Privacy complaints against Ontario healthcare bodies reach record high

The provincial government has reported a record-breaking spurt in privacy complaints against the healthcare and public sectors last year.

However, at least one Canadian analyst is not ready to cast the first stone against these institutions.

Privacy Commissioner Ann Cavoukian has reported in her 2006 Annual Report that the number of privacy complaints filed under public sector privacy laws has reached 170 in 2006, the highest in the last nine years.

Similarly, privacy-related complaints under the Personal Health Information Protection Act reached 183 in 2006, also a record high.

The high numbers, however, are likely due to the increasing volume of digital information being created today, rather than a shortcoming on the part of the government, according to James Sharp, vice-president of customer segments research at IDC Canada.

“I really think it’s just the sum total of the number of transactions and the amount of management that is causing incremental leakage of personal and private data,” said Sharp.

And the probability of more data leakage increases as the world’s creation of digital data accumulates, he added. An IDC published study showed an impending information overload in the digital realm.

The study indicated the amount of digital information created globally between 2006 and 2010 will increase from 161 exabytes to 988 exabytes. One exabyte is equivalent to about one billion gigabytes.

It is, therefore, inevitable that as more information becomes digitized the likelihood of that data being subjected to unauthorized exposure becomes greater, said Sharp. The key, he added, lies in assessing the threat and the risks of such data leakages.

“The biggest issue isn’t just amassing the data, but its appropriate disclosure,” the analyst noted.

“As we amass more and more information two things are going to happen: one, we will have more information leaks, and two, we are going to have a much more focused effort on continuing to create compensating controls around those privacy losses.”

The issues around privacy protection are even more challenging in the healthcare sector, Sharp added, particularly as provinces move towards regionalized healthcare.

Those previously working under an autonomous set up – where one group is responsible for only one area of healthcare – are now forced to collaborate and share information as provincial healthcare becomes more regionalized.

This presents more of a business process challenge than a technological one, said Sharp.

He said challenges around privacy protection also remain the biggest barrier to the deployment of electronic health records. “Really the issue is, who owns that [health] record, who is it disclosed to, on what basis and under whose authority?”

In her report, Cavoukian stressed the need for provincial and municipal government organizations and health information custodians to “develop a culture of privacy.”

“Organizations that fall under Ontario’s three privacy Acts must not only educate staff about privacy legislation and privacy information policies and practices…they must [also] work towards ensuring privacy becomes embedded into their institutional culture and staff understand how serious a privacy breach can be,” Cavoukian wrote on her report.

The privacy commissioner also called on government officials to be more open and transparent by providing easier public access to information, particularly on government procurements.

If a recent IDC Canada survey is any indication, government organizations are already recognizing the urgency of addressing information transparency and privacy protection issues.

The market research firm probed jurisdictions across Canada, at the federal, provincial and municipal level, on their top policy and program priorities for the next 12 to 18 months.

Transparency, accountability and compliance landed on the number two spot, among federal and provincial governments, with 46 per cent and 37 per cent, respectively, citing them as a priority, said Alison Brooks, senior government analyst at IDC Canada.

Identity management is also moving up the priority hierarchy among government organizations, Brooks added.

“It’s privacy, access and security issues all at the same time…There are definitely some cost efficiencies being dangled if you can get the right constellation of privacy, security and access across the board,” Brooks said.