Privacy in healthcare is an area of increasing importance as the need to access and use information for clinical decision making and health system management grows. Balancing the interests of key stakeholders including patients, providers, vendors, and legislators can be challenging. This Community is a space to share resources & connect with others interested in improvements within the realm of privacy in healthcare settings. (Note that since this is a public space, posting confidential information is not recommended). Browse our resources to see case studies, tools, and articles that might help generate some ideas for implementation within your organization. Share your thoughts and expertise, and ask questions to join the conversation – you can also upload additional resources here.

Healthcare Privacy Community of Innovation Terms of Reference - 2018

Privacy in Healthcare: Foundational Roadmap (contains links to all privacy-related content)

General information about communities of practice can be found below:

 
Welcome to the Community!
 

View All

Events

Privacy Community Meeting

Thursday, March 22, 2018 - 14:00 to 15:00

(Dial: +1 647 558 0588 Meeting ID: 349 641 9836) or click on the Zoom link at the meeting start time.

Interested in being added to the email distribution list?

Please email Erin Gilbart at ering@colleaga.org

Navigating the GDPR and Other International Privacy Laws

Wednesday, April 4, 2018 - 12:00 to 13:00

On May 25, 2018, the European General Data Protection Regulation (GDPR) comes into effect. Because the regulation is linked to international trade, it will have a global impact. This executive Briefing will focus on what Canadian established and start-up companies need to know about international privacy laws.

What are Communities of Practice?

Cultivating Communities of Practice: A Guide to Managing Knowledge - Seven Principles for Cultivating Communities of PracticeQuiz: You Might be a CoP If...Communities of Practice: The Art of Learning ...

Privacy Legislation in Health Care Home Page

 Privacy is crucial to the success of organizations in engendering trust from their users. Privacy laws set the ground rules for information management....

Health information sharing framework unveiled

If you want a say in how the government deals with health data interoperability, now's your chance.The Office of the National Coordinator for Health IT (ONC) has released draft rules for a health...

Privacy Horizon in the News!

Interesting read: https://medstack.co/blog/medstack-introduces-self-service-active-compliance-system-for-healthcare-app-companies/

Data Breach Exposed Medical Records, Including Blood Test Results, of Over 100 Thousand Patients

In the latest leak of sensitive medical records in the United States, lab test results and other patient files belonging to an estimated 150,000 Americans were unearthed online by security researchers...

Insider Threat Seriously Undermining Healthcare Cybersecurity

The healthcare industry's ability to defend against cyberthreats is being seriously undermined by its own workforce, according to two separate reports released this week.In an analysis of 1,...

How privacy policies affect genetic testing

Different types of privacy laws in U.S....

When verification is also surveillance - EVV devices could intrusively track Medicaid recipients

What would it feel like if you needed to verify your identity and physical location with your state government via a GPS-enabled biometric device every time you exercised a civil r...

Guidance for micro business owners under the new UK Data Protection Law and GDPR

 The UK Information Commissioner's Office ("ICO") issued guidance to micro business owners and sole traders under the new UK Data Protection Law (GDPR).The guidance and self-assessment tool provi...

Executive Briefing: European GDPR and Other International Privacy Laws

Navigating the GDPR and Other International Privacy Laws Wednesday, April 4, 2018 12:00 PM - 1:00 PM Live, Interactive, Online, via WebEx Registration Information: http://www.nihi.ca/index.php?MenuItemID=530

Sharing Best Practices Through Online Communities of Practice: Global Alliance for Pre-Service Education (GAPS)

...

Privacy Officer Job Description, Role and Responsibility

Key Questions: What role does a privacy officer play within an organization?...

Planning for Success: Privacy Impact Assessment Guide

Key Questions: What is a Privacy Impact Assessment (PIA)?...

Privacy Breach Protocol and Guidelines for Government Organizations

Key Questions: What is a privacy breach?...

