Health Information Management (HIM) is committed to handling patient information and health data in a safe and secure manner.
HIM continues to develop educational staff resources focusing on the importance of data privacy.
The following article highlights Privacy Basics for all staff to follow.
Log out of computer systems or applications when you step away.
Don’t share your user ID & password. You are accountable for any actions using it.
Use complex passwords – minimum of 8 characters long and a combination of upper/lower case letters, numbers and symbols).
- Don’t store Personal Information on the hard drives of desktop computers, laptops or on other mobile devices (e.g. Blackberrys, USB keys, CDs) unless absolutely necessary.
- If information must be stored on mobile devices, it must be encrypted and password protected. Refer to document “Secure Encrypted USB Device Requirements”.
- Store Personal Information on a network server so if there is a theft or the device is damaged; the Personal Information is not accessible or compromised.
- Ensure only authorized personal have access to Personal Information.
- Ensure all offices and areas containing Personal Information have secured storage (locking filing cabinets/drawers, etc.) and that the information is secured when not being used and at the end of each day. Practice a “clean-desk” policy.
- Ensure doors to offices/rooms containing Personal Information have working security devices (e.g. deadbolt locks) and that the devices are engaged when out of the office.
- Use care when discarding or destroying Personal Information - make sure it is permanently destroyed or placed in locked confidential shred-it bins.
- Cyber criminals often use links to try to steal your personal information. Even if you know the source, if something looks suspicious, DELETE it.
Faxing: If you have to fax documents containing Personal Information, verify the fax number, use a cover sheet, and double check the number before pressing ‘send’. Do not put any personal information on the cover sheet.
Email: Is not secure. Do not communicate sensitive Personal Information through email unless absolutely necessary. In those cases, minimize the information & identifiers used. Note: Emails sent to or from non-health authority email addresses are exposed to the internet and may also be stored on servers outside of Canada.
All Staff must immediately report the actual or potential theft, loss or disclosure of Personal Information or other confidential information, regardless of its format; verbal, written, electronic. If you become aware of a breach:
- Immediately notify your Management and the Information Access & Privacy Office.
- Immediately notify the Service Desk if a laptop or other electronic storage device is lost or stolen.
Support the breach investigation in a timely manner. For more information or to book a privacy education session, please contact Mandy Lit, Manager, Contracts and Information Privacy.