Privacy review finds personal information protections lacking at B.C. medical clinics
22 B.C. medical clinics audited found to be lacking patient information protection
Medical clinics throughout British Columbia need to do more to protect the often highly sensitive personal information in their possession, according to a new report from the Office of the Information and Privacy Commissioner.
The OIPC report, looking at how nearly 2 dozen B.C. medical clinics are meeting their legal obligations under the Personal Information Protection Act, found that privacy protections are lacking.
OIPC auditors examined 22 clinics and found gaps in privacy management programs at several clinics, including the absence of a designated privacy officer, a lack of funding and resources for privacy and a failure to ensure that privacy practices keep up with technological advances.
Privacy Commissioner Michael McEvoy said the report raises concerns about patient privacy that are relevant throughout the province.
"Medical clinics were chosen for this review for two reasons: the amount and sensitivity of the personal information they collect, some of the most sensitive personal information out there," McEvoy said.
"Doctors and staff at clinics not only owe it to their patients to do their utmost to build and maintain strong privacy programs, but they are also legally obligated to abide by privacy legislation."
Report recommendations
The report makes several recommendations including that clinics build robust privacy management programs that consider how personal information inventories and privacy policies are created, ensure adequate funding and resources for effective privacy management programs and that each clinic designates a privacy officer and establishes and communicates clear internal reporting structures on privacy issues.
The Office of the Information and Privacy Commissioner provides independent oversight and enforcement of British Columbia's access and privacy laws.