Insider Threat Seriously Undermining Healthcare Cybersecurity

Two recent separate reports suggest insiders - of the malicious and careless variety - pose more of a problem in healthcare than any other sector. In an analysis of 1,368 security incidents at healthcare organizations in 27 countries, Verizon found that nearly six out of 10 (58%) security incidents involve insiders. That figure, according to Verizon, makes healthcare the only sector where internal actors pose the biggest threat to an organization's cybersecurity posture than external actors. See: Protected Health Information Data Breach Report http://www.verizon.com/about/news/new-report-puts-healthcare-cybersecurity-back-under-microscope http://www.verizonenterprise.com/resources/protected_health_information_data_breach_report_en_xg.pdf In an Accenture report based on a survey of 912 healthcare employees in the US and Canada, some 18% of the respondents — or nearly 1 in 5 — professed their willingness to sell confidential data to unauthorized thirds parties for as little as between $500 and $1,000. Among the malicious activity they were willing to peform: sell login credentials, download data to portable drives, and install tracking software on business systems. 24% actually know someone in their organization who had sold their access credentials to an unauthorized third-party. The willingness to sell confidential data was more pronounced among respondents from provider organizations (21%), compared to those in payer organizations (12%) US organizations in particular appear to be struggling more with security issues than counterparts in other regions of the world. See: https://www.accenture.com/us-en/blogs/blogs-losing-cybersecurity-culture-war https://newsroom.accenture.com/news/one-in-five-health-employees-willing-to-sell-confidential-data-to-unauthorized-parties-accenture-survey-finds.htm

Conducting Privacy Impact Assessments Code of Practice (EU)

Key Questions: How do I conduct a PIA? What is the proper procedure for conducting a PIA?...

Current situation... A client we are working with (small independent pharmacy transferring data to a new health record system) asked us whether a PIA might be appropriate.
Where I want to go... What is a Privacy Impact Assessment? (PIA)
Help I'm looking for... I am responsible for figuring out what a privacy impact assessment is and how it might help our organization.

What is a Privacy Breach?

What is a Privacy Breach?A privacy breach occurs when there is unauthorized access to collection, use or disclosure of information....

Subject access code of practice - Dealing with requests from individuals for personal information (EU)

Key Questions: What do I when faced with a subject access/personal information request?...

Guidance on Data Security Breach Management (EU)

Key Questions: What do I do in the case of a Privacy Breach?...

App Developer’s Guide to Privacy and Security Workshop

Registration Information: http://www.nihi.ca/index.php?MenuItemID=507

Maintaining PHI Security with Specialized mHealth App Usage

Maintaining PHI Security with Specialized mHealth App UsageSecure messaging has the potential to aid groups of patients in receiving proper care, but PHI security cannot be overlooked in the process.S...

Privacy Impact Assessment

 Planning for Success: Privacy Impact Assessment Guide The Importance of Security Awareness Training ​Privacy Impact Assessment ComponentsExecutive SummaryThe Executive Summary provides a brief d...

Healthcare Privacy Legislation in Canada

 Privacy Issues and Technology in Healthcare OrganizationsInformed Consent: Express or Implied Consent?Personal Health Information and ConsentThe Privacy ActThe Privacy Act came into effect in 19...

The Personal Information Protection And Electronic Documents Act ("PIPEDA") in Canada

 What is Personal Information?PIPEDA was put in place to protect the personal information of every individual....

General United States of America Privacy Laws

 Overview of Privacy ActsElectronic Communications Privacy Act of 1986 - 18 U.S....

The Health Insurance Portability and Accountability Act (HIPAA)

 Privacy Legislation in Health CareHealthcare Privacy Legislation in the USA The Health Insurance Portability and Accountability Act (HIPAA) The five main sections of HIPAA are as ...

The Privacy and Security Gaps in Health Information Exchanges

Key Questions: What are the privacy and security gaps in HIE? How can we protect our personal health information?...

Informed Consent: Express or Implied Consent?

 Express consent is valid consent given in writing or orally.[1]  Express consent is when the patient directly communicates their positive and explicit consent to the doc...

HHS Privacy and Security Framework Principles

 ResponsibilitiesHHS is responsible for almost a quarter of all federal outlays and administers more grant dollars than all other federal agencies combined....

