The audience laughed when Ontario Information and Privacy Commissioner Ann Cavoukian said she got called on a weekend over a major privacy breach. “I don’t know how they got my home number,” she said teasing.
Cavoukian rushed downtown to Toronto’s Wellington Street to find thousands of patient health records strewn around as part of a set for a mini-series on 9/11. The production company had asked a recycling company to provide some paper for the scene. That they did.
Upon investigation, Cavoukian found that the health care provider had made an error, sending the documents to recycling instead of shredding.
After her story she said it was the CBC who tipped her off and that she had voluntarily given her number to the reporter. No breach after all.
The story was one of many as Cavoukian spoke October 25 at the Longwood’s Breakfast with the Chiefs forum at the University of Toronto.
Cavoukian says that you can avoid privacy by disaster by following privacy by design – by building systems intentionally with security in mind.
The Commissioner noted the consequences of such breaches, including an institutional loss of trust. She says when she is invited to speak in the United States, she is told of patients who are reluctant to seek treatment because of the risk of the details affecting their health insurance policy or their employment. Breaches of privacy can lead patients to suffer discrimination, stigmatization, economic and psychological harm.
Cavoukian understands first-hand the dual and seemingly contradictory necessity of keeping health records private and having them readily accessible when a patient is admitted to an emergency room.
The Commissioner “chose to disclose” some of her own health issues, including her own transfer between hospitals that didn’t include an existing “scan” necessary for her surgery. Without electronic access to these records, her surgery was delayed for 12 hours, leaving her in considerable pain.
She says that when in ER the last thought on her mind is privacy of her records.
Despite the potential for security breaches, she says that she still supports electronic health records and has taken “a lot of flack” for saying so. However, she says she e-Health has been “floating for years” and is “not pleased with the lack of attention to privacy.”
While there are costs to encryption and de-identifying patient data, it is not nearly as costly as a privacy breach. Cavoukian says the cost of a data breach is estimated to be $214 per record. When you look at breaches that involve thousands of records, this can be very expensive.
The Commissioner says that leading causes of privacy breaches are insecure disposal of records (shred, don’t recycle); theft and loss of unencrypted data on mobile devices, such as laptops and USB keys (data should never been transferred unencrypted or de-identified); and unauthorized access to records, such as health care workers accessing the health files of their ex-spouse.
It is also not good enough to have a privacy policy without it being “operationalized.” She noted the example of a clerk who thought that zipping a file was the same thing as encrypting a file. Zipping simply condenses data, it doesn’t encrypt it. The example suggests that information holders need to train staff to keep patient records secure.
Cavoukian specifically wanted to debunk the myth that de-identified data used for health research can be easily re-identified. She says it is very difficult. She points to a colleague who was asked to de-identify information as part of a data mining competition among some of the best experts in the world. Her colleague won that competition, the experts unable to re-identify the information.
Developing good information security is a win/win proposition. Cavoukian notes that research data can actually be enhanced when users are confident that their identities will be kept secure.
To access the Information and Privacy Commission web site, click here.
OPSEU Diablogue 
Cavoukian makes a good point about the challenge of the double edged sword that privacy presents in the health care sector today. A good example is Peterborough Regional Health Center where numerous employees have been terminated in the last year. This has resulted in a work force terrorized at the prospect of being terminated for trivial breaches that were common place recently. For example a patient’s family calls up to check on a family member or even acknowledging a patient is in the facility can lead to losing one’s job. This and numerous other examples have a stifling effect of the flow of information that is to the detriment of both patients and front line health care workers. The other flip side to Cavoukian’s concerns and the price tag is the institutional harm to employee relations that result from alleged privacy breaches. Low morale and loss of productivity by health care workers who are fearful of losing their jobs is far in excess of the amounts contemplated by Cavoukian in her speech. Some health information custodians have decided to use privacy breaches to terminate employees to cover up their substandard education in patient privacy and mitigate legal exposure. Peterborough Regional Health Center is once again a prime example of this, and the worst offender in Ontario to date, as a class action initiative by patients may proceed and the sheer number of terminated employees speaks volumes to their abject failure in this regard.