Privacy - Introductie Beware of privacy – security fallacies ! Privacy ...
Developing A Privacy Culture In Health Care Oganizations
-
Upload
government-technology-exhibition-and-conference -
Category
Technology
-
view
415 -
download
1
description
Transcript of Developing A Privacy Culture In Health Care Oganizations
![Page 1: Developing A Privacy Culture In Health Care Oganizations](https://reader035.fdocuments.in/reader035/viewer/2022070303/5495c093ac7959042e8b4f22/html5/thumbnails/1.jpg)
Developing a Privacy Culture in Health Care Organizations”
The Experiences of eHealth Ontario
![Page 2: Developing A Privacy Culture In Health Care Oganizations](https://reader035.fdocuments.in/reader035/viewer/2022070303/5495c093ac7959042e8b4f22/html5/thumbnails/2.jpg)
Notes
eHealth Ontario formed by regulation in September 2008
The transition of SSHA into eHealth Ontario has commenced.
Comments today reflect experiences of SSHA and not new Agency.
![Page 3: Developing A Privacy Culture In Health Care Oganizations](https://reader035.fdocuments.in/reader035/viewer/2022070303/5495c093ac7959042e8b4f22/html5/thumbnails/3.jpg)
![Page 4: Developing A Privacy Culture In Health Care Oganizations](https://reader035.fdocuments.in/reader035/viewer/2022070303/5495c093ac7959042e8b4f22/html5/thumbnails/4.jpg)
Canada: Privacy & Healthcare
2007 Canada Health Infoway survey Canadians reasonably confident that responsible
stewardship of personal health data exists.
79% considers the health information that exists about them to be at least moderately secure.
Trust in health professionals (e.g., doctors, nurses, pharmacists) is very high; but slightly lower for other groups (e.g., administrators, government departments).
Trust levels are more mixed outside the realm of immediate health care providers (e.g., computer technicians, insurance companies, researchers).
“If you can protect my privacy, I am okay with [electronic health records].”
![Page 5: Developing A Privacy Culture In Health Care Oganizations](https://reader035.fdocuments.in/reader035/viewer/2022070303/5495c093ac7959042e8b4f22/html5/thumbnails/5.jpg)
United States: Privacy & Healthcare
May 2008 CDT report on privacy and healthcare cites 2006 survey
When Americans were asked about the benefits of and concerns about online health information:
80% said they are very concerned about identity theft or fraud;
77% reported being very concerned about their medical information being used for marketing purposes;
56% were concerned about employers having access to their health information; and
53% were concerned about insurers gaining access to this information.
![Page 6: Developing A Privacy Culture In Health Care Oganizations](https://reader035.fdocuments.in/reader035/viewer/2022070303/5495c093ac7959042e8b4f22/html5/thumbnails/6.jpg)
The Problem is Not External
Gartner Group:
Employees commit 70% of data breaches. 2006 CSI/FBI survey:
92% of insider data thieves had negative work evaluations before breach.
Univ. of Washington research:
31% of data breaches between 1980 and 2006 were committed by external parties (e.g. “hackers”).
![Page 7: Developing A Privacy Culture In Health Care Oganizations](https://reader035.fdocuments.in/reader035/viewer/2022070303/5495c093ac7959042e8b4f22/html5/thumbnails/7.jpg)
What to Do?
In building a culture of privacy, an organization must:
clearly articulate privacy as an organizational priority;
communicate key privacy and security messages;
educate across the organization;
raise awareness of the importance of registering privacy incidents and breaches;
build privacy into the fabric of the organization’s activities; and
make privacy information and guidance readily accessible.
Think Training AND Awareness
![Page 8: Developing A Privacy Culture In Health Care Oganizations](https://reader035.fdocuments.in/reader035/viewer/2022070303/5495c093ac7959042e8b4f22/html5/thumbnails/8.jpg)
Management Communication
Management must have effective messaging:
Information protection isn’t solely a technical or policy issue; it also involves behavior.
The protection of personal information is a personal responsible for each staff member.
Information protection is an ongoing initiative, not a short-term project or goal.
Objective is to change organizational behavior to develop a “culture of privacy”.
![Page 9: Developing A Privacy Culture In Health Care Oganizations](https://reader035.fdocuments.in/reader035/viewer/2022070303/5495c093ac7959042e8b4f22/html5/thumbnails/9.jpg)
Use Marketing Approach
Brand “privacy awareness,”
Integrate all the materials into a coherent, consistent, and instantly recognizable campaign.