A Guide to the Personal Health Information Protection Act

Key Questions: What is the Personal Health Information Protection Act?...

HIPAA Privacy and Security Training: Short Guide

Key Questions: What are the required elements of proper Health Information Protection and Accountability Act (HIPAA) training?This guide provides an overview of the extensive HIPAA training requiremen...

Preparing for the General Data Protection Regulation (GDPR) - 12 Steps to Take Now

Key Questions: How do I prepare for the General Data Protection Regulation (GDPR)?...

Checklist Guidance for Reporting, Managing and Investigating Information Governance and Cyber Security Serious Incidents Requiring Investigation (UK)

Key Questions: What kind of data breaches could occur in my organization?...

Privacy in the Clouds: A White Paper on Privacy and Digital Identity: Implications for the Internet

Key Questions: How do I practice privacy while using a cloud-based system?...

Security Issues in Healthcare Applications Using Wireless Medical Sensor Networks: A Survey

Key Questions: What are some security risks in healthcare applications?...

Informed Consent Form: Instructions and Template

Key Questions: Why do I need to use an Informed Consent Form?...

The Startup's Quick Guide to Privacy

Key Questions: What is privacy? What privacy laws apply to my organization? How do I ensure my organization practices proper privacy?“Innovation” is the rallying cry of our time....

Guide to Undertaking Privacy Impact Assessments

Key Questions: What are Privacy Impact Assessments?...

About The Information Governance (IG) Toolkit

Key Questions: What is the IG Toolkit? What is information governance?...

Guide to Privacy and Security of Electronic Health Information in the United States

Key Questions: What is my organization's role in ensuring privacy and security of health information in the United States?...

Privacy Toolkit for Businesses

Key Questions: How can my organization implement privacy policies that meet federal obligations and provide a competitive advantage?...

Security Risk Assessment Tool

Key Questions: What is a security risk assessment? What steps should be undertaken?...

Toolkit for Custodians: A Guide to the Personal Health Information Act

Key Questions: Who are custodians of personal health information?...

Mobile Devices in the Workplace

Key Questions: What are the risks in using mobile devices in the workplace?...

Consent Management Implementation Guide

Key Questions: How can I augment my organization's consent management practices to support PHIPA compliance?This Guide was originally intended for health service providers involved in the implementati...

Improving BC's Health Information Management Staff Privacy Training and Compliance Program

Health Information Management (HIM) is a part of the Lower Mainland Consolidation initiative that took place on August 5, 2011, where all HIM staff at Providence Health Care, Fraser Health, Provincial...

HIPAA Enforcement Guide

Key Questions: How is the U.S....

Cloud Risk— 10 Principles and a Framework for Assessment

Key Questions: What is the risk associated with migrating to cloud computing? This tool highlights the ten principles of cloud computing risk and provides a framework for assessing the risk ...

Personal Health Information: A Practical Tool for Physicians Transitioning from Paper-Based Records to Electronic Health Records

Key Questions: How can physicians effectively transition from paper-based records to Electronic Health Records?...

Privacy Impact Assessment Threshold Assessment

Key Questions: What is a Privacy Impact Assessment Threshold Assessment?...

Personal Health Information and Consent

 Privacy Issues & Technology in Healthcare OrganizationsUnderstanding ConsentOne of the most important aspects of privacy is the concept of consent....

Healthcare Privacy Legislation in the USA

 Privacy Legislation in Health CareThe Health Insurance Portability and Accountability Act (HIPAA)​HHS Privacy and Security Framework PrinciplesGeneral Privacy LawsAn overview of the various priv...

Privacy by Design Principles

 Consent Management in Health Care PrivacyPatient Privacy, Consent, and Identity Management in Health Information ExchangePrivacy by Design Principle StrategiesProactive, not Reactive:The Pr...

N.W.T. Health Information Act too complicated, should be simplified, says privacy commissioner

The privacy commissioner is calling on the N.W.T....

Healthcare Privacy Legislation in the European Union

 General Data Protection Regulation (GDPR)The General Data Protection Regulation (GDPR) will be effective as of May 25th 2018....

