Clinic IT, Privacy & Security Mandatory Requirements | Allsite IT

Clinic IT, Privacy & Cyber Security – Mandatory Requirements

Allsite IT Managed IT Servcies Logo with blue office background

Clinic IT, Privacy & Cyber Security – Mandatory Requirements

1. Healthcare Data Privacy & Security Environment

The threats to healthcare organizations continue to escalate. With these are increasing costs of compliance and costs associated with incidents and breaches. Eg. Life Labs Class Action Lawsuit And CTV News – Data Protection

2. More Compliance Requirements

As the public demands answers from all levels of government about the breaches and threats, there is increasing scrutiny by governments of IT, Privacy and Cyber Security measures taken by private organizations.

With this there are more requirements for compliance and more consequences for those organizations found wanting!

3. Requirements

The “[BC] Physician Office Security Guide” says

… safeguards must be in place to ensure that physician clinics comply with the following:

  • Section 34 of the Personal Information Protection Act [the BC](PIPA).
  • Professional requirements of the College of Physicians and Surgeons of BC.
  • Orders and recommendations from the Office of the Information and Privacy Commissioner for British Columbia

(OIPC) for protecting information.

The “[BC] Physician Office Security Guide” says
Source: https://www.doctorsofbc.ca/sites/default/files/physician_office_security_guide_2018_august.pdf

Note:

3.1 There are different requirements for clinics operated by health authorities versus private clinics.

3.2 An organization must be able to demonstrate that it has the required measures in place and that there are regular tests to prove the measures are in working order.

4. Tools & Frameworks

Privacy and cyber security compliance is complex and difficult to maintain over time. “You only need one bad day” for an incident to happen.

To be consistent you need an approved system and skilled cyber security management to oversee it.

The above mentioned government organizations have frameworks of compliance that are required and are commercially reasonable.

5. Compliance is a Protection and a Cost – Like Insurance

The OIPC for BC says: “Despite all of the steps an organization might take to protect the personal information in its custody, privacy breaches can still happen. Dealing with them effectively and expeditiously is crucial. [This Framework] helps organizations formulate a proactive breach response plan that could mitigate serious financial and reputational harm.”

Privacyright Round up Webinars Offer Training Practical Tactics To Protect Personal Information

In other words, “incidents happen, but ‘get with the program’ and things will turn out better for you  when they happen”.

6. Start Immediately

Private healthcare providers should engage with these available frameworks immediately and begin to “get with the program”.

7. Budget

Organizations that don’t have a cyber security budget, should create one as soon as possible. This should include initial assessments and planning, cyber security monitoring, management and tooling, staff training (your staff), and regular attestations of compliance. This is to help you start out, it is not an exhaustive list.

Some of these costs will be offset by savings on Privacy and Cyber Insurance premiums – there are potential premium savings to be had when an organization has these measures in place.

No Comments

Post A Comment