Last week's New York Times had an editorial on Safeguarding Private Medical Data:
... These are good steps, but a larger solution is needed. There should be a federal law imposing strict privacy safeguards on all government and private entities handling medical data. Congress should pass a bill like the Trust Act, introduced by Representative Edward Markey, a Democrat of Massachusetts, imposing mandatory encryption requirements and deadlines for notifying patients when their privacy is breached. As the N.I.H. has shown, medical privacy is too important to be left up to the medical profession.
In today's edition, Ontario's Information and Privacy Commissioner responds:
Ontario’s Example on Privacy - New York Times
To the Editor:
Re: Editorial: Safeguarding Private Medical Data (March 26, 2008)
I couldn’t agree with you more. In Ontario, we take privacy very seriously, especially when it comes to medical data.
Four years ago, we passed the Personal Health Information Protection Act, or Phipa, and haven’t looked back. This law provides solid privacy protection for health data but doesn’t act as a barrier to the delivery of health services. It doesn’t interfere with health care but ensures that it comes wrapped in a layer of privacy.
As privacy commissioner of Ontario, I can investigate complaints and issue orders if Phipa is breached. One order I issued requires that any identifiable health data must be encrypted if removed from a health care facility on a laptop or any other medium.
Medical privacy is far too important to be left to chance, or to the well intentioned. Strong legislated safeguards are needed.
Take a look at Phipa, which could serve as an excellent model.
Toronto, March 27, 2008