poindexter. The vision for TIA was to gather a
variety of information about people, including financial, educational, health,
and other data. The information would then be analyzed for suspicious
behavior patterns. According to Poindexter: “The only way to detect . . .
terrorists is to look for patterns of activity that are based on observations from
past terrorist attacks as well as estimates about how terrorists will adapt to our
measures to avoid detection.”3 When the program came to light, a public
outcry erupted, and the U.S. Senate subsequently voted to deny the program
funding, ultimately leading to its demise. Nevertheless, many components of
TIA continue on in various government agencies, though in a less systematic
and more clandestine fashion.4

In May 2006, USA Today broke the story that the NSA had obtained
customer records from several major phone companies and was analyzing
them to identify potential terrorists.5 The telephone call database is reported to
be the “largest database ever assembled in the world.”6 In June 2006, the New
York Times reported that the U.S. government had been accessing bank records
from the Society for Worldwide Interbank Financial Transactions (SWIFT),
which handles financial transactions for thousands of banks around the world.7
Many people responded with outrage at these announcements, but many others
did not perceive much of a problem. The reason for their lack of concern, they
explained, was because: “I’ve got nothing to hide.”

The argument that no privacy problem exists if a person has nothing to
hide is frequently made in connection with many privacy issues. When the
government engages in surveillance, many people believe that there is no
threat to privacy unless the government uncovers unlawful activity, in which
case a person has no legitimate justification to claim that it remain private.

Thus, if an individual engages only in legal activity, she has nothing to worry
about. When it comes to the government collecting and analyzing personal
information, many people contend that a privacy harm exists only if skeletons
in the closet are revealed. For example, suppose the government examines
one’s telephone records and finds out that a person made calls to her parents, a
friend in Canada, a video store, and a pizza delivery shop. “So what?” that
person might say. “I’m not embarrassed or humiliated by this information. If
anybody asks me, I’ll gladly tell them what stores I shop at. I have nothing to
hide.”

The “nothing to hide” argument and its variants are quite prevalent in
popular discourse about privacy. Data security expert Bruce Schneier calls it
the “most common retort against privacy advocates”8 Legal scholar Geoffrey
Stone refers to it as “all-too-common refrain.”9 The “nothing to hide”
argument is one of the primary arguments made when balancing privacy
against security. In its most compelling form, it is an argument that the
privacy interest is generally minimal to trivial, thus making the balance against
security concerns a foreordained victory for security. Sometimes the “nothing
to hide” argument is posed as a question: “If you have nothing to hide, then
what do you have to fear?” Others ask: “If you aren’t doing anything wrong,
then what do you have to hide?”

In this essay, I will explore the “nothing to hide” argument and its variants
in more depth. Grappling with the “nothing to hide” argument is important, as
the argument reflects the sentiments of a wide percentage of the population. In
popular discourse, the “nothing to hide” argument’s superficial incantations
can readily be refuted. But when the argument is made in its strongest form, it
is far more formidable.

In order to respond to the “nothing to hide” argument, it is imperative that
we have a theory about what privacy is and why it is valuable. At its core, the
“nothing to hide” argument emerges from a conception of privacy and its
value. What exactly is “privacy”? How valuable is privacy and how do we
assess its value? How do we weigh privacy against countervailing values?
These questions have long plagued those seeking to develop a theory of
privacy and justifications for its legal protection.
This essay begins in Part I by discussing the “nothing to hide” argument.
First, I introduce the argument as it often exists in popular discourse and
examine frequent ways of responding to the argument. Second, I present the
argument in what I believe to be its strongest form. In Part II, I briefly discuss
my work thus far on conceptualizing privacy. I explain why existing theories
of privacy have been unsatisfactory, have led to confusion, and have impeded
the development of effective legal and policy responses to privacy problems.
In Part III, I argue that the “nothing to hide” argument—even in its strongest
form—stems from certain faulty assumptions about privacy and its value. The
problem, in short, is not with finding an answer to the question: “If you’ve got
nothing to hide, then what do you have to fear?” The problem is in the very
question itself.

Incident: Patient information cards sold at auction in Saskatchewan

Another case of personal information being sold at auction, this time in hardcopy form:

Patient information cards sold at auction

REGINA -- The Saskatoon Health Region apologized Tuesday after more than 2,000 patient information cards that were supposed to be treated as "very confidential" were accidentally sold at an auction of health region surplus material rather than shredded.

The plastic cards are used to make imprints on documents for patient records. The cards contain names, dates of birth, addresses, religious affiliations, health card numbers and the names of the patient's doctor.

They were used between January and May of this year for day surgery patients and outpatients at City Hospital.....

Incident: Private medical records of Colorado residents exposed on Internet

From Minnesota public radio:

MPR: wavLength: Private medical records of Colorado residents exposed on Internet

Private medical records of Colorado residents exposed on Internet

Posted at 10:03 PM on May 22, 2007 by Jon Gordon

On Friday's Future Tense, you'll hear this story:

As medical records are created and transmitted electronically more and more, the chance of private information falling into the wrong hands is growing. Sometimes records are stolen by hackers, other times just improperly secured. Compromised records can lead to a range of problems, from loss of employment to identity theft to plain old embarrassment.

Future Tense has discovered that detailed, personally identifiable medical records of thousands of Colorado residents were viewable on a publicly accessible Internet site for an uncertain period of time through at least last Friday, May 18. The data included patient records from at least 10 Colorado clinics and hospitals, and one hospital in Peoria, Illinois. It's unclear how many people may have seen the records.

Experts say the case likely runs afoul of federal health information privacy laws, even though there is no evidence that the records were misused.

The unsecured computer, which was accessible through a Web browser, was operated by Beacon Medical Services of Aurora, Colorado, which provides billing, coding and other services to emergency physicians at 17 facilities.

Beacon CEO Dennis Beck says he was shocked to learn about the breach and that the company took immediate steps to correct it.

"We've implemented a culture of compliance and data security and it just did not seem consistent with our culture, our practice and our experience," he said.

The medical records resided on an FTP server. FTP stands for File Transfer Protocol. It's a means by which users send and receive computer files over the Internet or private networks. In Beacon's case - and this is typical of the industry - health care providers sent encrypted data to the server for Beacon to access so it could bill patients and insurance companies. The data was unencrypted on Beacon's end, and the FTP server was not supposed to be accessible to the public. But in this case it was. No username or password was required to view the records.

The data included details of patients' visits to emergency rooms -- what ailments they complained of, diagnoses and treatments, and medical histories, along with the patients' names, occupations, addresses, phone numbers, insurance providers, and in some cases, Social Security numbers. Some of the records detailed sensitive cases, from sexually transmitted diseases to severe depression. The site also contained financial information, such as a list of low-income patients who received state aid to help pay their medical bills.

Beacon has employed two firms to help investigate what led to the security hole.

"It appears to us now at this point as if there was some back door that was opened to this server," said Beck. "We don't know when, but we believe it may have been done when a consultant did some work for us several years ago."

