Data Privacy Concerns for Canadian Healthcare Providers
If not properly managed, videoconferencing can introduce distinct privacy and security vulnerabilities not present with in-person consultations. These vulnerabilities include misunderstanding and/or inappropriate operation of the technology, as well as overall network security. Each jurisdiction requires specific policies and procedures (e.g. to ensure that the video conferencing session is secure
from non-authorized viewing) to ensure the ongoing privacy and con dentiality of personal health information.
Canadian Privacy Regulations
PIPEDA (Personal Information Protection and Electronic Documents Act) is a Canadian law relating to data privacy governing how private sector organizations collect, use and disclose personal information in the course of commercial business. Some provincial regulations also apply - e.g. private business and organizations in British Columbia and Alberta must comply with PIPA-BC, PIPA-AB (Personal information Protection Acts). Public bodies, such as regional health authorities must comply with the FIPPA (Canadian Freedom of Information and Protection of Privacy Act).
Hosting the application and healthcare information on Canadian soil is fundamental to healthcare information privacy compliance for Canadian healthcare providers.
Canadian Privacy Law Compliant Technology Implementation
With rapid technology changes and increased security threats, privacy compliant technology enabled services are vital for business and operational confidence.
Are Video Conferencing Cloud Services compliant with Canadian privacy requirements?
There are many video conferencing systems that claim to be HIPAA compliant. American corporations operating in foreign countries fall under the PATRIOT ACT and don’t necessarily adhere to PIPEDA.
“Organizations need to make it plain to individuals that their information may be processed in a foreign country and that it may be accessible to law enforcement and national security authorities of that jurisdiction.”
PIPEDA sets forth that when an organization collects sensitive data, that organization is now fully accountable and responsible for that data. Therefore, an organization needs to be certain that the cloud provider chosen meets stringent criteria and allows the organization to be privacy compliant.
Privacy compliance in British Columbia
“The British Columbia Legislative Assembly responded by adopting Bill 73—the Freedom of Information and Protection of Privacy Amendment Act, 2004. The law requires public bodies to ensure that “personal information in its custody or under its control is stored only in Canada and accessed only in Canada.”