Strategy should be to continuously inform and motivate staff and managers.
SSHA adopted its own theme
“Get Caught! Doing the Right Thing.”
![Page 10: Developing A Privacy Culture In Health Care Oganizations](https://reader035.fdocuments.in/reader035/viewer/2022070303/5495c093ac7959042e8b4f22/html5/thumbnails/10.jpg)
SSHA Awareness Campaigns
Objectives:
Tie campaign to:Updated Privacy and Security Standard of
Conduct.
Mandatory staff training.
Enterprise Security and Privacy Incident Management.
Raise profile of Privacy and Security:“Desk tour”
Poster campaign
Telephone hotline and central e-mail
“Jeopardy” sessions
![Page 11: Developing A Privacy Culture In Health Care Oganizations](https://reader035.fdocuments.in/reader035/viewer/2022070303/5495c093ac7959042e8b4f22/html5/thumbnails/11.jpg)
![Page 12: Developing A Privacy Culture In Health Care Oganizations](https://reader035.fdocuments.in/reader035/viewer/2022070303/5495c093ac7959042e8b4f22/html5/thumbnails/12.jpg)
![Page 13: Developing A Privacy Culture In Health Care Oganizations](https://reader035.fdocuments.in/reader035/viewer/2022070303/5495c093ac7959042e8b4f22/html5/thumbnails/13.jpg)
GET CAUGHT! won the following International Association of Business Communicators (IABC) awards:
An international Gold Quill Award of Merit in the Other Graphic Design category;
A Canadian Silver Leaf Award of Merit in the Other Graphic Design category
A Toronto chapter Ovation Award of Excellence for Other Graphic Design; and
A Toronto chapter Ovation Award of Merit for Employee/Member Communications
![Page 14: Developing A Privacy Culture In Health Care Oganizations](https://reader035.fdocuments.in/reader035/viewer/2022070303/5495c093ac7959042e8b4f22/html5/thumbnails/14.jpg)
![Page 15: Developing A Privacy Culture In Health Care Oganizations](https://reader035.fdocuments.in/reader035/viewer/2022070303/5495c093ac7959042e8b4f22/html5/thumbnails/15.jpg)
Privacy Training @ SSHA
Online Learning Management System (LMS) with two modules for Privacy and Information Security.
Mandatory for new employees: to be completed within 30 days of on-boarding date.
Compliance monitoring done by PS from HR data.
Non-compliance with requirement results in system lockout.
![Page 16: Developing A Privacy Culture In Health Care Oganizations](https://reader035.fdocuments.in/reader035/viewer/2022070303/5495c093ac7959042e8b4f22/html5/thumbnails/16.jpg)
Privacy Training
![Page 17: Developing A Privacy Culture In Health Care Oganizations](https://reader035.fdocuments.in/reader035/viewer/2022070303/5495c093ac7959042e8b4f22/html5/thumbnails/17.jpg)
Privacy Training
![Page 18: Developing A Privacy Culture In Health Care Oganizations](https://reader035.fdocuments.in/reader035/viewer/2022070303/5495c093ac7959042e8b4f22/html5/thumbnails/18.jpg)
Privacy Training
![Page 19: Developing A Privacy Culture In Health Care Oganizations](https://reader035.fdocuments.in/reader035/viewer/2022070303/5495c093ac7959042e8b4f22/html5/thumbnails/19.jpg)
Conclusion
A “culture of privacy” is privacy-aware conduct in day-to-day business activities.
Developing a “culture of privacy”
Is a long-term exercise;Intended to create environment in which personnel automatically
behave appropriately with respect to privacy requirements.
A “culture of privacy” fosters greater confidence among stakeholders in your organization’s information-handling practices.
A “culture of privacy” requires committed leadership to promote active participation by all staff.
![Page 20: Developing A Privacy Culture In Health Care Oganizations](https://reader035.fdocuments.in/reader035/viewer/2022070303/5495c093ac7959042e8b4f22/html5/thumbnails/20.jpg)
www.ssha.on.ca/privacy
![Page 21: Developing A Privacy Culture In Health Care Oganizations](https://reader035.fdocuments.in/reader035/viewer/2022070303/5495c093ac7959042e8b4f22/html5/thumbnails/21.jpg)
QuestionsMichael Power
Vice President, Privacy and SecurityeHealth Ontario