The company is trying to determine the exact number of patients affected, but Beck says the number looks to be fewer than 5,000.

Future Tense discovered the Beacon site after a tip from a source who stumbled upon it. We followed up on the tip, staying just long enough to confirm the existence of the records and get an idea what kind of data they contained. We notified several health care providers whose patient data was exposed. Those providers informed Beacon, which promptly shut the server down when it learned of the problem.

Bill Byron is spokesman for Banner Health Corporation, the parent company of McKee Medical Center of Loveland, Colorado, one of the providers whose data was included on the FTP site. Byron said McKee physicians won't transmit any more records to Beacon
until they're satisfied the security problem is fixed.

"We're trying to understand what our obligations are going to be, in terms of disclosing to patients that this has occurred, so that's still in process, to determine what we have to do," he said.

The Colorado medical records incident appears to be a serious violation of federal law governing medical record privacy, according to Janlori Goldman, director of the Health Privacy Project at Georgetown University.

"Large-scale breaches like this are not uncommon," she said. "They may not happen every day but they happen enough that you have to wonder, why aren't people taking greater care with this information?"

About a year ago, for example, a data security breach exposed medical information and Social Security numbers of some 26 million veterans after data was stolen from the home of an employee of the Department of Veterans Affairs.

Tomorrow on Future Tense, we'll explore the potential harm of compromised medical records, and at the federal law designed to protect patients. One critic of current law says patients have very little recourse when their most sensitive medical records become public.

Here is a list of physician groups, clinics and hospitals which had data of various kinds on the exposed site:

-McKee Medical Center of of Loveland, CO
-Big Thompson Emergency Physicians of Longmont, CO
-Presbyterian St. Luke's Hospital of Denver
-North Suburban Medical Center of Thornton, CO
-Carepoint Emergency Physicians of the greater Denver area
-Long's Peak Emergency Physicians
-Longmont United Hospital
-Boulder Community Hospital
-Emergency Medical Specialists PLC
-Memorial Hospital of Colorado Springs
-Proctor Hospital of Peoria, IL

Alberta Commissioner confirms right to have personal health information masked

The Alberta Information and Privacy Commissioner's office, in Investigation Report H2008-IR-001, has confirmed that individuals have the right to have their personal health information masked and its distribution restricted on Alberta Netcare:

Investigation confirms Albertans' right to ask custodians to limit disclosure of health information through Alberta Netcare

May 15, 2008Investigation confirms Albertans' right to ask custodians to limit disclosure of health information through Alberta NetcareInformation and Privacy Commissioner, Frank Work, has confirmed that individuals can ask that disclosure of their health information through Alberta Netcare, Alberta’s electronic health record, be limited. On conclusion of a recent investigation, it was recommended that Alberta Health and Wellness take steps to fully implement the technology that will allow custodians to limit the disclosure of health information through Alberta Netcare and communicate the availability of this option to Netcare users and Albertans.

The case involves a woman who asked her pharmacist to limit the disclosure of her health information through Alberta Netcare, but was told the pharmacist could not refuse to disclose information to AHW. The woman then contacted AHW to request that her information be “masked” in Alberta Netcare, but was directed to make her request to other custodians.

The Health Information Act (HIA) section 58(2) requires custodians to consider the expressed wishes of individuals when deciding how much health information to disclose. AHW has decided to manage expressed wishes in Alberta Netcare by masking information. Masked information is hidden until an authorized user who is providing care to a patient decides to unmask the information.

The investigation found that AHW built masking capabilities into Alberta Netcare as early as 2006, but did not did not formalize the processes required to allow Netcare users to apply masking until April 2008. The investigation also found that AHW had not adequately communicated the availability of masking as a means to manage an individual’s expressed wishes to health care providers nor had they developed the administrative tools required to fully support implementation of masking.

Mr. Work says “While I commend Health and Wellness for building important privacy features like masking into the system, it is not very useful to develop a masking system and not support its implementation or advise end users that it is available to them. In principle, AHW’s approach to masking information in Alberta Netcare is sound but implementation has been weak. The Department acknowledges this gap and has committed to developing an enhanced masking implementation plan for my review and comment before the end of the month. We will continue to work with AHW on this issue.”

Other recommendations that have been accepted by AHW include the recommendation to respond to the complainant’s request that her information be masked and expand Alberta Netcare communications materials to inform and educate patients about how a masking request can be made. The Department has taken immediate steps to implement these recommendations.

The investigation report and its recommendations can be found at http://www.oipc.ab.ca/.

Canada's No-fly list takes to the skies

Canada's new no-fly list is ready to take off:

CNW Group

Air security strengthened - Passenger Protect ready to take flight

OTTAWA, May 11 /CNW Telbec/ - The Honourable Lawrence Cannon, Minister of
Transport, Infrastructure and Communities, together with the Honourable
Stockwell Day, Minister of Public Safety, today announced new regulations that
will strengthen air passenger security screening. Once implemented, new
measures under a program known as Passenger Protect will prevent persons who
pose an immediate threat to aviation security from boarding a commercial
aircraft.

This made-in-Canada program was developed to provide an additional layer
of security for the aviation system and to enhance public safety in a way that
complies with the Canadian Charter of Rights and Freedoms and federal privacy
legislation.

"Canadians want to fly secure, and Passenger Protect is a significant
step forward. We must remember that Canada is not immune to the threat of
terrorism and we must remain vigilant," said Minister Cannon. "Passenger
Protect will not only make Canada's aviation system more secure, it will also
help keep the world's skies safe by reaching beyond Canadian borders to screen
everyone getting on a flight to Canada."

Under the new program, the Government of Canada is maintaining a list of
specified persons who may pose an immediate threat to aviation security should
they attempt to board a flight. Air carriers will be able to screen passengers
against the specified persons list through a secure online system. If the air
carrier identifies a person as a possible match with an entry on the list, the
air carrier will contact Transport Canada to confirm the passenger's identity,
and obtain a decision whether or not to allow him or her to board the flight.
"Canada has one of the best aviation systems in the world and is always
looking for ways to increase the safety and security of the travelling
public,"said Minister Day.

The Government of Canada has held discussions with airlines, airports,
and labour representatives, as well as civil liberties and ethno-cultural
groups in developing Passenger Protect, to create a program that enhances
security, respects the needs and realities of the aviation industry and
protects the rights of Canadians. As part of the consultations, Transport
Canada has established a reconsideration process to provide a non-judicial,
efficient way for any members of the public who have been denied boarding to
have their cases reviewed by persons independent of those who made the
original recommendation.

Transport Canada has worked closely with the Office of the Privacy
Commissioner in order to further strengthen the privacy provisions of the
program. Implementation for flights within Canada and international flights to
and from Canada will begin on June 18, 2007.

As of this date, new Identity Screening Regulations will require air
passengers within Canada who appear to be 12 years of age or older to present
one piece of government-issued photo identification (ID) that shows name, date
of birth and gender or two pieces of government-issued ID - one of which shows
name, date of birth and gender - before boarding an aircraft. The boarding
pass provided by the air carrier must match the name on the ID.

