aHSM

Addressing Potential Threats

Kelburn Recovery Centre handles potential threats to cybersecurity through:

1. Malware Prevention

2. Password Security

3. Network Security

4. Secure Configuration

5. User Privileges

6. Incident Management

(Global Knowledge Solutions Organization, n.d.)

Addressing Potential Threats

LEGISLATION AT HAND

Kelburn Recovery Centre complies with Personal Information Protection and Electronic Documents Act (PIPEDA) and Personal Health Information Protection Act (PHIPA) guidelines to maintain data integrity and protect patient confidentiality.

THREATS AND RISK ASSESSMENT

RISK ASSESSMENT AND TESTING

Our patients come to Kelburn Recovery Centre with hopes to improve their lives and it is our innate duty to protect their identity and ensure that their personal health information is secure with us.

A potential threat that would always wander around is the threat of personal health information privacy breach. The patient’s personal health information being leaked out can happen either through a network security breach, such as hacking or introducing viruses or malwares, or physical callousness at our employee’s end.

This could prove catastrophic as crucial patient data could be exploited for various reasons and it would lead to patient’s losing faith towards our organization, followed by legal complications.

(Kelburn Recovery Centre, n.d.)

PIA ( Cont.)

Principle 1: Accountability for Personal Health Information Organization and Governance

The PHI of a patient undergoing treatment at the centre is the responsibility of Kelburn Recovery Centre. A Chief Privacy Officer is appointed who oversees compliance with this necessary PIPEDA principle.

Principle 2: Identifying Purposes for Personal Health Information

Kelburn Recovery Centre ensures that the patients being treated at the Centre are well-informed of the reason and purposes for which their PHI is being collected.

Principle 3: Consent for the Collection, Use or Disclosure of Personal Health Information

Before undergoing any type of treatment or procedure at Kelburn Recovery Centre, an informed consent is taken from the patient with regards to collecting, using or disclosing their PHI.

PIA Based on the 10 Principles of PIPEDA

(Privacy Commissioner of Canada, 2019).

PIA ( Cont.)

Principle 4: Limiting Collection of Personal Health Information

Kelburn Recovery Centre believes in collecting PHI in a lawful manner and on a ‘need-to-know’ basis, in order to provide its patients with the best in-class experience.

Principle 5: Limiting Use, Disclosure and Retention of Personal Health Information

The usage, disclosure and retention of PHI is only intended for the purpose for which it was collected. A patient’s personal health information may only be disclosed to a third party if a patient signs an informed consent for the same, or if it is required by law to do so.

Principle 6: Accuracy of Personal Health Information

Kelburn Recovery Centre takes special steps to ensure that the PHI of patients is accurate, complete and kept up-to-date to provide the best care to them.

(Privacy Commissioner of Canada, 2019)

PIA ( Cont.)

Principle 7: Safeguards for Personal Health Information

Kelburn Recovery Centre ensures that all PHI is kept and maintained in a secure manner. Various hardware, software and technical safeguards are set into place to ensure its complete safety against potential threats and breaches.

Principle 8: Openness about the management of personal information

Kelburn Recovery Centre provides public disclosure of information about its policies related to the management of its patients’ PHI. It makes sure that such policies are constantly revised, kept up to date and readily available for public consumption.

(Privacy Commissioner of Canada, 2019)

Question 1

Q1) Patient- related information that should be protected:

a) Clinical information

b) Demographic information

c) Financial information

d) All of the above

Q2) When should covered entities share the Notice of Privacy practices?

a) If the patient requests it

b) Every time the patient presents for care.

c) No later than the second visit

d) At all times

Question 2

Question 3

Q3) Which of the following is considered a breach of confidentiality?

a) Two physicians discuss a mutual patient in the elevator

b) A worker reviews the medical record of their parent

c) A receptionist views lab results for HIV test of a patient out of curiosity

d) All of the above

Question 4

Q4) Professionalism can be defined as exhibiting courteous and business-like behaviours in the workplace. Which of the following is an example of professionalism?

a) Adhering to legal standards

b) Arriving for work on time

c) Maintaining appropriate dressing attire and body language

d) All of the above

Q5) Consider the following scenario and select the most appropriate response:

A patient calls to schedule an appointment and is hard of hearing. They have asked that you speak up so they can hear you better.

a) Speak louder, as the patient requested.

b) Apologize and explain that you don't want to do that. Other patients may overhear.

c) Move to a more private location so no one overhears your conversation.

d) Transfer the call to someone else.

Question 5