The need to access and use information for clinical decision making and health system management is an ongoing challenge. The Healthcare Privacy Community is a space to share resources & connect with others interested in improvements for privacy and security in healthcare settings. This article contains links to all our privacy and security-related content and will be updated as new information becomes available. You can use it as a starting place to access other articles, tools and case studies, or you can use the search box by typing in keywords associated with content you are looking for.
Missing something? Please join the conversation in the Community space by asking questions and making suggestions for how we can improve our resources in this area.
Canada - There are numerous laws in Canada that relate to privacy. There are also various organizations and agencies responsible for overseeing compliance with these laws both federally and provincially.
- Healthcare Privacy Legislation in Canada
- The Personal Information Protection And Electronic Documents Act ("PIPEDA") in Canada
- Toolkit for Custodians: A Guide to the Personal Health Information Act
- Frequently Asked Questions: Personal Health Information Protection Act (Ontario)
- A Guide to the Substitute Decisions Act
- A Guide to the Personal Health Information Protection Act (Ontario)
- Case Study: Improving BC's Health Information Management Staff Privacy Training and Compliance Program
USA - One of the main pieces of legislation in the United States is the Health Insurance Portability and Accountability Act.
- Healthcare Privacy Legislation in the USA
- General United States of America Privacy Laws
- Guide to Privacy and Security of Electronic Health Information in the United States
- HIPAA Enforcement Guide
- HIPAA Privacy and Security Training: Short Guide
- HHS Launches Revised HIPAA Breach Reporting Tool
- Sample HIPAA Confidentiality Agreements for Medical Practice Vendors
- HHS Privacy and Security Framework Principles
- Who are Covered Entities?
United Kingdom/EU - The EU is enforcing the General Data Protection Regulation as of May 15, 2018, which replaces the Data Protection Act. The United Kingdom must oblige to the GDPR as it is being passed prior to the execution of Brexit.
- EU Draft Code of Conduct on Privacy for Mobile Health Applications
- Guide to the General Data Protection Regulation (GDPR)
- EU Guidance: A systematic approach for assessing online and mobile privacy tools
- Preparing for the General Data Protection Regulation (GDPR) - 12 Steps to Take Now
- Guide to Privacy and Electronic Communications Regulations (UK)
- Guide to Data Protection (UK)
- Checklist Guidance for Reporting, Managing and Investigating Information Governance and Cyber Security Serious Incidents Requiring Investigation (UK)
- Subject access code of practice - Dealing with requests from individuals for personal information (UK)
- Conducting Privacy Impact Assessments Code of Practice (EU)
PIA (Privacy Impact Assessment) - A Privacy Impact Assessment is an analysis of how personal information is collected, used, and maintained.
- Country-Specific Guidelines for Conducting a Privacy Impact Assessment
- Privacy Impact Assessment
- Planning for Success: Privacy Impact Assessment Guide
- Privacy Impact Assessment Threshold Assessment
- Guide to Undertaking Privacy Impact Assessments
Security Assessment - A security assessment is used to assess the current security posture of an information system or organization. The assessment may also provide recommendations for improvement.
Privacy by Design/Engineering - Privacy by Design is an approach that promotes privacy assurance as a key component of an organization's structure.
- Privacy by Design Principles
- Privacy by Design: Enabling Digital Disruption
- What is Privacy Engineering?
Security Training - Training your employees on all aspects of security and privacy is important to ensure that they know how to abide by the laws and stop any potential threats.
- The 5 A's of Security
- The Importance of Security Awareness Training
- Privacy Officer Job Description, Role and Responsibility
Consent - The concept of consent is related directly to privacy. Individuals have the right to control information about themselves in regards to distribution, and accessibility among other factors.
- Consent Management in Health Care Privacy
- Informed Consent: Express or Implied Consent?
- Practice Guideline: Consent
- Consent Management Implementation Guide
- Express Consent Versus Implied Consent
- Informed Consent Form: Instructions and Template
Personal Health Information - Personal Health information is a health record where data is collected and used to identify patients.
- Personal Health Information and Consent
- Circle of Care Sharing Personal Health Information for Health-Care Purposes
- Sample Consent Form to Disclose Personal Health Information
- A Guide for Individuals Protecting Your Privacy
Mobile Devices/Cloud - With technology on the rise, it is important to remember the risk associated with its usage. Healthcare applications pose various risks in the privacy and secruity realm.
- Security and Privacy Issues Related to the Use of Mobile Health Apps
- Mobile Devices in the Workplace
- Security Issues in Healthcare Applications Using Wireless Medical Sensor Networks: A Survey
- Maintaining PHI Security with Specialized mHealth App Usage
- Thinking About Clouds? Privacy, Security and Compliance Considerations for Ontario Public Sector Institutions
- Privacy in the Clouds: A White Paper on Privacy and Digital Identity: Implications for the Internet
- Cloud Risk— 10 Principles and a Framework for Assessment
- Privacy & Security Requirements and Considerations for Digital Health Solutions
- Study: Many health apps insecure, do not conform to EU privacy requirements
Risk Managment - Risk management strategies are used to identify and evaluate potential risks to ensure that all data remains safe.
- Privacy Issues & Technology in Healthcare Organizations
- Unaddressed Privacy Risks in Accredited Health and Wellness Apps: A Cross-Sectional Systematic Assessment
- Wearable Computing: Challenges and Opportunities for Privacy Protection
- Ethics Conflicts in Rural Communities: Privacy and Confidentiality
Privacy Breaches - A privacy breach is when there is unauthorized access to an individual's personal information.
- What is a Privacy Breach?
- The Essentials of a Privacy Breach Management Protocol
- Guidelines for the Health Sector (Ontario): Reporting a Privacy Breach
- Privacy Breach Protocol and Guidelines for Government Organizations
- What to do When Faced With a Privacy Breach: Guidelines for the Health Sector
- Guidance on Data Security Breach Management (EU)
- The Eighth Data Protection Principle and International Data Transfers (EU)