Canadians will not need a passport for travel within Canada but rather
can present a range of government-issued ID to the air carriers including a
health card, a birth certificate, a driver's licence and a social insurance
card. Current requirements for international travel will remain in place.
This practice is consistent with procedures currently in use by most
major airlines, and will allow the air carrier and Transport Canada to confirm
the identity of a passenger who is a possible match with an entry on the
specified persons list.

These proposed regulations were first published in the Canada Gazette,
Part I on October 28, 2006, after which a 75-day period followed to enable
interested parties and the public to provide comments.

The final regulations will be published in the Canada Gazette, Part II on
May 16, 2007.

A backgrounder with more information on the Passenger Protect program and
the new Identity Screening Regulations is attached.

<<
-------------------------------------------------------------------------

BACKGROUNDER

-------------------------------------------------------------------------

PASSENGER PROTECT PROGRAM

-------------------------

The Government of Canada began consulting with industry on passenger
assessment in May 2004, and expanded consultations on a program proposal for
Passenger Protect in the summer of 2005. Consultations with air carriers,
airports, labour representatives, civil liberties and ethno-cultural groups as
well as the Office of the Privacy Commissioner were essential to the
successful design and implementation of a program that enhances security,
respects the needs and realities of the aviation industry, and ensures that
the privacy and human rights of Canadians are protected.

The Passenger Protect program adds another layer of security to Canada's
aviation system to help address potential threats. Terrorist groups continue
to target civil aviation, and seek means to defeat existing safeguards and
measures.

Under the program, the Government of Canada is maintaining a list with the
name, date of birth and gender of each specified person that will be provided
to airlines in secure form. The airlines will compare the names of individuals
intending to board flights with the names on the specified persons list, and
will verify with the individual's government-issued identification when there
is a name match. Identification will be verified in person at the airport
check-in counter. When the airline verifies that an individual matches in
name, date of birth and gender with someone on the list, the airline will be
required to inform Transport Canada.

A Transport Canada officer will be on duty 24 hours a day, every day, to
receive calls from airlines when they have a potential match with a specified
person on the list. Transport Canada will verify information with the airline,
confirm whether the individual poses an immediate threat to aviation security
and inform the airline, if required, that the individual is not permitted to
board the flight. The Royal Canadian Mounted Police (RCMP) would be notified
immediately in the event of a match, and police of jurisdiction at the airport
would be informed and take action as required.

The Passenger Protect program will be implemented for Canadian domestic
flights and international flights to and from Canada on June 18, 2007.
Creating the Specified Persons List

The Minister of Transport, Infrastructure and Communities has the
authority under the Aeronautics Act, to specify an individual who is a threat
to aviation security and to require airlines to provide information about the
specified person.

A Transport Canada-led Advisory Group will assess individuals on a
case-by-case basis using information provided by the Canadian Security
Intelligence Service and the RCMP, and will make recommendations to the
Minister of Transport, Infrastructure and Communities concerning their
designation as specified persons or the removal of that designation. The
Advisory Group includes a senior officer from the Canadian Security
Intelligence Service and a senior officer from the RCMP (as advised by the
Department of Justice), with input from representatives from other Canadian
government departments and agencies.

Individuals are added to the specified persons list based on their
actions, which lead to a determination that they may pose an immediate threat
to aviation security, should they attempt to board an aircraft. Guidelines in
making that determination are focused on aviation security, and may include:

• an individual who is or has been involved in a terrorist group, and
  who, it can reasonably be suspected, will endanger the security of any
  aircraft or aerodrome or the safety of the public, passengers or crew
  members;
  
• an individual who has been convicted of one or more serious and
  life-threatening crimes against aviation security; and
  
• an individual who has been convicted of one or more serious and
  life-threatening offences and who may attack or harm an air carrier,
  passengers or crew members.

Identity Screening Regulations

As of June 18th 2007, new Identity Screening Regulations will require
airlines to screen each person's name against the specified persons list
before issuing a boarding pass, for any person who appears to be 12 years of
age or older. The regulations take into account the various ways in which the
boarding pass may be obtained: at a kiosk, through the Internet, or at an
airport check-in counter.

Where there is check-in via Internet or kiosks, airlines will not allow
printing of the boarding pass when there is a name match with the specified
persons list. Passengers refused a boarding pass at a kiosk or through the
Internet will be directed to the airline agent for in-person verification of
government-issued identification (ID). ID verification will determine whether
the name, date of birth and gender match those of a listed person.

The regulations also require air carriers to screen individuals at the
boarding gate by comparing the name on government-issued ID with the name on
the boarding pass. If the name on the ID is not the same as the name on the
boarding pass, the air carrier will be required to check the name on the ID
against the list.

Transport Canada will work with air carriers to provide training for
agents and staff who will be involved in implementing the ID verification
requirement, and establish procedures that respect the rights of passengers.

The ID requirement under the Passenger Protect program is for one piece of
valid government-issued photo ID that shows name, date of birth and gender,
such as a driver's licence or a passport, or two pieces of valid
government-issued ID, at least one of which shows name, date of birth and
gender, such as a birth certificate. The verification of passengers' ID is
already a practice followed by most major air carriers in Canada.

The regulations will be published in the Canada Gazette, Part II on
May 16, 2007.

Reconsideration and Appeals

The Passenger Protect program also includes a reconsideration process for
individuals who wish to contest the denial of boarding. An individual who has
been denied boarding under the Passenger Protect program will be able to apply
to Transport Canada's Office of Reconsideration (OOR), which may arrange for
an independent assessment of the case and make a recommendation. The goal is
to provide a non-judicial, efficient mechanism for any member of the public to
have their case reviewed by persons independent of those who made the original
recommendation to the Minister. Individuals have the further option of making
application to Federal Court for judicial review.
Privacy and Human Rights

The protection of privacy and human rights is a core element of the
Passenger Protect program. In developing the program, Transport Canada worked
with stakeholders and consulted with civil liberties and ethno-cultural
groups, and the Office of the Privacy Commissioner on privacy aspects.

A summary of the Privacy Impact Assessment conducted on the Passenger
Protect program is available on the Transport Canada website at
www.tc.gc.ca/vigilance/sep/passenger_protect/executive_summary/menu.htm.
In addition, the Office of the Privacy Commissioner of Canada posed a
series of questions to Transport Canada about the Passenger Protect program in
August 2005. The questions and the answers shed light on the privacy
protection features of the program and are available on the Web at
www.tc.gc.ca/vigilance/sep/passenger_protect/Q&A/menu.htm.

More details on the Passenger Protect program and the new Identity
Screening Regulations are available on Transport Canada's website at
www.tc.gc.ca/vigilance/sep/passenger_protect/menu.htm.

May 2007

Ontario and B.C. Privacy Commissioners issue joint message: personal health information can be disclosed in emergencies and other urgent circumstances

This just crossed the wires and is likely of interest to those who followed the earlier discussions about using privacy legislation as an excuse for inaction.

