Privacy Commissioner joins call to strengthen privacy and security of digital health communications

Commissioner expressed support to phase out fax and unencrypted email usage in healthcare sector

Privacy Commissioner joins call to strengthen privacy and security of digital health communications

The Information and Privacy Commissioner of Ontario has joined federal, provincial, and territorial privacy commissioners’ mounting call to modernize and strengthen the privacy and security of digital communications in the healthcare sector.

During their meeting last month, Privacy Commissioner of Canada Philippe Dufresne and his provincial and territorial counterparts endorsed a resolution to ensure that a secured digital health infrastructure is available to all Canadians, including those living in remote areas, among marginalized communities, and within vulnerable populations.

The resolution entitled “Securing Public Trust in Digital Healthcare” notes that Canada’s health sector continues to experience serious resource constraints and staff shortages aggravated by more than two years of surges in demand for emergency care brought on by the ongoing COVID-19 pandemic, and these problems have spurred innovation in the delivery of services, including through virtual care visits and other forms of digital health communications.

The resolution also stresses that despite the rapid digital advancements in the healthcare sector, breaches still occur due to the use of unsecured communication technologies, such as traditional fax machines and unencrypted emails, unauthorized access to health records by employees, and cybersecurity attacks.

Accordingly, the resolution outlines several measures for adoption by governments. They include:

  • Developing a strategic plan and providing appropriate supports, funding, or other incentives to phase out the use of traditional fax and unencrypted email and replace them with “more modern, secure, and interoperable” digital alternatives;
  • Promoting the adoption of secure digital technologies and responsible data governance frameworks that provide reasonable protection of personal health information against unauthorized access or inadvertent disclosures;
  • Amending laws and regulations to further provide for penalties, including administrative ones, for healthcare institutions and providers not taking reasonable measures to protect personal health information and individuals unlawfully collecting, using, or disclosing personal health information.

Moreover, the resolution urges healthcare institutions and providers to phase out the use of traditional fax and unencrypted email for communicating personal health information and replace them with “modern, secure, and interoperable” ways of transmitting personal health information, such as encrypted email services, secure patient portals, electronic referrals, and electronic prescribing.

“My office urges the government, regulatory colleges, and health information custodians to work together to pull the plug on the use of fax machines and unencrypted email that expose individuals to unnecessary and potentially devastating privacy risks,” Commissioner Patricia Kosseim said. “Retiring these outdated ways of sharing personal health information is long overdue, particularly when more trustworthy methods are readily available.”

The resolution also encourages healthcare institutions and providers to promote transparency by completing privacy impact assessments and proactively publishing a plain-language summary in a manner that is easily accessible to the public. In addition, they are advised to seek guidance from relevant experts to learn how to evaluate new digital health solutions while modernizing the means of communicating personal health information and before procurement.

Related stories

Free newsletter

Our newsletter is FREE and keeps you up to date on all the developments in the Ontario legal community. Please enter your email address below to subscribe.

Recent articles & video

Imran Kamal told his story about addiction, hoping to encourage the legal profession to be more open

Ontario Court of Justice welcomes four new justices: Frank, Hanna, Harris, Marcon

Ont. Superior Court denies disability benefits due to lack of a causal link to 40-year-old accident

Ont. Superior Court dismisses individual's insurance claim but allows corporate claim to proceed

Ontario Superior Court rejects lawyer's request to intervene in fatal vehicle collision

Slip-and-fall on black ice is an 'accident' under Statutory Benefits Schedule: Ont. Superior Court

Most Read Articles

Ontario Superior Court rejects lawyer's request to intervene in fatal vehicle collision

Imran Kamal told his story about addiction, hoping to encourage the legal profession to be more open

Slip-and-fall on black ice is an 'accident' under Statutory Benefits Schedule: Ont. Superior Court

Ontario Court of Justice welcomes four new justices: Frank, Hanna, Harris, Marcon