The audience laughed when Ontario Information and Privacy Commissioner Ann Cavoukian said she got called on a weekend over a major privacy breach. “I don’t know how they got my home number,” she said teasing.
Cavoukian rushed downtown to Toronto’s Wellington Street to find thousands of patient health records strewn around as part of a set for a mini-series on 9/11. The production company had asked a recycling company to provide some paper for the scene. That they did.
Upon investigation, Cavoukian found that the health care provider had made an error, sending the documents to recycling instead of shredding.
After her story she said it was the CBC who tipped her off and that she had voluntarily given her number to the reporter. No breach after all.
The story was one of many as Cavoukian spoke October 25 at the Longwood’s Breakfast with the Chiefs forum at the University of Toronto.
Cavoukian says that you can avoid privacy by disaster by following privacy by design – by building systems intentionally with security in mind.
The Commissioner noted the consequences of such breaches, including an institutional loss of trust. She says when she is invited to speak in the United States, she is told of patients who are reluctant to seek treatment because of the risk of the details affecting their health insurance policy or their employment. Breaches of privacy can lead patients to suffer discrimination, stigmatization, economic and psychological harm.
Cavoukian understands first-hand the dual and seemingly contradictory necessity of keeping health records private and having them readily accessible when a patient is admitted to an emergency room.
The Commissioner “chose to disclose” some of her own health issues, including her own transfer between hospitals that didn’t include an existing “scan” necessary for her surgery. Without electronic access to these records, her surgery was delayed for 12 hours, leaving her in considerable pain.
She says that when in ER the last thought on her mind is privacy of her records.
Despite the potential for security breaches, she says that she still supports electronic health records and has taken “a lot of flack” for saying so. However, she says she e-Health has been “floating for years” and is “not pleased with the lack of attention to privacy.”
While there are costs to encryption and de-identifying patient data, it is not nearly as costly as a privacy breach. Cavoukian says the cost of a data breach is estimated to be $214 per record. When you look at breaches that involve thousands of records, this can be very expensive.
The Commissioner says that leading causes of privacy breaches are insecure disposal of records (shred, don’t recycle); theft and loss of unencrypted data on mobile devices, such as laptops and USB keys (data should never been transferred unencrypted or de-identified); and unauthorized access to records, such as health care workers accessing the health files of their ex-spouse.
Cavoukian specifically wanted to debunk the myth that de-identified data used for health research can be easily re-identified. She says it is very difficult. She points to a colleague who was asked to de-identify information as part of a data mining competition among some of the best experts in the world. Her colleague won that competition, the experts unable to re-identify the information.
Developing good information security is a win/win proposition. Cavoukian notes that research data can actually be enhanced when users are confident that their identities will be kept secure.
To access the Information and Privacy Commission web site, click here.