CNW Group OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER/ONTARIO Ontario and B.C. Privacy Commissioners issue joint message: personal health information can be disclosed in emergencies and other urgent circumstances

Ontario and B.C. Privacy Commissioners issue joint message: personal health information can be disclosed in emergencies and other urgent circumstances

TORONTO, May 9 /CNW/ - In light of recent events, such as the tragic suicide of Nadia Kajouji, a student at Carlton University, and the Virginia Tech massacre of 2007, the Information and Privacy Commissioner of Ontario, Dr. Ann Cavoukian, and the Information and Privacy Commissioner of British Columbia, David Loukidelis, are reaching out to educational institutions, students, parents, mental health counsellors and healthcare workers in both provinces: personal health information may, in fact, be disclosed in emergencies and other urgent circumstances. The two Commissioners want to ensure that people realize that privacy laws are not to blame because they do permit disclosure.

The Commissioners want to send the clear message that privacy laws do not prevent counsellors or healthcare providers from contacting a person's family if there are real concerns that they may seriously hurt themselves. "When there is a significant risk of serious bodily harm, such as suicide, privacy laws in Ontario clearly permit the disclosure of personal information without consent, regardless of age. In such situations, schools may contact parents or others if there are reasonable grounds to believe that it is necessary to do so," says Commissioner Cavoukian. Commissioner Loukidelis adds that, "If there are compelling circumstances affecting health or safety, or if an individual is ill, B.C.'s privacy laws allow disclosure to next of kin and others, including school officials and health care providers. Individual cases can be fuzzy, but if someone uses common sense and in good faith discloses information, my office is not going to come down on them. Privacy is important, but preserving life is more important."

In Ontario, the Personal Health Information Protection Act (PHIPA) allows health care providers, such as mental health counsellors, to disclose personal health information when necessary to eliminate or reduce a significant risk of serious bodily harm. This would include disclosure to a physician or parent if there are reasonable grounds to believe it is necessary to do so. In fact, PHIPA specifically allows for this kind of disclosure in emergency or urgent situations. Commissioner Cavoukian clarified this in a Fact Sheet she issued in 2005 entitled, Disclosure of Information Permitted in Emergency or other Urgent Circumstances, available at http://www.ipc.on.ca/.

In British Columbia, Commissioner Loukidelis underscored, the public sector Freedom of Information and Protection of Privacy Act allows universities, schools, hospitals and other public institutions to disclose personal information where someone's health or safety is at risk. He also noted that the private sector Personal Information Protection Act contains similar authority to disclose personal information for health and safety reasons.

Both Commissioners are today announcing their joint project to issue a new publication aimed at clarifying the role that privacy laws play when workers are trying to decide whether they can disclose personal health information. Commissioner Cavoukian said of the joint project, "Our goal is to ensure that educational institutions understand the legislative framework in advance of problems occurring. We are looking forward to working further with the educational community - stay tuned."

Commissioners Cavoukian and Loukidelis are urging those responsible for the health and safety of others to educate themselves about how the privacy laws covering them apply to their work and familiarize themselves with the provisions allowing them to disclose personal health information in emergency situations. Commissioner Loukidelis says, "I know that frontline decisions have to be made quickly and sometimes the facts may not be as clear as you'd like. But there's no doubt that privacy laws support disclosures to protect health and safety." Commissioner Cavoukian agrees that privacy laws are not at fault. "To infer that privacy laws were responsible for someone's death is to completely misunderstand the role that privacy laws are designed to play. The tragedy here lies if you take a default position of non-disclosure and inaction," says Commissioner Cavoukian. She also adds that, "However, Commissioner Loukidelis and I both recognize that the decision to notify someone's family without their consent can be extremely difficult, requiring very sound judgment. We are also clear that notification cannot be done on a routine basis and that students need to feel reassured that their privacy will be protected when they seek counselling or other health care services."

Parliamentary review of PIPEDA: Report

The Parliamentary Committee on Access to Information, Privacy and Ethics has just released its report following the five year PIEDA review:

ETHI (39-1) — Fourth Report: STATUTORY REVIEW OF THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) — Standing Committee on ACCESS TO INFORMATION, PRIVACY AND ETHICS - Committees of the House of Commons

The Standing Committee onACCESS TO INFORMATION, PRIVACY AND ETHICS

has the honour to present its

Fourth Report

Pursuant to its mandate under Standing Order 108(2), the Committee has studied a Statutory Review of the Personal Information Protection and Electronic Documents Act (PIPEDA) and agreed to the following report:

The HTML version of this report will be available soon. In the meantime, the Committee is pleased to make available the report entitled STATUTORY REVIEW OF THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) (.PDF, 262 KB) in printable format.

Here are the recommendations:

47

Recommendation 1

The Committee recommends that a definition of “business
contact information” be added to PIPEDA, and that the
definition and relevant restrictive provision found in the
Alberta Personal Information Protection Act be considered for
this purpose.

Recommendation 2

The Committee recommends that PIPEDA be amended to
include a definition of “work product” that is explicitly
recognized as not constituting personal information for the
purposes of the Act. In formulating this definition, reference
should be added to the definition of “work product
information” in the British Columbia Personal Information
Protection Act, the definition proposed to this Committee by
IMS Canada, and the approach taken to professional
information in Quebec’s An Act Respecting the Protection of
Personal Information in the Private Sector.

Recommendation 3

The Committee recommends that a definition of “destruction”
that would provide guidance to organizations on how to
properly destroy both paper records and electronic media be
added to PIPEDA.

Recommendation 4

The Committee recommends that PIPEDA be amended to
clarify the form and adequacy of consent required by it,
distinguishing between express, implied and deemed/opt-out
consent. Reference should be made in this regard to the
Alberta and British Columbia Personal Information Protection
Acts.

Recommendation 5

The Committee recommends that the Quebec, Alberta and
British Columbia private sector data protection legislation be
considered for the purposes of developing and incorporating
into PIPEDA an amendment to address the unique context
experienced by federally regulated employers and employees.

Recommendation 6

The Committee recommends that PIPEDA be amended to
replace the “investigative bodies” designation process with a
definition of “investigation” similar to that found in the Alberta
and British Columbia Personal Information Protection Acts
thereby allowing for the collection, use and disclosure of
personal information without consent for that purpose .

Recommendation 7

The Committee recommends that PIPEDA be amended to
include a provision permitting organizations to collect, use
and disclose personal information without consent, for the
purposes of a business transaction. This amendment should
be modeled on the Alberta Personal Information Protection Act
in conjunction with enhancements recommended by the
Privacy Commissioner of Canada.

Recommendation 8

The Committee recommends that an amendment to PIPEDA be
considered to address the issue of principal-agent
relationships. Reference to section 12(2) of the British
Columbia Personal Information Protection Act should be made
with respect to such an amendment.

Recommendation 9

The Committee recommends that PIPEDA be amended to
create an exception to the consent requirement for information
legally available to a party to a legal proceeding, in a manner
similar to the provisions of the Alberta and British Columbia
Personal Information Protection Acts.

