Privacy and security

Steven TamSteven Tam takes privacy seriously. As General Counsel and Chief Privacy Officer for VCH, and chair of the CST project’s Privacy Working Group, it’s his job to balance the information needs of health care professionals, and the privacy of patient data.

“With the new clinical information system, we will be capturing more information in a single system than ever before,” says Steven. “More people will have access to more information about more individuals.

“I had a strong interest in CST because I saw an opportunity to do things better from the start with regard to privacy compliance. We’re designing the new system with privacy in mind, including the ability to have all of the data needed for auditing purposes. Auditing will be a lot better because we can look at who’s had access to charts.”

The Privacy Working Group is developing access models, which will ensure that only people who need to see a patient’s data to carry out their duties will have access to such personal information.

“I see this as an opportunity to establish provincial standards for access models and to create consistency across facilities regarding who has access to what kinds of information,” says Steven. “It forces us to step back and ask ourselves the questions, and to make deliberate decisions around what access a particular care provider should have. That’s one of the benefits that will come out of this.”

There won’t be a one-size-fits-all access model, because some agencies and departments have specific privacy requirements.

“Information about mental health, HIV, abortions, communicable diseases, etc. is treated more sensitively today,” confirms Steven. “We’re collaborating with several agencies, including Forensics, so we have to make decisions based on clinical needs about what information should be accessible outside of those circles.”

Making research and quality improvements also presents a unique challenge.

“These are large data sets,” explains Steven, “so there potentially could be large disclosures of health information affecting thousands of people. We’re looking at the governance, the review and approval process, to reduce that risk.

“We’re also looking closely at what security is in place – technical solutions, firewalls, encryption and access models. The access model and the audit program are crucial to the security of patient data.”