Jacques Gallant and Marco Chown Oved report:
At least three GTA [Greater Toronto Area – Dissent] hospitals do not proactively audit their patient records to detect privacy breaches, the Star has learned.
A survey of 24 hospitals and health-care centres found that more than half say they check their information systems for inappropriate access at least once a month. In contrast, one hospital — Providence Healthcare — still uses paper-based record keeping and reported that it could not conduct audits until a future electronic system is implemented.
There are no specific audit requirements in the province’s Personal Health Information Protection Act, which sets out rules health-care providers must follow when collecting and disclosing personal health information. It is left up to health-care providers to determine how best to comply with privacy requirements, and what disciplinary measures should be taken if a breach has occurred.
Read more on Toronto Star.