VICTORIA, B.C. — British Columbia's largest health authority is being criticized for the second time in a month over the way it handles computerized patient health records.
Privacy Commissioner Paul Fraser said Friday that privacy was the missing ingredient when the Vancouver Coastal Health Authority set up a database containing personal health information that is accessible by about 4,000 users.
The database, known by its acronym PARIS for the Primary Access Regional Information System, compiles information about patients' finances, social insurance numbers, diagnoses, care and doctors' and counsellors' notes.
"In the course of our three-year investigation we discovered major deficiencies in the implementation of PARIS from a privacy perspective," Fraser said.
"The concern that has emerged from all of this was that there are too many people involved in accessing too much information," he said of the database, which has compiled information for the last nine years.
The system is used by various health care providers working in community programs, including mental health, addictions, public health and communicable diseases.
Records are stored for too long without being archived or destroyed, even when they are no longer needed for care, and the system lacks adequate security, Fraser said.
"The lessons we have learned from the PARIS investigation carry over into all other electronic health databases," he said.
PARIS is one of eight databases in B.C. that contain patient information.
"Health authorities must learn from the mistakes identified in this investigation by ensuring that privacy is not added on at the end, but baked into the entire functional design," Fraser said.
Health information is collected electronically so health care providers can easily access it for better treatment, Fraser said.
"The downside is that if the information is shared too broadly or incorrectly in specific instances then you've got a breach of privacy and to many people, depending on the severity of the information that they're faced with, the cure becomes worse than the disease, if I can put it that way."
However, Fraser also said the health authority has made major strides in fixing the problems.
Last month, auditor general John Doyle reported similar findings, including too many people having access to sensitive information that he described as being vulnerable to hackers.
Among his 20 recommendations, Fraser urged the health authority to collect only the minimum amount of personal information and that records should be archived every year with limited access to them.
He also recommended that staff be required to complete privacy training each year and sign confidentiality agreements on an annual basis.
For the latest from The Canadian Press, scroll down The Tyee's home page or click here.
What have we missed? What do you think? We want to know. Comment below. Keep in mind:
Do:
Do not: