Health Information Management (HIM) is committed to handling patient information and health data in a safe and secure manner.
HIM continues to develop educational staff resources focusing on the importance of data privacy.
The following article highlights Privacy Basics for all staff to follow.
|
-
Log out of computer systems or applications when you step away.
-
Don’t share your user ID & password. You are accountable for any actions using it.
-
Use complex passwords – minimum of 8 characters long and a combination of upper/lower case letters, numbers and symbols).
|
 |
- Don’t store Personal Information on the hard drives of desktop computers, laptops or on other mobile devices (e.g. Blackberrys, USB keys, CDs) unless absolutely necessary.
- If information must be stored on mobile devices, it must be encrypted and password protected. Refer to document “Secure Encrypted USB Device Requirements”.
- Store Personal Information on a network server so if there is a theft or the device is damaged; the Personal Information is not accessible or compromised.
|
 |
- Ensure only authorized personal have access to Personal Information.
- Ensure all offices and areas containing Personal Information have secured storage (locking filing cabinets/drawers, etc.) and that the information is secured when not being used and at the end of each day. Practice a “clean-desk” policy.
- Ensure doors to offices/rooms containing Personal Information have working security devices (e.g. deadbolt locks) and that the devices are engaged when out of the office.
- Use care when discarding or destroying Personal Information - make sure it is permanently destroyed or placed in locked confidential shred-it bins.
|
|
- Cyber criminals often use links to try to steal your personal information. Even if you know the source, if something looks suspicious, DELETE it.
|
 |
Faxing: If you have to fax documents containing Personal Information, verify the fax number, use a cover sheet, and double check the number before pressing ‘send’. Do not put any personal information on the cover sheet.
Email: Is not secure. Do not communicate sensitive Personal Information through email unless absolutely necessary. In those cases, minimize the information & identifiers used. Note: Emails sent to or from non-health authority email addresses are exposed to the internet and may also be stored on servers outside of Canada.
|
All Staff must immediately report the actual or potential theft, loss or disclosure of Personal Information or other confidential information, regardless of its format; verbal, written, electronic. If you become aware of a breach:
- Immediately notify your Management and the Information Access & Privacy Office.
- Immediately notify the Service Desk if a laptop or other electronic storage device is lost or stolen.
Support the breach investigation in a timely manner. For more information or to book a privacy education session, please contact Mandy Lit, Manager, Contracts and Information Privacy.