Privacy in Healthcare: Foundational Roadmap

Executive Summary

The need to access and use information for clinical decision making and health system management is an ongoing challenge. As part of Colleaga's Innovation Community, this roadmap is a repository of resources forroadmap is a repository of resources for those interested in improvements for privacy and security in healthcare settings. This article contains links to all our privacy and security-related content and will be updated as new information becomes available. You can use it as a starting place to access other articles, tools and case studies, or you can use the search box by typing in keywords associated with content you are looking for.



Privacy Legislation in Healthcare Home Page

Canada - There are numerous laws in Canada that relate to privacy. There are also various organizations and agencies responsible for overseeing compliance with these laws both federally and provincially.

USA -  One of the main pieces of legislation in the United States is the Health Insurance Portability and Accountability Act

United Kingdom/EU - The EU is enforcing the General Data Protection Regulation as of May 15, 2018, which replaces the Data Protection Act. The United Kingdom must oblige to the GDPR as it is being passed prior to the execution of Brexit.

Privacy Assessment

PIA (Privacy Impact Assessment) - A Privacy Impact Assessment is an analysis of how personal information is collected, used, and maintained.

Security Assessment - A security assessment is used to assess the current security posture of an information system or organization. The assessment may also provide recommendations for improvement.

Privacy Managment

General Content

Privacy by Design/Engineering - Privacy by Design is an approach that promotes privacy assurance as a key component of an organization's structure.

Security Training - Training your employees on all aspects of security and privacy is important to ensure that they know how to abide by the laws and stop any potential threats.

Consent - The concept of consent is related directly to privacy. Individuals have the right to control information about themselves in regards to distribution, and accessibility among other factors.

Personal Health Information - Personal Health information is a health record where data is collected and used to identify patients.

Mobile Devices/Cloud - With technology on the rise, it is important to remember the risk associated with its usage. Healthcare applications pose various risks in the privacy and secruity realm.

Risk Managment - Risk management strategies are used to identify and evaluate potential risks to ensure that all data remains safe.

Privacy Breaches -  A privacy breach is when there is unauthorized access to an individual's personal information.