BH.05.OCT1116.R11: WDGPH Annual Privacy Program Update

Human Resources Committee Report BH.05.OCT1116.R11

October 11, 2016

Report to: Human Resources Committee, Board of Health

Submitted by: Dr. Nicola Mercer, Medical Officer of Health & CEO

Subject: WDGPH ANNUAL PRIVACY PROGRAM UPDATE

Recommendations

(a) That the Human Resources Committee make recommendation to the Board of Health to receive this report, as presented, for information.

Background

Wellington-Dufferin-Guelph Public Health (WDGPH) has focused on growing the privacy program at the Agency to proactively identify privacy risks, while finding a balance between privacy and security. WDGPH’s privacy program has concentrated on educating and training employees to grow their privacy knowledge and influence the culture of privacy accountability; working together to identify privacy risks and implement strategies to address such risks.

WDGPH complies with the provisions of the Health Protection and Promotion Act (HPPA), Municipal Freedom of Information and Protection of Privacy Act (MFFIPA) and Ontario Personal Health Information Protection Act (PHIPA). Under the authority of these privacy legislations WDGPH acknowledges the requirements of compliance, and continues to work towards a balanced approach to privacy by encouraging a “privacy by design” approach when implementing new software, programs and/or service delivery. This process has enabled us to meet compliance and identify risks for programs and services delivery.

The following are some of accomplished and ongoing initiatives of the privacy program for the later part of 2015- 2016: 

Training/ Knowledge sharing– Staff and Management:

  • PHIPA (October 2, 2015) and MFIPPA (March 31, 2016) sessions were held onsite and attended by management and the members of the privacy committee. The privacy committee is represented by members from across the Agency who can further share information with their team. The speakers were from the Office of the Information and Privacy Commissioner of Ontario. The speakers provided an overview of the applicable legislation, addressed our compliance requirements under the legislation and reviewed a few cases which aligns with public health’s business. 
  • Privacy training for new hires includes a review of our privacy responsibilities as an Agency and as an employee. As part of our new hire orientation we have an online PHIPA training for all new hires to complete.
  • ​Annual Privacy Awareness Month – In 2015 we deemed October month as “Privacy Awareness month”. During this month we used the internal e-bulletin to deliver weekly reminders of new or revised policies and/or procedures, privacy resources, tips, and quizzes. To engage and make the event a fun and learning experience we incorporated draws for prizes for the quizzes. Overall this event was well received and continues in 2016. 

Technology Growth:

  • WDGPH has identified and established processes for privacy and security when acquiring new software, creating new websites, online programs, and social media initiatives. These processes include conducting privacy impact assessments, ensuring there are privacy and security clauses in the documentation for acquiring any software, databases or online services. This process ensures privacy risks are identified proactively.
  • Employees are encouraged to explore the use of technology, wherever possible, to enhance the delivery of programs and services to the community. The growth and innovative thinking is reflected with our move into the social media world, using Facebook, Twitter, Blogs and online courses to enhance some of the services we provide. Staff are required to address the privacy impact in new projects and seek support, as needed, to ensure privacy and security compliance is achieved. 

Enhanced processes and preventive protocols:

  • Privacy breaches, over the past year, have reduced and are trending less. The opportunity is taken with each breach to review the corrective actions and provide training to staff, if needed.
  • The process for the release of documents has been revised and preventive measures implemented to ensure that the onus of keeping the released records safe and secure once released is on the requestor.
  • WDGPH has implemented auditing practices for databases and electronic health record systems, as well as paper file systems, to ensure information is accessed on a need-to-know basis and to prevent snooping or accessing information for personal gain. 

Public Health and/or Financial Implications

In keeping with section 6.2 of the Ontario Public Health Organizational Standards, an effective privacy program will address emerging issues and potential privacy threats to WDGPH as it delivers its programs and services and fulfills its obligations. 

Appendices

None.

References

None. 

Prepared by: Shanta Persad HR Generalist, Administrative Services

Reviewed by: Elizabeth Bowden, Interim, Director Administrative Services 

Approved by: Dr. Nicola Mercer, Medical Officer of Health & CEO