To Protect Genetic Privacy, Encrypt Your DNA

IN 2007, DNA pioneer James Watson became the first person to have his entire genome sequenced—making all of his 6 billion base pairs publicly available for research. Well, almost all of them....

NHS staff breaking data security policies every day with WhatsApp

A new report has landed that reveals everyday healthcare professionals across the NHS are knowingly putting sensitive patient data at risk – not through malice, but necessity.CommonTime published ‘Ins...

Privacy experts alarmed as Amazon moves into the health care industry

Amazon.com on Tuesday announced a joint partnership with Berkshire Hathaway and JP Morgan to create an independent health-care company for their employees, putting an end to months of speculation...

How to opt out of Australia's e-health record scheme

The federal government has released guidance on how Australians will be able opt out of having a personal electronic health record created under the country's My Health Record scheme.It ends a pe...

The UK Information Commissioner's Office ("ICO") has issued guidance to micro business owners and sole traders under the new UK Data Protection Law

 Developing a compliance strategy considerations:applicability: micro-businesses with fewer than 10 staff will have to follow the new data protection rules as of May 25, 2018. reco...

Study: Many health apps insecure, do not conform to EU privacy requirements

 Data from a recent analysis suggest that a substantial number of popular health apps have major privacy and security shortcomings, with many not following standard practices and upcoming Europea...

Wearable Computing: Challenges and Opportunities for Privacy Protection

Key Questions: What are the privacy risks associated with wearable technology?...

Sample Privacy Policy

Key Questions: What is a privacy policy? What are the components of an effective policy?...

The Importance of Security Awareness Training

Key Questions: What is security awareness training?...

The Essentials of a Privacy Breach Management Protocol

Key Questions: What are the obligations of my organization under Canada's Personal Health Information Protection Act? How can my organization develop a privacy breach management protocol?...

Consent Management in Health Care Privacy

 The Personal Information Protection and Electronic Documents ActThe Personal Information Protection and Electronic Documents Act (PIPEDA) is the federal privacy law for private-sector ...

Privacy & Security Requirements and Considerations for Digital Health Solutions

Key Questions: What are the privacy and security requirements for digital health solutions? This document is an evolution of the original Electronic Health Record (EHR) Privacy Security Requireme...

Current situation... Our company is designing an app for a hospital to monitor patient’s medical conditions after they have been discharged.
Where I want to go... What privacy legislation applies to me?
Help I'm looking for... I am looking information on privacy legislation applicable to my organization.

Guide to Data Protection (EU)

Key Questions: What are data protection principles?...

Guide to Privacy and Electronic Communications Regulations (EU)

Key Questions: What are The Privacy and Electronic Communications Regulations (PECR)?...

The Eighth Data Protection Principle and International Data Transfers (EU)

Key Questions: How do I prepare for an international data transfer?...

Unaddressed Privacy Risks in Accredited Health and Wellness Apps: A Cross-Sectional Systematic Assessment

Key Questions: What are some privacy risks in health apps? How do I implement privacy in my health apps? Poor information privacy practices have been identified in health apps....

Country-Specific Guidelines for Conducting a Privacy Impact Assessment

Planning for Success: Privacy Impact Assessment GuidePrivacy Impact AssessmentPrivacy Impact Assessment Threshold AssessmentAustraliaIn Australian healthcare, the Guide to undertaking Privacy Impact A...

Who are Covered Entities?

 The Healthcare Insurance Portability and Accountability Act (HIPAA)Healthcare Privacy Legislation in USA​HIPAA Enforcement GuideCovered EntitiesResearchers are covered entities if they are also ...

Healthcare Privacy Community of Innovation Terms of Reference - 2018

 Name: The official name is the Healthcare Privacy Community of Innovation Structure: The community will consist of a core team of 6 members and a general voluntary membership for anyon...

Xcertia's New Guidance Documents for Mobile Health Apps

About XcertiaXcertia is a joint mHealth app collaborative effort pioneered by the American Medical Association (AMA), American Heart Association (AHA), DHX Group and Healthcare Information and Ma...

