DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Commissioner Cavoukian issues new publication in collaboration with the National Association for Information Destruction: Best Practices for the Secure Destruction of Personal Health Information

Posted on November 2, 2009 by Dissent

Ontario’s Information and Privacy Commissioner, Dr. Ann Cavoukian, released a joint publication in collaboration with Robert Johnson, Executive Director of the National Association for Information Destruction (NAID). The educational paper entitled, Get Rid of it Securely to Keep it Private: Best Practices for the Secure Destruction of Personal Health Information, is premiered at NAID’s 2009 Annual Conference in Toronto, Canada.

This publication was borne out of a particular Health Order (HO-006) which Commissioner Cavoukian issued this past summer regarding records containing personal health information being found scattered on the streets, in Ottawa, outside a medical centre housing a medical laboratory. Remarkably, it was the second Health Order Commissioner Cavoukian has issued involving personal health information records being found scattered in the streets. In 2005, patient health records were found blowing around downtown Toronto which resulted in Health Order No. 1 (HO-001).

“I was quite shocked to learn about those records scattered around Ottawa. It was like a déjà vu. I made it quite clear in Health Order No. 1, regarding how to dispose of personal health information in a secure manner, but after Health Order No. 6, I decided that more detailed, in-depth guidance was needed. That’s why I decided to work with Mr. Johnson, an expert in this field, in creating this publication that will reinforce the message that organizations need to get serious about how they dispose of health information records,” says the Commissioner.

By their very nature, medical records are among the most privacy-sensitive when it comes to one’s personal information. “A single medical record can reveal a great deal about an individual including recreational and lifestyle habits, or major health issues, all of which can result in potentially devastating consequences if revealed to family, friends or employers,” says Commissioner Cavoukian. She further adds, “Health-care providers need to realize that their information management practices have very real and lasting consequences for their patients. You can’t just throw medical records into a dumpster or a recycling box and forget about them.”

At the same time, Mr. Johnson recognizes that personal health information is the lifeblood of many businesses and an indispensible part of the health-care industry. “Providing much-needed health-care services while ensuring privacy is a fine balance, where the slightest misstep by a health-care provider may result in harmful consequences to their business. I believe that this publication can assist organizations in protecting the privacy of patients and make it possible for organizations to meet their business objectives – a mutually beneficial outcome for both parties,” says Mr. Johnson.

The publication itself outlines a number of Best Practices that can be employed in the secure destruction of personal health information records. These include: developing a secure destruction policy that is clear, understandable and leaves no room for interpretation; segregating and securely storing records; determining the best methods of destruction; documenting the destruction process; considerations prior to employing a third-party service provider; disposal of securely destroyed materials; and ensuring compliance.

The approach taken in developing these Best Practices comes from Commissioner Cavoukian’s concept of Privacy by Design which she first developed in the ’90s. Privacy by Design involves proactively building privacy into the design, operation and management of information processing systems. By adopting Privacy by Design, privacy can be built into secure destruction programs at the outset in a way that provides for both functionality and security.

“This can widen the path for the health-care industry to deliver functional services and ensure the security of personal health information, resulting in a win-win scenario for patients and health care providers,” adds Commissioner Cavoukian.

A copy of Get Rid of it Securely to Keep it Private: Best Practices for the Secure Destruction of Personal Health Information, can be downloaded free of charge from the IPC website at, www.ipc.on.ca.

Category: Uncategorized

Post navigation

← Garden Grove man gets 11 years prison for ID theft
Report: Data Breaches Hike Fraud Risk 400% →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.