Start Your Search
PS04 - PIA’s to Telehealth: A Journey (ID 13)
- Event: e-Health 2017 Virtual Meeting
- Type: Panel Session
- Track: Clinical and Executive
- Presentations: 1
- Coordinates: 6/06/2017, 10:30 AM - 12:00 PM, Room 202CD
PS04.01 - Privacy Impact Assessments: Looking for a Common Understanding (ID 315)
Purpose/Objectives: A Privacy Impact Assessment (PIA) is a formal risk management tool that includes consideration of other risk management documents as well, assists in identifying potential privacy risks associated with a new activity, allowing for the development of risk mitigation strategies that reduce the likelihood of adverse privacy events. In Canada, some jurisdictions require a PIA in legislation, others in policy or in some cases, as a best practice. This variation and inconsistency affects the efficiency resulting in a costly PIA process. Work was conducted to examine the differences and to determine if a more consistent approach could be developed to promote consistency, enhance efficiency, and build trust in the emerging digital health environment, particularly for projects that cross jurisdictions.
Methodology/Approach: Canada Health Infoway, in collaboration with the Health Information Privacy Group (HIPG) conducted an environmental scan of the legislative requirements as well as guidance provided by Privacy Oversight offices across the country to determine the requirements for PIAs acceptable to all jurisdictions. The environmental scan was used to develop 10 Common Understandings related to PIAs. The development of Common Understandings involves considerable debate and discussion by Ministry and eHealth privacy specialists as well as input from the Oversight members from the Infoway sponsored Privacy Forum. The HIPG believe adopting the PIA Common Understandings will promote consistency across the country when completing these assessments.
Finding/Results: The Environmental Scan and the PIA Common Understandings identified that these assessments are an important component in the risk management process of an entity and are much more than a simple compliance check. A PIA is an integral part of the business activity planning process. Conducted early enough, this document can help shape the business activities development and ensure that privacy is considered from concept to deployment. A thorough PIA is used by privacy regulators to understand the implications of a business activity on an individuals privacy and is the first document requested by regulators when conducting investigations into privacy breaches.
Conclusion/Implication/Recommendations: The core principles of the HIPG PIA Common Understandings can be applied to any project or activity across a jurisdiction with impacts on the privacy of an individual. This move towards consistency could promote trust and trans-jurisdictional disclosures of personal health information across Canada.
140 Character Summary: The PIA Common Understandings outline 10 principles that promote efficiency, consistency and trust in the digital health environment.
Only Active Members that have purchased this event or have registered via an access code will be able to view this content. To view this presentation, please login or select "Add to Cart" and proceed to checkout.