The 5 A's of Security

The 5 A'sAuthenticationAuthorizationAccess to DataAudit PoliciesAccountabilityAuthenticationAuthentication is the process of proving that a user (or a system) that is requesting access is really who (...

Privacy Issues & Technology in Healthcare Organizations

  Addressing and implementing privacy controls and practices can be achieved through the following:Understand privacy, security and confidentiality;Define privacy and security requirements;&...

OpenHIE Privacy and Security

Key Questions: What privacy and security framework can be used to protect health information?...

What Privacy Risks are Associated with mHealth Technologies?

 What is mHealth Technology?mHealth refers to mobile technologies which have the ability to monitor the user's health....

EU Draft Code of Conduct on Privacy for Mobile Health Applications

The ubiquity of smart phones, tablets, sensors, wearables, personal trackers and similar wireless smart devices means that huge volumes of data concerning health, fitness, life-style, stress and sleep...

HHS Launches Revised HIPAA Breach Reporting Tool

Key Questions: What is the HIPAA Breach Reporting Tool?...

A Guide to the Substitute Decisions Act

Key Questions: What is the Substitute Decisions Act?...

Guide to the General Data Protection Regulation (GDPR)

Key Questions: Who and what does the General Data Protection Regulation (GDPR) apply to?...

Ethics Conflicts in Rural Communities: Privacy and Confidentiality

Key Questions: What are some ethical challenges in rural communities? How do these challenges occur?...

Thinking About Clouds? Privacy, Security and Compliance Considerations for Ontario Public Sector Institutions

Key Questions: What are some risks with using Clouds?...

Circle of Care Sharing Personal Health Information for Health-Care Purposes

Key Questions: What is meant by the term "Circle of Care"? When is consent implied?...

Express Consent Versus Implied Consent

Key Questions: What is Express Consent? What is Implied Consent?...

Privacy by Design: Enabling Digital Disruption

Key Questions: What is Privacy by Design? What are the principles of Privacy by Design?...

Practice Guideline: Consent

Key Questions: What are the guidelines for obtaining consent? How do I practice consent in my organization? Health care providers have ethical and legal obligations for obtaining consent....

Simple Agreement for Future Equity (SAFE): Cap, no Discount

Key Questions: What is a SAFE with a valuation cap and no discount rate?...

Frequently Asked Questions: Personal Health Information Protection Act

Key Questions: What is the Personal Health Information Protection Act?...

Privacy Management Plan Template - Australia

Key Questions: What is a privacy management plan? How can it help my organization meet legal requirements in Australia?...

Sample HIPAA Confidentiality Agreements for Medical Practice Vendors

Key Questions: What components should be included in a Confidentiality Agreement between medical practices and vendors in order to be HIPAA compliant? With the HIPAA Omnibus Rule requiring greate...

What to do When Faced With a Privacy Breach: Guidelines for the Health Sector

Key Questions: What is a privacy breach? How should my organization proceed when faced with a privacy breach?...

A Guide for Individuals Protecting Your Privacy

Key Questions: What are the laws with respect to information privacy in Canada? What are my rights with respect to information privacy?...

Security and Privacy Issues Related to the Use of Mobile Health Apps

Key Questions: What privacy risks are associated with the use of popular mobile health apps?...

Thank you @FredCarter for this interesting and helpful contribution!

https://www.colleaga.org/article/maintaining-phi-security-specialized-mhealth-app-usage

Guidelines for the Health Sector (Ontario): Reporting a Privacy Breach

Key Questions: Under which circumstances should a privacy breach be reported? This tool provides an overview of situations in which the Information and Privacy Commissioner of Ontario should...

Sample Consent Form to Disclose Personal Health Information

Key Questions: What are the required elements of a consent form to disclose Personal Health Information?This tool provides a template and overview of what goes into a Consent Form to Disclose Per...

What is Privacy Engineering?

Key Questions: What is privacy engineering?...

EU Guidance: A systematic approach for assessing online and mobile privacy tools

Key Questions: How can online and mobile privacy tools be effectively assessed?This tool provides a detailed guide to assessing Privacy Enhancing Technologies and is in compliance with the updated&nbs...