Recommendation 10

The Committee recommends that the government consult with
the Privacy Commissioner of Canada with respect to
determining whether there is a need for further amendments to
PIPEDA to address the issue of witness statements and the
rights of persons whose personal information is contained
therein.

Recommendation 11

The Committee recommends that PIPEDA be amended to add
other individual, family or public interest exemptions in order
to harmonize its approach with that taken by the Quebec,
Alberta and British Columbia private sector data protection
Acts.

Recommendation 12

The Committee recommends that consideration be given to
clarifying what is meant by “lawful authority” in section
7(3)(c.1) of PIPEDA and that the opening paragraph of section
7(3) be amended to read as follows: “For the purpose of clause
4.3 of Schedule 1, and despite the note that accompanies that
clause, an organization shall disclose personal information
without the knowledge or consent of the individual but only if
the disclosure is […]”

Recommendation 13

The Committee recommends that the term “government
institution” in sections 7(3)(c.1) and (d) be clarified in PIPEDA
to specify whether it is intended to encompass municipal,
provincial, territorial, federal and non-Canadian entities.

Recommendation 14

The Committee recommends the removal of section 7(1)(e)
from PIPEDA.

Recommendation 15

The Committee recommends that the government examine the
issue of consent by minors with respect to the collection, use
and disclosure of their personal information in a commercial
context with a view to amendments to PIPEDA in this regard.

Recommendation 16

The Committee recommends that no amendments be made to
PIPEDA with respect to transborder flows of personal
information.

Recommendation 17

The Committee recommends that the government consult with
members of the health care sector, as well as the Privacy
Commissioner of Canada, to determine the extent to which
elements contained in the PIPEDA Awareness Raising Tools
document may be set out in legislative form.

Recommendation 18

The Committee recommends that the Federal Privacy
Commissioner not be granted order-making powers at this
time.

Recommendation 19

The Committee recommends that no amendment be made to
section 20(2) of PIPEDA with respect to the Privacy
Commissioner’s discretionary power to publicly name
organizations in the public interest.

Recommendation 20

The Committee recommends that the Federal Privacy
Commissioner be granted the authority under PIPEDA to share
personal information and cooperate in investigations of
mutual interest with provincial counterparts that do not have
substantially similar private sector legislation, as well as
international data protection authorities.

Recommendation 21

The Committee recommends that any extra-jurisdictional
information sharing, particularly to the United States, be
adequately protected from disclosure to a foreign court or
other government authority for purposes other than those for
which it was shared.

Recommendation 22

The Committee recommends that PIPEDA be amended to
permit the Privacy Commissioner to apply to the Federal Court
for an expedited review of a claim of solicitor-client privilege in
respect of the denial of access to personal information
(section 9(3)(a)) where the Commissioner has sought, and
been denied, production of the information in the course of an
investigation.

Recommendation 23

The Committee recommends that PIPEDA be amended to
include a breach notification provision requiring organizations
to report certain defined breaches of their personal
information holdings to the Privacy Commissioner.

Recommendation 24

The Committee recommends that upon being notified of a
breach of an organization’s personal information holdings, the
Privacy Commissioner shall make a determination as to
whether or not affected individuals and others should be
notified and if so, in what manner.

Recommendation 25

The Committee recommends that in determining the specifics of an appropriate notification model for PIPEDA, consideration
should be given to questions of timing, manner of notification,
penalties for failure to notify, and the need for a “without
consent” power to notify credit bureaus in order to help
protect consumers from identity theft and fraud.

If you handle personal information, you'd better know the exceptions in privacy laws

If you handle personal information and only read one privacy law article, this one should be it:

Far too often, bureaucrats, cops and others use poorly understood privacy laws as a justification for inaction. Maybe it's just that they don't fully understand the myriad rules and the multiplicity of exceptions.

Privacy laws are complicated and are not well understood, even by people whose day-to-day operations are affected by them. But they are generally sensible and coherent. And -- believe it or not -- they are laced with common sense.

I've had the opportunity to look at every privacy law in Canada and I don't think I've seen one that does not have a public interest override. A public body, in the public sector context, can disclose personal information without consent if it is in the public interest to do so. There are often other exceptions from the general rule that requires consent.

Some may recall the aftermath of the south Asian tsunami where the federal government said they couldn't name victims or survivors because of the Privacy Act. The Privacy Commissioner and others were pretty quick to point out s. 8 of the Privacy Act, which allows the government to disclose personal information where it is in the public interest:

8(2) Subject to any other Act of Parliament, personal information under the control of a government institution may be disclosed

...

(m) for any purpose where, in the opinion of the head of the institution,

(i) the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure, or

(ii) disclosure would clearly benefit the individual to whom the information relates.

(I wrote about it on this blog at the time: Editorial urges that naming Canadian tsunami victims is in the public interest & Fallout from naming/not naming Canadian victims)

I was recently reminded of this in a discussion about the failure of the police in Merritt BC to identify a suspect on the lam after a family was found murdered. Police blamed privacy laws. (RCMP grilled for delay in alerting town over suspect) The National Post Editorial Board called them out on the misstep:

The Post editorial board on the Allan Schoenborn case: The RCMP's high-profile failure - Full Comment

...Two days later, Ms. Clarke returned from errands to find her children murdered, and their father vanished along with his dog. The RCMP, confronted with a gruesome spectacle that may have resulted from their failed efforts to get Schoenborn under lock and key, took nearly a full day to announce to the public in Merritt that he was the prime suspect in the killings. Their excuse? "Due to privacy concerns," said RCMP Staff Sergeant Scott Tod, "we had to make sure that we had information that this was the suspect before we released his name."

"Privacy" is a popular item these days in the lexicon of justice, as it is used by the Mounties. No act of ineptitude in communicating with the public can possibly escape its reassuring cover, even though every privacy law or code written down anywhere in the last 50 years contains public-interest exemptions.

Most recently, a University in Ontario has been called to account for not notifying the parents of a mentally ill student who subsequently committed suicide. Privacy laws were pointed to as preventing such action. Anne Cavoukian and her counterparts have reminded universities that these laws are easy scapegoats, but without exception contain provisions that allow privacy rights to be overridden in certain circumstances.

Universities grapple with providing health services, protecting privacy

...University officials say they followed procedures and couldn't tell Kajouji's parents about her mental health because of the province's privacy law. They also indicated universities that don't respect the privacy of their students' health information risk driving students away from the very services designed to help them.

Ontario's privacy commissioner, Ann Cavoukian, and several of her counterparts in other provinces, say universities need to have a clearer understanding of what privacy laws allow and they cautioned that too often privacy laws are the automatic target of blame when controversy arises.

Cavoukian's office provided a fact sheet several years ago to universities explaining the law allows them to disclose personal health information in "compelling circumstances" and if they believe on reasonable grounds it would eliminate or reduce the risk of bodily harm.

Determining whether a situation warrants disclosure is a judgment call, Cavoukian said in an interview, though the law affords protection to the decision-maker as long as he or she acted in good faith.

