What about ID security in healthcare?
Earlier this year, Ontario, Canada's Information Privacy Commissioner, Dr Ann Cavoukian, reported on the theft of a laptop replete with individually identifiable data on patients at Canada's leading children's hospital.
While her solution was data encryption, her analysis has broader application.
The fact of the matter is that healthcare and the information technology that supports electronic health records and the like cannot claim to have in place or even in plan patient-identity protections adequate in the face of opportunistic, pandemic-scope identity-related crime, such as occurred with TJX.
The Commissioner urged all Ontario hospitals and anyone collecting personal health information not to store it electronically if patient identities can't be protected.
It therefore follows, doesn't it, that "Ontario hospitals and anyone collecting personal health information" should not be storing it electronically?
What do people think?
Biting the hand that feeds IT
