Skip to main content

Data Privacy for Staff

Use this image as both the current Page Image and for News listings

Health Information Management (HIM) is committed to handling patient information and health data in a safe and secure manner.
HIM continues to develop educational staff resources focusing on the importance of data privacy. 
The following article highlights Privacy Basics for all staff to follow. 

Data-privacy-01.jpg

LOCK DOWN YOUR LOGIN

  • Log out of computer systems or applications when you step away.
  • Don’t share your user ID & password. You are accountable for any actions using it.
  • Use complex passwords – minimum of 8 characters long and a combination of upper/lower case letters, numbers and symbols). 


​​Data-privacy-02.jpg


KEEP A CLEAN MACHINE


  • Don’t store Personal Information on the hard drives of desktop computers, laptops or on other mobile devices (e.g. Blackberrys, USB keys, CDs) unless absolutely necessary. 
  • If information must be stored on mobile devices, it must be encrypted and password protected. Refer to document “Secure Encrypted USB Device Requirements”.  
  • Store Personal Information on a network server so if there is a theft or the device is damaged; the Personal Information is not accessible or compromised.

Data-privacy-03.jpg

PERSONAL INFORMATION IS LIKE MONEY. VALUE IT. PROTECT IT.

  • Ensure only authorized personal have access to Personal Information. 
  • Ensure all offices and areas containing Personal Information have secured storage (locking filing cabinets/drawers, etc.) and that the information is secured when not being used and at the end of each day. Practice a “clean-desk” policy. 
  • Ensure doors to offices/rooms containing Personal Information have working security devices (e.g. deadbolt locks) and that the devices are engaged when out of the office. 
  • Use care when discarding or destroying Personal Information - make sure it is permanently destroyed or placed in locked confidential shred-it bins.


Data-privacy-05.jpg

WHEN IN DOUBT, THROW IT OUT


  • Cyber criminals often use links to try to steal your personal information. Even if  you know the source, if something looks suspicious, DELETE it.




Data-privacy-04.jpg

SHARE WITH CARE


Faxing: If you have to fax documents containing Personal Information, verify the fax number, use a cover sheet, and double check the number before pressing ‘send’. Do not put any personal information on the cover sheet.  

Email: Is not secure. Do not communicate sensitive Personal Information through email unless absolutely necessary. In those cases, minimize the information & identifiers used. Note: Emails sent to or from non-health authority email addresses are exposed to the internet and may also be stored on servers outside of Canada.


HIM SUPPORTS A SAFE BREACH REPORTING ENVIRONMENT 

All Staff must immediately report the actual or potential theft, loss or disclosure of Personal Information or other confidential information, regardless of its format; verbal, written, electronic. If you become aware of a breach: 

  • Immediately notify your Management and the Information Access & Privacy Office. 
  • Immediately notify the Service Desk if a laptop or other electronic storage device is lost or stolen.

Support the breach investigation in a timely manner. For more information or to book a privacy education session, please contact Mandy Lit, Manager, Contracts and Information Privacy.

 
 
SOURCE: Data Privacy for Staff ( )
Page printed: . Unofficial document if printed. Please refer to SOURCE for latest information.

Copyright © Provincial Health Services Authority. All Rights Reserved.