Sick Kids Hospital, which lost a laptop recently containing information on 2900 patients, has been ordered [PDF link] by the government to protect patient data more stringently.

The laptop with the patient data – including their HIV status – was stolen from a doctor’s van on January 4th. The laptop was only protected by passwords, not encryption.

The Ontario Information and Privacy Commissioner, Ann Cavoukian, ordered that all patient data be encrypted and that information with patient identifying materials cannot leave the hospital. The Sick Kids Hospital has until June 15th to comply with the order, while other hospitals are being urged to follow suit in order to comply with the Canadian Personal Health Information Protection Act.

Toronto Star reports:

At the time of the theft, Sick Kids broke a number of rules under the Personal Health Information Protection Act, including failing to properly protect patient health information from theft, loss and unauthorized use, the commissioner noted. Mandatory encryption to protect identities is not part of the hospital’s security policy. As well, the rules "discouraged," staff from removing electronic patient data from the hospital but did not prohibit it. Security rules were inconsistent because individual departments were allowed to set their own security practices and standards.

Tags: , , , , , , ,

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati