Information Sharing Drivers and Recommendations. Sherry Liang. Assistant Commissioner. Big Picture Issues The Regulators Perspective October 3, 2015

Similar documents
Data Integration and Big Data In Ontario Brian Beamish Information and Privacy Commissioner of Ontario

A Deep Dive into the Privacy Landscape

Your Privacy. Ontario s Information and Privacy Commissioner.

Opening the Door Hospitals & FOI. Applying PHIPA and FIPPA to Personal. Information: Guidance for Hospitals.

Rapid Intervention Service Kenora (RISK) Table Report May May 2017

The Personal Health Information Protection Act

YORK REGION DISTRICT SCHOOL BOARD. Policy and Procedure #158.0, Information Access and Privacy Protection

Charting a Course for the Future

June 19, The Honourable Dave Levac Speaker of the Legislative Assembly of Ontario. Dear Speaker,

A PHIPA Update from the IPC

Food Safety Protocol, 2018

Participant Information Name (optional)

Routine Disclosure Plan

INVESTIGATION REPORT

Mandatory Reporting and Breach Notification Changes to PHIPA and what you need to know

PRIVACY BREACH MANAGEMENT GUIDELINES. Ministry of Justice Access and Privacy Branch

Update on the Specialized Program for Interdivisional Enhanced Responsiveness (SPIDER) Community Development and Recreation Committee

Freedom of Information and Protection of Privacy

PRIVACY AND ANTI-SPAM CODE FOR OUR ORGANIZATION

POPULATION DATA BC. Privacy in Health Research. Caitlin Pencarrick Hertzman Population Data BC University of British Columbia CFRI, April 2012

Snooping Rights and Responsibilities

MINISTRY OF HEALTH AND LONG-TERM CARE

Report of the Information & Privacy Commissioner/Ontario. Review of the Cardiac Care Network of Ontario (CCN):


AN OVERVIEW OF FIPPA for FACULTY, INSTRUCTORS & ADMINISTRATORS. Information and tips on how to keep you FIPPA FRIENDLY

PERSONAL HEALTH INFORMATION PROTECTION ACT (PHIPA) Frequently Asked Questions (FAQ s) Office of Access and Privacy

Infection Prevention and Control Lapse Disclosure Guidance Document

PRIVACY BREACH MANAGEMENT POLICY

Accountability Framework and Organizational Requirements

pic National Prescription Drug Utilization Information System Database Privacy Impact Assessment

Overview of Privacy Legislation in Ontario

Overview of. Health Professions Act Nurses (Registered) and Nurse Practitioners Regulation CRNBC Bylaws

Getting Ready for Ontario s Privacy Legislation GUIDE. Privacy Requirements and Policies for Health Practitioners

CORPORATE PLAN

COUNTY OF PERTH. Chief Administrative Officer. Clerk s Office Business Plan. January 2017

A Privacy Compliance Checklist: Organizing for Privacy Management

PRIVACY AND ANTI-SPAM CODE FOR OUR DENTAL OFFICE Please refer to Appendix A for a glossary of defined terms.

Guidelines for Telepractice in Occupational Therapy

NOTICE OF PRIVACY PRACTICES

MINISTRY OF HEALTH AND LONG-TERM CARE

Community Child Care Fund - Restricted non-competitive grant opportunity (for specified services) Guidelines

Privacy Toolkit for Social Workers and Social Service Workers Guide to the Personal Health Information Protection Act, 2004 (PHIPA)

What to do When Faced With a Privacy Breach: Guidelines for the Health Sector. ANN CAVOUKIAN, Ph.D. COMMISSIONER

FAMILY PHARMACEUTICAL SERVICES NOTICE OF PRIVACY PRACTICES effective 9/23/2013

Report of the Information & Privacy Commissioner/Ontario. Review of Cancer Care Ontario:

Compliance. TODAY February Promoting a culture of compliance in daily operations and business goals. an interview with Darrell Contreras

Helping physicians care for patients Aider les médecins à prendre soin des patients

FERPA 101. December 4, Michael Hawes Director of Student Privacy Policy U.S. Department of Education

HRPA s Regulatory Framework: Regulating the Human Resources Profession in Ontario

appendix a: freedom of information and protection of privacy fact sheet

(PLEASE PRINT) Sex M F Age Birthdate Single Married Widowed Separated Divorced. Business Address Business Phone Cell Phone

NOTICE OF PRIVACY PRACTICES

FEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA

Dietitians of Canada (Ontario) Response to. The Health Professions Regulatory Advisory Council. Interprofessional Collaboration Discussion Guide

Mandatory Reporting A process

Advisory Panel on Health System Structure Saskatchewan Ministry of Health 3475 Albert St. Regina, Saskatchewan S4S 6X6

Child Care Program (Licensed Daycare)

The Impact of New Technology in Health Care on Privacy

FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY A. 38

Partnering with Patients to Inform Meaningful Change. Developing a Patient Experience Program

HANDBOOK FOR THE INDIGENOUS ECONOMIC DEVELOPMENT FUND. January 2018

NOTICE OF PRIVACY PRACTICES

Chapter 23 Saskatoon Regional Health Authority 1.0 MAIN POINTS 2.0 INTRODUCTION 3.0 AUDIT CONCLUSIONS, SCOPE AND FINDINGS

OREGON HIPAA NOTICE FORM

Evaluation of the Brant Community Response Team Initiative: Six-month Report. Alexey Babayan, Ph.D. Tamara Landry-Thompson, Ph.D.

Report of the Auditor General. At A Glance. October Photo Credit: Paul Buckingham

Eastern Ontario Development Program

SUDBURY & AREA VICTIM SERVICES

Strengthening Quality and Accountability for Patients Act, 2017 (Bill 160): What You Need to Know. Bill 160: Background

Developmental Service (DS) Compliance Inspections: Indicator List. For ADULT DEVELOPMENTAL SERVICES

PRIVACY BREACH GUIDELINES

Food Safety Protocol, 2016

Service Excellence at AAFC

2.0 APPLICABILITY OF THIS PROTOCOL AGREEMENT FRAMEWORK

E m e rgency Health S e r v i c e s Syste m M o d e r n i zation

LICENSED CLINICAL SOCIAL WORKER-PATIENT SERVICES AGREEMENT

Ministry of Education Saskatchewan Québec Student Exchange Program Criminal Records Check Policy and Procedures

FAFSA Completion Initiative Participation Agreement

Local Health Integration Network Authorities under the Local Health System Integration Act, 2006

New York Notice Form Notice of Psychologists Policies and Practices to Protect the Privacy of Your Health Information

External communication

Digital government toolkit

Aboriginal Economic Development Fund (AEDF) Handbook

CIRCLE OF CARE. Ann Cavoukian, Ph.D. Information and Privacy Commissioner, Ontario, Canada

Province of Alberta ALBERTA HEALTH ACT. Statutes of Alberta, 2010 Chapter A Current as of January 1, Published by Alberta Queen s Printer

FINANCIAL PLANNING STANDARDS COUNCIL 2017 ENFORCEMENT AND DISCIPLINARY REVIEW REPORT

A Fair Way to Go: Access to Ontario s Regulated Professions and the Need to Embrace Newcomers in the Global Economy EXECUTIVE SUMMARY

Ending the Physician-Patient Relationship

Recommendation One. GNWT Response

Coordinated Care Planning

Office of the Australian Information Commissioner

Sample Privacy Impact Assessment Report Project: Outsourcing clinical audit to an external company in St. Anywhere s hospital

About the PEI College of Pharmacists

Patient Privacy Requirements Beyond HIPAA

Privacy Rio Grande Valley HIE Policy: P1. Last date Revised/Updated 02/18/2016

International Energy Demonstration Fund Program Guidelines

Parental Consent For Minors to Receive Services

PSYCHOTHERAPIST-PATIENT SERVICES AGREEMENT COLORADO

AUSTRALIAN RESUSCITATION COUNCIL PRIVACY STATEMENT

DUTIES OF A CUSTODIAN

Transcription:

Information Sharing Drivers and Recommendations Sherry Liang Assistant Commissioner Big Picture Issues The Regulators Perspective October 3, 2015

IPC Mandate and Role The Information and Privacy Commissioner (IPC) provides an independent review of government decisions and practices concerning access and privacy; The Commissioner is appointed by and reports to the Legislative Assembly; he remains independent of the government of the day to ensure impartiality.

The Three Acts The IPC Ensures Compliance With: FIPPA and MFIPPA Provides right of access to information and appeals to the IPC; Privacy complaints may be filed with IPC investigations may result in recommendations or Orders; PHIPA Provides comprehensive privacy protections for personal health information; Primarily a privacy statute also provides patients with a right of access to their health information, and a right to appeal access decisions to the IPC.

Three examples of consultations with IPC on data sharing programs Situation tables (hubs) Student data Smart meters

Situation Tables Organizations have identified the fact that vulnerable individuals can experience urgent needs that cannot be met by any one program or institution. Information sharing and collaboration has been identified as the best way to serve people at risk.

Situation Tables What is a situation table? Collaborative, personal information sharing among community service providers, to meet urgent needs. Representatives from the police, municipalities, hospitals, social services, schools and school boards, consider individual cases. Following a situation table meeting, services are provided proactively (e.g. intervention) to meet the urgent needs of the individuals.

