Independent media needs you. Join the Tyee.

The Hook: Political news, freshly caught

BC health authority patient records system lacks privacy

VICTORIA, B.C. — British Columbia's largest health authority is being criticized for the second time in a month over the way it handles computerized patient health records.

Privacy Commissioner Paul Fraser said Friday that privacy was the missing ingredient when the Vancouver Coastal Health Authority set up a database containing personal health information that is accessible by about 4,000 users.

The database, known by its acronym PARIS for the Primary Access Regional Information System, compiles information about patients' finances, social insurance numbers, diagnoses, care and doctors' and counsellors' notes.

"In the course of our three-year investigation we discovered major deficiencies in the implementation of PARIS from a privacy perspective," Fraser said.

"The concern that has emerged from all of this was that there are too many people involved in accessing too much information," he said of the database, which has compiled information for the last nine years.

The system is used by various health care providers working in community programs, including mental health, addictions, public health and communicable diseases.

Records are stored for too long without being archived or destroyed, even when they are no longer needed for care, and the system lacks adequate security, Fraser said.

"The lessons we have learned from the PARIS investigation carry over into all other electronic health databases," he said.

PARIS is one of eight databases in B.C. that contain patient information.

"Health authorities must learn from the mistakes identified in this investigation by ensuring that privacy is not added on at the end, but baked into the entire functional design," Fraser said.

Health information is collected electronically so health care providers can easily access it for better treatment, Fraser said.

"The downside is that if the information is shared too broadly or incorrectly in specific instances then you've got a breach of privacy and to many people, depending on the severity of the information that they're faced with, the cure becomes worse than the disease, if I can put it that way."

However, Fraser also said the health authority has made major strides in fixing the problems.

Last month, auditor general John Doyle reported similar findings, including too many people having access to sensitive information that he described as being vulnerable to hackers.

Among his 20 recommendations, Fraser urged the health authority to collect only the minimum amount of personal information and that records should be archived every year with limited access to them.

He also recommended that staff be required to complete privacy training each year and sign confidentiality agreements on an annual basis.

For the latest from The Canadian Press, scroll down The Tyee's home page or click here.

Find more in:

What have we missed? What do you think? We want to know. Comment below. Keep in mind:

Do:

  • Verify facts, debunk rumours
  • Add context and background
  • Spot typos and logical fallacies
  • Highlight reporting blind spots
  • Ignore trolls
  • Treat all with respect and curiosity
  • Connect with each other

Do not:

  • Use sexist, classist, racist or homophobic language
  • Libel or defame
  • Bully or troll
  • Troll patrol. Instead, flag suspect activity.
comments powered by Disqus