"If you are a health-care practitioner or a university professional and you have information relating to a student that is considering suicide and you fear for that person and want to reduce the risk of suicide, absolutely you are allowed to release that information," she said. "It's not an easy decision but it is one that is permitted under our privacy laws and I'm sick and tired of people saying that it's the privacy laws that prevented the counsellors from contacting the girl's parents. That's incorrect," she said.

... Suzanne Blanchard, vice-president for student support services, said in an e-mail message the university has specific procedures to deal with students who are in "imminent danger of doing harm to themselves or others."

"Carleton University has reviewed its actions in the aftermath of Nadia's tragic death. We believe that we followed all proper procedures and provided all the support services we could for Nadia," she said. "Carleton University is always diligent in its compliance with Ontario's privacy laws and we believe that we acted, and continue to act, in accordance with those laws."

Cavoukian said some universities take their obligations under the privacy law seriously, but there is still a lot of confusion. She plans to convene a meeting with the Council of Ontario Universities in an attempt to clarify any lingering questions.

Saskatchewan's privacy commissioner agreed there is a "significant need for more education" about the flexibility that is built into privacy laws.

"Sometimes you have people who don't want to do the wrong thing and so therefore you get a kind of paralysis and they don't share information even when the law allows them to and it's appropriate to do so," said Gary Dickson.

Dickson said Kajouji's death, while tragic, provides incentive for universities to ensure they are prepared to deal with students' mental health issues and with situations where informing the parents is up for debate. "Decisions will have to be made and then there have to be people with the appropriate training and judgment who can then make that discretionary decision," he said.

Frank Work, Alberta's privacy commissioner, said it has to be kept in mind Kajouji was an adult and the university may have felt her situation was under control. All the law asks is that a standard of reasonableness be applied, said Work.

"I think it's true in just about every privacy law, the standard is always reasonableness, not perfection," he said.

People will disagree on whether Carleton made the right decision, but one thing the privacy commissioners all agree on is the decision needs to be given due consideration.

"The worst case scenario is if it's just neglect. They saw the bus coming and they didn't yell: 'Get out of the way.' We don't know here. Hopefully in this case they made a judgment call," said Work.

Ontario's commissioner similarly said university officials have to take the time to make the difficult determination and should not rely on privacy laws as the default reason for not disclosing personal information.

"I would urge people to resist the knee-jerk reaction of automatically blaming privacy laws," Cavoukian said.

Here is the moral of this story: Whenever common sense or humanity seem to bump up against privacy laws, take a close look at the law and its exceptions. You will probably find that the drafters have designed the laws to accommodate common sense and humanity.

Clerk fined for inappropriate access to personal health information

Earlier this month, a medical clerk was fined $10,000 for unlawfully accessing the personal health information of her lover's wife. To my knowledge, this is the first charge and conviction of its kind in Canada. The charges were laid under Alberta's Health Information Act. Most other provinces would have no penalty for such conduct.

Medical office clerk fined $10,000 for accessing records of lover's wife

CALGARY (CP) - A medical office clerk has been fined $10,000 for illegally obtaining health records of her lover's wife.

Stephanie MacDonald, who was charged under the Alberta Health Information Act, gained access to test results, biopsy findings and X-rays belonging to Marlene Stallard 17 times between August 2005 and May 2006.

Stallard, who is fighting ovarian cancer, told court in her victim impact statement the records were used in an attempt to convince her husband she was gravely ill.

It was part of MacDonald's strategy to make her adulterous relationship with James Stallard more permanent, she alleged.

''A violation of your privacy to that degree, when you're going through cancer, is a pretty terrible thing,'' Marlene Stallard said Friday, after the sentencing.

MacDonald, who could access information through her capacity as a clerk at the Dr. McPhalen Professional Corporation, maintained she was working under her lover's direction when she accessed the records. MacDonald and James Stallard are no longer lovers.

But James Stallard testified he only asked MacDonald to get information about his wife's condition twice, and denied he'd asked for information the other 15 times.

MacDonald also said she wasn't aware what she was doing was illegal, noting she'd never been briefed on such practices and her office didn't have a privacy policy.

Provincial court Judge Manfred Delong said he didn't believe a 12-year medical clerk didn't know what she was doing was wrong.

Wacky Canadians Still Believe in Privacy

Washtington Post columnist Al Kamen has picked up on the Canadian Privacy Commissioner's response to the Secretary of Homeland Security's statement that fingerprits are not "personal" (see: Canadian Privacy Law Blog: Privacy Commissioner's response to US Homeland Security Secretary's statement on biometrics). It's not clear whether he's being serious, but we certainly are wacky compared to the Americans.

Al Kamen - Wacky Canadians Still Believe in Privacy - washingtonpost.com

Wacky Canadians Still Believe in Privacy

By Al Kamen

Friday, April 25, 2008; A21

Homeland Security chief Michael Chertoff caused a little ruckus up north a couple weeks ago as he was pushing his plan to share databases of international air travelers' fingerprints with the Canadians, Brits and Aussies.

In an interview with an excessively squeamish Canadian reporter, Chertoff was told: "Some are raising that the privacy aspects of this thing, you know, sharing of that kind of data, very personal data, among four countries is quite a scary thing."

Nonsense, Chertoff responded. "Well, first of all, a fingerprint is hardly personal data because you leave it on glasses and silverware and articles all over the world. They're like footprints. They're not particularly private," he said, according to Canadian news reports and privacy lawyer Peter Swire, a senior fellow and guest blogger at the Center for American Progress.

Absolutely. But the old-fashioned Canadians seem to think otherwise. They even have someone who monitors privacy issues, Privacy Commissioner Jennifer Stoddart, who promptly wrote the minister of public safety and preparedness to object, noting that Canadian law "defines fingerprints as personal information" and that "fingerprints constitute extremely personal information for which there is clearly a high expectation of privacy." That's why, she wrote with a hint of huffiness, "Canadians rightly expect their government to respect their civil liberties and personal information from abuse."

Oh yeah? Well, our Supreme Court ruled in 1985 that you have to have probable cause before you haul someone off and fingerprint them. Justice Byron R. White wrote the opinion, joined by Warren E. Burger and William H. Rehnquist, no less.

But in wartime, maybe we have different expectations, okay? As Chertoff, who after all was recently a federal appeals judge, knows quite well, no one should expect privacy in a restaurant or anywhere else where a fingerprint might be left.

And we don't. That's why many diners here are beginning to use gloves when they eat at restaurants and some even wear those hospital booties. Others prefer just a discreet swipe of utensils and glassware with a Wet-Nap to ensure against DNA retrieval from saliva. (There is a growing -- and deplorable -- trend to bring personal cutlery, but that really seems excessive and, in finer establishments, downright disrespectful, especially if it's plastic.)

Is it possible the Canadians thought those signs at beachfront eateries -- "No shirt, no shoes, no service" -- were an effort to maintain appropriate attire? Everyone down here knows the restaurants just wanted to prevent the feds from trying to collect toe prints.

Canadians probably still go to barbershops -- where a single hair in the right hands can provide DNA, general health info, recent drug use data and other information. Our cousins probably haven't read about the growing in-home trim movement here.