Situation Tables Prince Albert Model Prince Albert, Saskatchewan led one of the first Canadian situation tables, based on a police led hub in Strathclyde, Scotland. The threshold to support information sharing at the situation table included the following considerations: Number of elevated risk factors Risk factors are acute (imminent / probable the risk will lead to harm of substantial severity) Risk factors are spread across several agencies and no one agency can mitigate the risk alone The agency bringing forward the case did all it could to mitigate the risk Interest in discussing the case outweighs individual interests of not having the discussion

Situation Tables: Findings in Saskatchewan The Saskatchewan Office of the Information and Privacy Commissioner conducted a review of the Prince Albert hub and provided recommendations on how to improve the privacy program. Recommendations include: 1. Strong governance, including enforcing need-to-know access and privacy training of participants 2. Data minimization and de-identification 3. Comprehensive privacy planning, including consent of and notice to individuals, standard record-keeping practices and data verification 4. Delay sharing personal information until it can be confirmed that the situation merits an acutely elevated risk

Situation Tables Privacy Risks Identify legal authority to collect, use or disclose personal information with some or all of the agencies within the situation table. Collection, use and disclosure of personal information without the individual s knowledge and consent Disclosing personal information to too many agencies, or disclosing more than necessary. Insufficient governance and oversight mechanisms. Inadequate anonymization techniques.

Situation Tables - IPC Involvement The Commissioner s response to the Minister s mandate letter led to the following involvement: Commissioner Beamish actively participated in Economics of Policing Workshop (January 2015). Policy staff observed discussions at three situation tables in Spring, 2015: o Cambridge o North Bay o Rexdale FOCUS Respond to queries from various institutions interested in situation tables. Will be collaborating with the Ministry of Community Safety and Correctional Services on the development of tools and guidance.

Situation Tables Recommendations Situation tables can be privacy protective with sufficient planning and governance. Privacy Impact Assessments should be conducted to address potential risks. Whenever possible, personal information should be collected, used and disclosed with the individual s consent. Sharing of personal information should be limited to those with a need-to-know. Personal accountability must be emphasized. Institutions should be transparent about their participation in a situation table. Information should be anonymized, remembering that removal of direct identifiers may not be sufficient to prevent re-identification.

Student Information The 2012 report by the Commission on the Reform of Ontario s Public Services (Drummond Report) called for greater evidence in policy and program development. In 2011 and 2012, the Ontario Auditor General called for improved information on student outcomes and transitions to post-secondary education to help students make informed decisions. The government has identified a need for more information to ensure evidence-based policy and program development.

Student Information In 2013, the Ministry of Training, Colleges and Universities (MTCU) consulted with the IPC about proposed changes to the MTCU Act that would permit it to collect and use students' personal information for a variety of planning and analytical purposes Proposed research includes: Understanding the transition of students from secondary school to post-secondary education and training Trends in post-secondary education or training choices made by students Planning to enhance affordability and accessibility of postsecondary education and training

Student Information Privacy Protections In order to mitigate any potential privacy risks associated with sharing student personal information, the MTCU Act includes risk mitigating provisions that require: Data minimization collecting only required personal information and only when other data will not suffice Limited collection requiring information only when it is necessary to meet one of the specific purposes of the act Notice of collection notices must be posted on the government s website

Student Information In 2015, O. Reg. 262/15 under the MTCU Act was passed to permit sharing of student personal information with the Ministry of Finance The purpose of this information sharing is to allow the Ministry of Finance to conduct research and inform planning and program development associated with financial aid and affordability of postsecondary education Some examples include: Understanding student financial resources Identifying barriers to student participation, progress, completion and transition to employment Enhancing affordability, accessibility and quality of education

Smart Meters Smart meters are devices that collect detailed information on electricity usage from a building and transmit that information to energy providers for the purposes of time-of-use billing. The information collected is summarized for customers so that they may understand their energy consumption, and introduce energy saving activities in their homes or companies. Intended to encourage energy conservation and planning by customers, while also providing economic benefits, such as opportunities for the private sector to develop new tools and apps for customer use.

Smart Meters Privacy Risks Unauthorized access to and use of smart meter data poses significant privacy and security risks as this data can reveal when individuals are not at home, what their daily routines are, and when these change. Broad third party access to and use of this information could pose additional problems, such as unwanted targeted marketing and advertising based on personal information. The energy sector is aware of the potential privacy implications and is proceeding cautiously with privacy protections in mind.

Smart Meters The data generated by smart meters offer significant potential value for designing conservation and demand response programs, system planning, policy development, research and to support innovation in Ontario. The energy sector believes that access to certain information about distributed generation and consumption is critical to conduct meaningful analysis and assess outcomes in the market. A number of initiatives are underway examining the possibility of expanding the use of smart meter data and providing access to it in both identifiable and de-identified forms. The IPC is acting as a technical advisor on these initiatives.

Smart Meters Mitigation Strategies Information sharing initiatives of this nature must be based on: Clearly defined legal authority Appropriate de-identification of the personal information Data monitoring to ensure that potential re-identification risks are addressed Data minimization at all stages Appropriate security measure to protect personal information Robust access controls to ensure only authorized individuals can use the data Comprehensive data sharing agreements between accessing and disclosing parties

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback