Privacy+Risk

=Privacy Risk=

The best understood risks in the eHealth domain are those associated with information privacy. Over the past two decades legislators in many countries have enacted Privacy Legislation mandating data protection and enshrining the privacy rights of individuals. Much of this legislation is based on fair information practices. Fair information practices are defined in national and international standards including the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (International), the CSA Model Code for the Protection of Personal Information (Canada), and National Privacy Principles (Extracted from the Privacy Amendment (Private Sector) Act 2000) (Australia).

=Information Privacy=

Information privacy refers to the right of an individual to control the collection, use and disclosure of his or her personal information (PI) and personal health information (PHI). This right is given effect by fair information practices which includes knowledgeable and informed consent, identified purposes for the collection use and disclosure of PI, openness in information handling practices, access to PI and correction of inaccurate data. The right to privacy is not an absolute right. Most privacy legislation defines exceptions where PI may be collected, used and disclosed without the individual's consent. Such exceptions include issues of public health and safety and law enforcement,.

=eHealth Privacy Risks=

eHealth is subject to four major privacy risks, which can be sub-divided into many sub-risks as described in the table below.


 * ===Risk=== || ===Examples=== ||
 * Unauthorized Collection || * Staff member collecting information from patients for a personal research project not approved by the organization
 * Staff member who threatens to deny or cut off health services to the patient unless information is provided
 * Staff member collecting PHI from 3rd parties without patient consent ||
 * Unauthorized Use || * Staff member browsing the files of VIPs, family members or friends
 * Staff member using information for personal research project not approved by the organization ||
 * Unauthorized Disclosure || * Attack of information system by hackers
 * Identity theft
 * Social engineering of staff (i.e. staff conned into disclosing PHI to someone masquerading as someone with a legitimate right to the information)
 * Portable computing devise (e.g. laptop computer, PDA) lost or stolen
 * Staff coerced or blackmailed into releasing PHI ||
 * Denial of Patient Rights || * Staff threatening to withhold services unless information or consent is provided
 * Refusing a patient access to their PHI
 * Ignoring patient complaints or taking an unreasonable length of time to address complaints. ||

The term //unauthorized// should be interpreted in its broadest sense to include anything that is not authorized. This will include accidental, illegal, malicious and all other forms of unauthorized collection, use and disclosure. Denial of patient rights refers to any threat to the ability of the patient to exercise any right under national or international standards or privacy legislation.

=Privacy Impact Assessment=

Privacy risk is assessed with a tool called the Privacy Impact Assessment (PIA). The PIA is usually applied when a new system or program is initiated, or when there is a significant change in the environment.

Privacy Impact Assessment is an iterative process that takes place throughout the lifecycle of a new system or program. Reports are often issued at two stages. The first is called the preliminary or conceptual PIA, and is conducted at the earliest stage of the project. The conceptual PIA will address the major policy and business issues that must be considered as the project progresses. The next report is often released after the design phase is complete but before implementation and addresses privacy functionality, business processes, operating procedures and implementation issues such as user training.

The components of an eHealth PIA are:

• A detailed description of the scope of the eHealth program and the environment into which it will be implemented; participants; relevant legislation, policy and standards; • A dataflow analysis including a business flow diagram and description and a detailed data flow diagram and table; • A privacy analysis – consideration of each of the fair information practice principles and their application to the eHealth program; • A privacy risk management plan including the identification of privacy risks and recommendations for risk mitigation; and • A communications strategy to communicate essential information to stakeholders.

=Other Privacy Subjects of Interest:=

Lock Box OCAP - Ownership, Control, Access and Possession - Collective privacy rights for First Nations communities. iEHR Privacy