Corban Technology Solutions Journal
How your clinic can quickly assess privacy and security risks
Posted on January 25th 2017
By Stan Shaw, Founder, CTS
Part 4 of our series on Privacy and Data Security Best Practices.
Last week we highlighted some issues and recommendations that arose when a medical clinic was audited by the Office of the Information and Privacy Commissioner for BC (OIPC). But how can you be certain your clinic is maintaining privacy and data security best practices that will help ensure your clinic is compliant with privacy legislation?
Here are two excellent tools.
They require little technical expertise and cost nothing other than a few minutes of your time.
The Doctors of BC Privacy and Security Checklist
This simple set of 25 questions, written back in 2009 in collaboration with the OIPC and the College of Physicians and Surgeons of BC, provides a great starting point to assess how your clinic is managing privacy and data security. If you can say “Yes” to these questions, you will have addressed important areas that should be of concern to all clinicians. Interested? Click here to download your copy from the Doctors of BC website. It’s part of their Privacy Toolkit, a great resource.
The OIPC Security Self-Assessment Tool
About three years after the Privacy and Security Checklist was published, the OIPC for British Columbia collaborated with the OIPC of Alberta and the Office of the Privacy Commissioner of Canada to create a tool intended for all organizations that must be compliant with personal information security requirements under the Personal Information Protection Act (PIPA) in British Columbia, the Personal Information Protection Act in Alberta and the personal Information Protection and Electronic Documents Act (PIPEDA) across Canada.
What is especially useful with this more comprehensive self-assessment is that it includes key questions that are considered minimum security requirements for all organizations, not just health clinics. These key questions can help to assess whether or not, from a security point of view, your clinic or organization is safeguarding data in compliance with legislated requirements under PIPA in BC and Alberta, and PIPEDA.
We highly recommend taking the time to do this security self-assessment. Click here to download your copy from the OIPC website.
Together, the above tools provide excellent starting points for asking the sort of questions with your staff and service providers that will help develop the culture of privacy we discussed in Part 1 of this series.