And there's an easy way to guard against theft of your secret mattress Sleep Number. Just change the setting every morning before you leave.

More UK data breaches come to light

I think we'll be seeing even more of these out of the UK as government authorities and the media turn their attentiont to the issue.

It's being reported that a number of National Health System trusts have "lost" the personal information of hundreds of thousands of British residents in the past little while. See: BBC NEWS UK Nine NHS trusts lose patient data

PIPA review released in BC

The Special Committee of the BC Legislature reviewing the Personal Information Protection Act has recently released its report:

April 17, 2008: Special Committee Recommends Changes to Streamline B.C.’s Private-Sector Privacy Law Media Releases Special Committee to Review the Personal Information Protection Act 4th Session 38th Parliament Committees

SPECIAL COMMITTEE RECOMMENDS CHANGES TO STREAMLINE B.C.’S PRIVATE-SECTOR PRIVACY LAW

VICTORIA – The Special Committee to Review the Personal Information Protection Act submitted its Report to the Legislature this afternoon. The all-party committee was appointed in 2007 by the Legislative Assembly to review the act that regulates the collection, use and disclosure of personal information by private-sector organizations in the province. During the past year, the committee received 39 submissions.

The key findings from the consultations are that the act seems to be working well overall for private-sector organizations operating in British Columbia, while the public is not as aware of the purpose, rules and scope of the act. The act also aligns with the federal and Alberta private-sector privacy laws.

The report, titled Streamlining British Columbia’s Private Sector Privacy Law, was unanimously adopted by all committee members. The report contains 31 recommendations, including:

• Making private-sector organizations accountable for personal information they transfer for processing outside Canada
  
• Requiring organizations to notify affected individuals of privacy breaches in certain circumstances
  
• Banning the use of blanket consent forms by provincially regulated financial institutions
  
• Revising consent exceptions to better address business practices in the insurance industry
  
• Permitting disclosure of personal contact information for health research
  
• Retaining the minimal fee for access to personal information
  
• Streamlining the complaints process in the province’s privacy laws
  
• Strengthening the Information and Privacy Commissioner’s oversight powers

“Keeping personal information private is vitally important,” said committee chair Ron Cantelon, MLA. “We want to enhance safeguards, but at the same time, balance that goal against imposing unnecessary regulations on business, particularly small businesses.”

The members of the Special Committee to Review the Personal Information Protection Act are:

Ron Cantelon, MLA Nanaimo-Parksville

Harry Lali, MLA Yale-Lillooet

Leonard Krog, MLA Nanaimo

Mary Polak, MLA Langley

John Rustad, MLA Prince George-Omineca

Information about the committee’s work can be found on its website at http://www.leg.bc.ca/cmt/pipa/index.asp, or by contacting the committee chair, Ron Cantelon, MLA, or any committee member.

Surgeon snaps pictures of patient's privates

I don't think there's much debate that the relationship between a physician and a patient is one where confidentiality and trust are absolutely critical. This is why there's such outrage when a physician takes advantage of this position of trust.

Yahoo! News is running an article about a Chief Resident of General Surgery from an Arizona hospital who took a picture of a patent's tattooed genitals when the patient was sedated. The surgeon apparently was showing the picture around to other doctors, thinking the tattoo "HOT ROD" was funny. It may be funny, but the actions of this physician are appalling and bring the whole profession into disrepute. See: Tattooed privates prove not so private - Yahoo! News.

UPDATE: No HIPAA charges expected: Doctor in penis case likely will avoid federal charges.

Incident: Ontario patient files found in dumpster

The Ontario Information and Privacy Commissioner is investigating after old medical records were found in a dumpster behind a coffee shop by a retiree. The affected patients will have to be notified as the information is subject to PHIPA, which contains Canada's only mandatory breach notification. See: TheSpec.com - Local - St. Joe's patient files found in dumpster.

London beat cops upset over Big Brother surveillance scheme

Some people, I am sure, will savor the irony that many London police officers are complaining about creepy surveillance and Big Brother tactics inherent in a new technology that will allow desk-riding senior cops to keep tabs on the location and activities of cops on the beat.

Apparently they don't like feeling like they're being watched. Some are concerned that innocent and lawful activities could be misinterpreted. Oh, and others are worried that information originally collected for safety and resource planning may be used for some other purpose. Pity.

Check it out:

Met Police officers to be 'microchipped' by top brass in Big Brother style tracking scheme the Daily Mail

Every single Metropolitan police officer will be 'microchipped' so top brass can monitor their movements on a Big Brother style tracking scheme, it can be revealed today.

According to respected industry magazine Police Review, the plan - which affects all 31,000 serving officers in the Met, including Sir Ian Blair - is set to replace the unreliable Airwave radio system currently used to help monitor officer's movements.

The new electronic tracking device - called the Automated Personal Location System (APLS) - means that officers will never be out of range of supervising officers.

But many serving officers fear being turned into "Robocops" - controlled by bosses who have not been out on the beat in years.

According to service providers Telent, the new technology 'will enable operators in the Service's operations centres to identify the location of each police officer' at any time they are on duty - whether overground or underground.

Although police chiefs say the new technology is about 'improving officer safety' and reacting to incidents more quickly, many rank and file believe it is just a Big Brother style system to keep tabs on them and make sure they don't 'doze off on duty'.

Some officers are concerned that the system - which will be able to pinpoint any of the 31,000 officers in the Met to within a few feet of their location - will put a complete end to community policing and leave officers purely at the beck and call of control room staff rather than reacting to members of the public on the ground.

Pete Smyth, chairman of the Met Police Federation, said: "This could be very good for officers' safety but it could also involve an element of Big Brother.

"We need to look at it very carefully."

Other officers, however, were more scathing, saying the new system - set to be implemented within the next few weeks - will turn them into 'Robocops' simply obeying instructions from above rather than using their own judgement.

One officer, working in Peckham, south London, said: "They are keeping the exact workings of the system very hush-hush at the moment - although it will be similar to the way criminals are electronically tagged. There will not be any choice about wearing one.

"We depend on our own ability and local knowledge to react to situations accordingly.

"Obviously we need the back up and information from control, but a lot of us feel that we will simply be used as machines, or robots, to do what we are told with little or no chance to put in anything ourselves."

He added: "Most of us joined up so we could apply the law and think for ourselves, but if Sarge knows where we are every second of the day it just makes it difficult."

Another officer, who did not want to be named, said: "A lot of my time is spent speaking to people in cafes, parks or just wherever I'm approached. If I feel I've got my chief breathing down my neck to make another arrest I won't feel I'm doing my job properly."

The system is one of the largest of its kind in the world, according to Telent, the company behind the technology, although neither the Met nor Telent would provide Police Review with any more information about exactly how the system will work or what sort of devices officers will wear.

Nigel Lee, a workstream manager at the Met, said: "Safety is a primary concern for all police forces.

"The area served by our force covers 620 miles and knowing the location of our officers means that not only can we provision resource more quickly, but should an officer need assistance, we can get to them even more quickly."

