Privacy Commissioner joins call to strengthen privacy and security of digital health communications

Commissioner expressed support to phase out fax and unencrypted email usage in healthcare sector

Privacy Commissioner joins call to strengthen privacy and security of digital health communications

The Information and Privacy Commissioner of Ontario has joined federal, provincial, and territorial privacy commissioners’ mounting call to modernize and strengthen the privacy and security of digital communications in the healthcare sector.

During their meeting last month, Privacy Commissioner of Canada Philippe Dufresne and his provincial and territorial counterparts endorsed a resolution to ensure that a secured digital health infrastructure is available to all Canadians, including those living in remote areas, among marginalized communities, and within vulnerable populations.

The resolution entitled “Securing Public Trust in Digital Healthcare” notes that Canada’s health sector continues to experience serious resource constraints and staff shortages aggravated by more than two years of surges in demand for emergency care brought on by the ongoing COVID-19 pandemic, and these problems have spurred innovation in the delivery of services, including through virtual care visits and other forms of digital health communications.

The resolution also stresses that despite the rapid digital advancements in the healthcare sector, breaches still occur due to the use of unsecured communication technologies, such as traditional fax machines and unencrypted emails, unauthorized access to health records by employees, and cybersecurity attacks.

Accordingly, the resolution outlines several measures for adoption by governments. They include:

  • Developing a strategic plan and providing appropriate supports, funding, or other incentives to phase out the use of traditional fax and unencrypted email and replace them with “more modern, secure, and interoperable” digital alternatives;
  • Promoting the adoption of secure digital technologies and responsible data governance frameworks that provide reasonable protection of personal health information against unauthorized access or inadvertent disclosures;
  • Amending laws and regulations to further provide for penalties, including administrative ones, for healthcare institutions and providers not taking reasonable measures to protect personal health information and individuals unlawfully collecting, using, or disclosing personal health information.

Moreover, the resolution urges healthcare institutions and providers to phase out the use of traditional fax and unencrypted email for communicating personal health information and replace them with “modern, secure, and interoperable” ways of transmitting personal health information, such as encrypted email services, secure patient portals, electronic referrals, and electronic prescribing.

“My office urges the government, regulatory colleges, and health information custodians to work together to pull the plug on the use of fax machines and unencrypted email that expose individuals to unnecessary and potentially devastating privacy risks,” Commissioner Patricia Kosseim said. “Retiring these outdated ways of sharing personal health information is long overdue, particularly when more trustworthy methods are readily available.”

The resolution also encourages healthcare institutions and providers to promote transparency by completing privacy impact assessments and proactively publishing a plain-language summary in a manner that is easily accessible to the public. In addition, they are advised to seek guidance from relevant experts to learn how to evaluate new digital health solutions while modernizing the means of communicating personal health information and before procurement.

Related stories

Free newsletter

Our newsletter is FREE and keeps you up to date on all the developments in the Ontario legal community. Please enter your email address below to subscribe.

Recent articles & video

OCA refuses to extend intrusion upon seclusion liability to hacked commercial database holders

Law Society of Ontario extends virtual verification until January 2024

Ontario Court of Appeal upholds summary judgment in seller's favour after buyer fails to close

Heather Johnston joins Law Foundation of Ontario's board of trustees

Ontario Court of Appeal rejects statute-barred negligent misrepresentation claim

Prisoner's personal injury action stemming from court van accident dismissed

Most Read Articles

Seven new judges join Ontario Court of Justice

LSO and federation push Metrolinx to find alternative to new subway station on Osgoode Hall property

Right of first refusal not 'eviscerated' by discouraging rights holder: Ontario Court of Appeal

Assess witness by age at testimony on events that occurred during childhood: Ontario Court of Appeal