DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Commissioner Cavoukian issues new publication in collaboration with the National Association for Information Destruction: Best Practices for the Secure Destruction of Personal Health Information

Posted on November 2, 2009 by Dissent

Ontario’s Information and Privacy Commissioner, Dr. Ann Cavoukian, released a joint publication in collaboration with Robert Johnson, Executive Director of the National Association for Information Destruction (NAID). The educational paper entitled, Get Rid of it Securely to Keep it Private: Best Practices for the Secure Destruction of Personal Health Information, is premiered at NAID’s 2009 Annual Conference in Toronto, Canada.

This publication was borne out of a particular Health Order (HO-006) which Commissioner Cavoukian issued this past summer regarding records containing personal health information being found scattered on the streets, in Ottawa, outside a medical centre housing a medical laboratory. Remarkably, it was the second Health Order Commissioner Cavoukian has issued involving personal health information records being found scattered in the streets. In 2005, patient health records were found blowing around downtown Toronto which resulted in Health Order No. 1 (HO-001).

“I was quite shocked to learn about those records scattered around Ottawa. It was like a déjà vu. I made it quite clear in Health Order No. 1, regarding how to dispose of personal health information in a secure manner, but after Health Order No. 6, I decided that more detailed, in-depth guidance was needed. That’s why I decided to work with Mr. Johnson, an expert in this field, in creating this publication that will reinforce the message that organizations need to get serious about how they dispose of health information records,” says the Commissioner.

By their very nature, medical records are among the most privacy-sensitive when it comes to one’s personal information. “A single medical record can reveal a great deal about an individual including recreational and lifestyle habits, or major health issues, all of which can result in potentially devastating consequences if revealed to family, friends or employers,” says Commissioner Cavoukian. She further adds, “Health-care providers need to realize that their information management practices have very real and lasting consequences for their patients. You can’t just throw medical records into a dumpster or a recycling box and forget about them.”

At the same time, Mr. Johnson recognizes that personal health information is the lifeblood of many businesses and an indispensible part of the health-care industry. “Providing much-needed health-care services while ensuring privacy is a fine balance, where the slightest misstep by a health-care provider may result in harmful consequences to their business. I believe that this publication can assist organizations in protecting the privacy of patients and make it possible for organizations to meet their business objectives – a mutually beneficial outcome for both parties,” says Mr. Johnson.

The publication itself outlines a number of Best Practices that can be employed in the secure destruction of personal health information records. These include: developing a secure destruction policy that is clear, understandable and leaves no room for interpretation; segregating and securely storing records; determining the best methods of destruction; documenting the destruction process; considerations prior to employing a third-party service provider; disposal of securely destroyed materials; and ensuring compliance.

The approach taken in developing these Best Practices comes from Commissioner Cavoukian’s concept of Privacy by Design which she first developed in the ’90s. Privacy by Design involves proactively building privacy into the design, operation and management of information processing systems. By adopting Privacy by Design, privacy can be built into secure destruction programs at the outset in a way that provides for both functionality and security.

“This can widen the path for the health-care industry to deliver functional services and ensure the security of personal health information, resulting in a win-win scenario for patients and health care providers,” adds Commissioner Cavoukian.

A copy of Get Rid of it Securely to Keep it Private: Best Practices for the Secure Destruction of Personal Health Information, can be downloaded free of charge from the IPC website at, www.ipc.on.ca.


Related:

  • North Country Healthcare responds to Stormous's claims of a breach
  • Gladney Adoption Center had serious data exposures in the past few months. What will they do to prevent more?
  • Former U.S. Soldier Pleads Guilty to Hacking and Extortion Scheme Involving Telecommunications Companies
  • DOGE Denizen Marko Elez Leaked API Key for xAI
  • Four people bailed after arrests over cyber attacks on M&S, Co-op and Harrods
Category: Uncategorized

Post navigation

← Garden Grove man gets 11 years prison for ID theft
Report: Data Breaches Hike Fraud Risk 400% →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • North Country Healthcare responds to Stormous’s claims of a breach
  • Gladney Adoption Center had serious data exposures in the past few months. What will they do to prevent more?
  • Former U.S. Soldier Pleads Guilty to Hacking and Extortion Scheme Involving Telecommunications Companies
  • DOGE Denizen Marko Elez Leaked API Key for xAI
  • Four people bailed after arrests over cyber attacks on M&S, Co-op and Harrods
  • RansomedVC is back — and is still attacking its competitors
  • Texas Enacts Electronic Health Record Data Localization Law
  • United Australia Party confirms ransomware attack, personal data and email correspondence exposed
  • Armenian National Extradited to the United States Faces Federal Charges for Ransomware Extortion Conspiracy
  • 70% of healthcare cyberattacks result in delayed patient care, report finds

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Texas Enacts Electronic Health Record Data Localization Law
  • Upstate NY county clerk again refuses to enforce Texas abortion judgment
  • Attorney General James Leads Coalition Urging Congress to Protect Americans from Masked ICE Agents
  • Attorney General Tong Announces $85,000 Settlement with TicketNetwork for Violations of the Connecticut Data Privacy Act​
  • Fourth Circuit upholds West Virginia ban on abortion pills
  • Meta fixes bug that could leak users’ AI prompts and generated content
  • The EU’s Plan To Ban Private Messaging Could Have a Global Impact (Plus: What To Do About It)

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.