Forces currently have the facility to track all their officers through GPS devices on their Airwave radio headsets, but this is subject to headsets being up to date and forces buying the back office systems to accompany them, according to Airwave.

Steve Rands, health and safety head for the Met Police Federation, told Police Review: "This is so that we know where officers are. Let us say that when voice distortion or sound quality over the radio is lost, if you cannot hear where that officer telling you where he is, you can still pinpoint his exact position by global positioning system.

"If he needs help but you cannot hear him for whatever reason, APLS will say where he is."

B.C. introduces law governing access, privacy of electronic health records

British Columbia's government has just recently introduced legislation specifically tailored for privacy and access to electronic health records.

E-HEALTH STATUTE INCREASES PATIENT ACCESS AND PRIVACY

April 10, 2008

Ministry of Health

E-HEALTH STATUTE INCREASES PATIENT ACCESS AND PRIVACY

VICTORIA – A new e-Health (Personal Health Information Access and Protection of Privacy) Act introduced today moves British Columbia a step closer to the goal of giving citizens access to their health records and medical information, while strengthening privacy protection, said Health Minister George Abbott.

“This new e-Health legislation moves us forward in meeting our throne speech commitment to give citizens better access to their health records and medical information so they can engage in a more informed role in their own health-care choices,” said Abbott. “eHealth will give patients faster, safer and better health care by providing authorized health-care professionals with secure access to patients’ information to make the best and most timely clinical decisions.”

British Columbia is the first province in Canada to create a specific legislative framework governing access and privacy for electronic health information databases. While other provinces have access and privacy legislation governing personal health information, British Columbia will be going above and beyond the provisions of the Freedom of Information and Protection of Privacy Act with new legislation containing specific provisions to address access to information and protection of privacy of electronic health information.

“As e-Health information becomes a more widely accessible and used tool in our health-care system, we want to ensure British Columbia has a framework that allows for the most effective medical and health-research related use of electronic health database information,” said Abbott. “But we also have to ensure that the framework surrounding use of electronic health information is to the highest standards of privacy protection.”

Individuals will be able to block access to their own information in Health Information Banks from all health professionals, with the only overriding clause being in the case that the person is incapacitated in an emergency or with the person’s consent. Maximum fines for violations of the act have been increased from $2,000 under the Pharmacists, Pharmacy Operations and Drug Scheduling Act to $200,000 under the new act.

The act specifically prohibits disclosing information from electronic databases for market research, while creating a Data Stewardship Committee that will evaluate requests for the disclosure of data for health research or planning purposes.

The e-Health (Personal Health Information Access and Protection of Privacy) Act will also introduce legislative changes so medical researchers can approach individuals regarding health research studies, while respecting personal privacy and patient confidentiality. Individual requests by researchers to contact persons for health research from database information will require the specific approval of the Information and Privacy Commissioner.

“Patients and former patients can provide invaluable information in chronic disease research,” said Barbara Kaminsky, CEO of the Canadian Cancer Society. “Previously, researchers we fund could not even contact individuals who were willing to assist us in this vital work. Now we have a viable way to expand our research while respecting individual privacy.”

The Province recognizes that medical research and the privacy of British Columbians are equally important. The legislation will create an effective balance between individual rights and public responsibilities. It will also enable government to make objective decisions on the appropriate disclosure of health information for secondary purposes.

Amendments are also being made to the Pharmacists, Pharmacy Operations and Drug Scheduling Act to provide similar access, privacy and penalty provisions regarding PharmaNet. PharmaNet is internationally recognized as a world-class secure electronic network that protects patient safety. It protects patients from potentially dangerous medication errors, duplications and dangerous combinations of different medications. It records all prescriptions dispensed at B.C. community pharmacies in a central database and checks for interactions.

From the Canadian Press:

The Canadian Press: B.C. introduces law governing access, privacy of electronic health records

B.C. introduces law governing access, privacy of electronic health records

1 day ago

VICTORIA — British Columbians will soon be able to use their computers to view their health records, Health Minister George Abbott said Thursday after introducing legislation governing access and privacy for electronic health information databases.

British Columbia became the first province in Canada to create a legislative framework with specific provisions to address access and protection of electronic health information.

The e-Health Personal Health and Information Access and Protection of Privacy Act could eventually create paperless medical offices, allowing physicians to store information about patients on their computers as opposed to the banks of individual file folders in most offices, Abbott said.

"I'm pretty confident we got it right here," he said. "I'm very pleased with the balance with the legitimate access to personal information that a physician may require and the protection of the sanctity of those records that is so important to the patient."

The e-Health law gives medical researchers access to the electronic health database but ensures privacy, Abbott said.

Individuals can block access to the their own information in health data banks, except in cases where the person is incapacitated in an emergency or with the individual's consent.

Abbott said the new law prohibits disclosing information from electronic health databases for market research. The government will create a committee that evaluates requests for data for health research or planning purposes.

Maximum fines for violating the act have been will be $200,000.

The Opposition New Democrats said they want patient privacy ensured. They also said the act suffers from credibility issues.

Opposition health critic Adrian Dix wondered whether the bidding process for a $108 million contract for the software to store electronic medical records was tainted by alleged conflict of interest by a former top bureaucrat.

"The electronic medical records process is mired, unfortunately, in problems with the bidding process and problems with conflict of interest," he said. "We're talking about access to personal medical records and the credibility of that process is put in jeopardy."

The Health Ministry received a letter of concern about the bid process from an unnamed company whose bid for the electronic medical records contract was rejected.

And Dr. Tom Elliott, of Vancouver, went public with his concerns, saying his electronic records software met more than 95 per cent of the bid guidelines but didn't make the shortlist.

Other concerns involved the relationship between Ron Danderfer, a former assistant deputy minister of health, and Dr. Jonathan Burns, a Fraser Valley emergency room doctor and health contractor who developed and promoted a widely used health records device.

Danderfer and Burns were members of a steering committee overseeing the $108 million contract, aimed at getting the province's doctors on common software for medical records.

Only six companies were chosen to be involved and last year Burns listed one of the winning companies as a partner on his website.

The company, Wolf Medical, denied there had ever been a financial link between the two.

Abbott has said a government review found Danderfer was not involved in the selection or evaluation process for the health records project.

An internal government letter addressed to the Health Ministry from the Labour Ministry said last year the bid process was not influenced by Danderfer and Burns.

"While news media reports appear to link the Burns/Danderfer matter with the electronic medical record procurement, we can confirm that neither of these individuals were involved in evaluating proponent proposals or proponent software demonstrations and testing at any stage of the evaluation process," said the Nov. 7 letter from Richard Poutney, assistant deputy labour minister.

"We have not received any information that would link this matter to the electronic medical record procurement," it said.

In December, RCMP confirmed an investigation involving Danderfer while he was employed at the Health Ministry. The Mounties also asked the government to withhold results of an internal audit until their probe is complete.

Danderfer was placed on mandatory leave last July and retired last October after 35 years of service with the B.C. government.