Ann Cavoukian, the Privacy Commissioner of Ontario, has a letter to the editor in the New York Times in which she recommends Canadian medical privacy law as a model for us:
Re “Safeguarding Private Medical Data†(editorial, March 26):
I couldn’t agree with you more. In Ontario, we take privacy very seriously, especially when it comes to medical data.
Four years ago, we passed the Personal Health Information Protection Act, or Phipa, and haven’t looked back. This law provides solid privacy protection for health data but doesn’t act as a barrier to the delivery of health services. It doesn’t interfere with health care but ensures that it comes wrapped in a layer of privacy.
As privacy commissioner of Ontario, I can investigate complaints and issue orders if Phipa is breached. One order I issued requires that any identifiable health data must be encrypted if removed from a health care facility on a laptop or any other medium.
Medical privacy is far too important to be left to chance, or to the well intentioned. Strong legislated safeguards are needed.
Take a look at Phipa, which could serve as an excellent model.
Ann Cavoukian
Toronto, March 27, 2008