#CyberFLASH: Most health data breaches go unreported

1297754920123_ORIGINALApproximately 3,000 privacy breaches occur at B.C.’s eight major health authorities every year — but due to the lack of legislated requirements to report, less than 1% of those cases are ever heard by the B.C. Office of the Information and Privacy Commissioner.

According to an examination conducted by the OIPC, the vast majority of the breaches are due to human error — for things like lost files or misdialed faxes — but these mistakes are also coupled with the fact that most health authorities don’t properly train staff on privacy issues.

For example, at Providence Health Care, the OIPC reported employees didn’t always finish training and the privacy officer “stopped following up.”

Interior Health, which tracks training completion, said only 10% of its staff had completed a 10-minute online module on privacy.

All health authorities require their staff to sign a confidentiality agreement to work, but it’s questionable if that alone works as there are still cases of staff inappropriately checking the files of VIPs or people they know, or posting to social media images or information on their patients, the report found.

“In most other jurisdictions in Canada in the health sector there’s a legal duty to report serious breaches to the commissioner and to affected individuals — we don’t have that legislated requirement in British Columbia,” said Elizabeth Denham, B.C. privacy commissioner.

“If there’s a legal requirement to disclose and there’s more transparency, that drives attention and focus on better security practices.”

Read more here

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.