SlideShare uma empresa Scribd logo

Ann Cavoukian Presentation

C
CityAge
1 de 27
Baixar para ler offline
Big Data Requires Big Privacy Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario The Data Effect October 19, 2012
Presentation Outline 1.  Importance of Protecting Personal Health Information 2.  Importance of Health Research and Analysis 3.  Consequences if Inadequate Attention to Privacy 4.  Personal Health Information Protection Act (PHIPA) 4.  Legislative Safeguards 5.  Additional Safeguards that Should be Implemented 6.  Privacy by Design: The Gold Standard 7.  Conclusions
Importance of Protecting Personal Health Information
Unique Characteristics of Personal Health Information •  Highly sensitive and personal in nature; •  Must be shared immediately and accurately among a range of health care providers for the benefit of the individual; •  Widely used and disclosed for secondary purposes seen to be in the public interest (e.g., research, health system planning and evaluation, quality assurance); •  Dual nature of personal health information is reflected in the health privacy legislation in Ontario.
Importance of Health Research and Analysis
“Big Data” • Each day we create 2.5 quintillion bytes of data – 90% of the data today has been created in the past 2 years; • Big data analysis and data analytics promises new opportunities to gain valuable insights and benefits; • However, it can also enable expanded surveillance and increase the risk of unauthorized use and disclosure, on a scale previously unimaginable.
The Case for Health Research and Analysis Health research and analytics are vital in: •  Understanding the determinants of health; •  Informing and improving clinical practice guidelines; •  Identifying and achieving cost efficiencies; •  Facilitating health promotion and disease prevention; •  Assessing the need for health services; •  Evaluating the services provided; •  Allocating resources to the health system; •  Educating the public how to improve their health.
Consequences if Inadequate Attention to Privacy
Consequences if Inadequate Attention to Privacy •  Individuals may suffer discrimination, stigmatization and economic or psychological harm; •  Individuals may be deterred from seeking testing or treatment or may engage in multiple doctoring; •  Individuals may withhold or falsify information provided; •  Loss of trust or confidence in the health system; •  Damage to the reputation of the health care provider; •  Lost time and expenditure of resources needed to contain, investigate and remediate privacy breaches; •  Costs of legal liabilities and ensuing proceedings.
Personal Health Information Protection Act (PHIPA)
Recognition of the Value of Health Research and Analysis •  The Personal Health Information Protection Act (PHIPA) came into effect on November 1, 2004; •  It recognizes the value of health research and analysis; •  PHIPA permits health care providers to collect, use and disclose personal health information for purposes beyond the provision of health care, in appropriate circumstances; •  PHIPA attempts to ensure that these other purposes are achieved in a manner that minimizes the impact on privacy.
Legislative Safeguards
Legislative Framework with Oversight •  A legislative framework, PHIPA, governs the collection, use and disclosure of personal health information in the health sector; •  Section 16 of PHIPA requires health care providers to be transparent about their information practices, including their information practices related to research and analysis; •  Section 12 of PHIPA requires health care providers to notify individuals at the first reasonable opportunity about privacy breaches – mandatory breach notification; •  Section 56 of PHIPA provides individuals with the right to complain to my office about contraventions of PHIPA.
Order-Making Powers and Offence Provisions •  My office has broad order-making powers; •  A person affected by a final order issued by my office may commence a lawsuit for damages for actual harm suffered as a result of a breach of PHIPA; •  PHIPA also creates offences, such as for wilfully collecting, using or disclosing personal health information in contravention of PHIPA; •  On conviction, an individual may be liable for a fine of up to $50,000 and corporations face fines of up to $250,000.
Data Minimization •  Data minimization is the most important safeguard in protecting personal health information, including for purposes for health research and analysis; •  PHIPA prohibits health care providers from collecting, using or disclosing personal health information if other information (such as de-identified or anonymized information) will serve the purpose; •  It also prohibits health care providers from collecting, using or disclosing more personal health information than is reasonably necessary to meet the purpose.
Dispelling the Myths about De-Identification… •  The claim that de-identification has no value in protecting privacy due to the ease of re-identification, is a myth; •  If proper de-identification techniques and re-identification risk management procedures are used, re-identification becomes a very difficult task; •  While there may be a residual risk of re-identification, in the vast majority of cases, de-identification will strongly protect the privacy of individuals when additional safeguards are in place. www.ipc.on.ca/English/Resources/Discussion-Papers/Discussion-Papers-Summary/?id=1084
Data De-Identification Tool •  Developed by Dr. Khaled El Emam, a leading investigator at the Children s Hospital of Eastern Ont. Research Institute; •  De-identification tool that minimizes the risk of re-identification based on: -  The low probability of re-identification; -  Whether mitigation controls are in place; -  Motives and capacity of the recipient; -  The extent a breach invades privacy; •  Simultaneously maximizes privacy and data quality while minimizing distortion to the original database. www.ipc.on.ca/images/Resources/positive-sum-khalid.pdf
Evidence that the Tool Works • Dr. El Emam was approached to create a longitudinal public use dataset using his de-identification tool for the purposes of a global data mining competition – the Heritage Health Prize; • Participants in the Heritage Health Prize competition were asked to predict, using de-identified claims data, the number of days patients would be hospitalized in a subsequent year; • Dr. El Emam won the competition, but before awarding him the prize, his de-identified dataset was subjected to a strong re-identification attack by a highly skilled expert; • The expert concluded the dataset could not be re-identified – Dr. El Emam's de-identification tool was highly successful!
Evidence that Re-Identification is Extremely Difficult • A literature search by Dr. El Emam et al. identified 14 published accounts of re-identification attacks on de-identified data; • A review of these attacks revealed that one quarter of all records and roughly one-third of health records were re-identified; • However, Dr. El Emam found that only 2 out of the 14 attacks were made on records that had been properly de-identified using existing standards; • Further, only 1 of the 2 attacks had been made on health data, resulting in a very low re-identification success rate of 0.013%.
Data Minimization for Record Linkages •  Dr. El Emam has also developed a protocol for securely linking databases without sharing any identifying information; •  The protocol uses an encryption system to identify and locate records relating to an individual, existing in multiple datasets; •  This involves encrypting personal identifiers in each dataset and comparing only the encrypted identifiers, using mathematical operations, resulting in a list of matched records, without revealing any personal identifiers; •  The protocol promotes compliance with existing prohibition in PHIPA by allowing linkages of datasets without the disclosure of any identifying information – a win/win solution – positive-sum!
Additional Safeguards that Should be Implemented
The Decade of Privacy by Design
Privacy by Design: The 7 Foundational Principles 1.  Proactive not Reactive: Preventative, not Remedial; 2.  Privacy as the Default setting; 3.  Privacy Embedded into Design; 4.  Full Functionality: Positive-Sum, not Zero-Sum; 5.  End-to-End Security: Full Lifecycle Protection; 6.  Visibility and Transparency: Keep it Open; 7.  Respect for User Privacy: Keep it User-Centric. www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf
Adoption of “Privacy by Design” as an International Standard Landmark Resolution Passed to Preserve the Future of Privacy By Anna Ohlden – October 29th 2010 - http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy JERUSALEM, October 29, 2010 – A landmark Resolution by Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian, was unanimously passed by International Data Protection and Privacy Commissioners in Jerusalem today at their annual conference. The resolution ensures that privacy is embedded into new technologies and business practices, right from the outset – as an essential component of fundamental privacy protection. Full Article: http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy
Privacy by Design: Proactive in 25 Languages! 1. English 9. Hebrew 17. Russian 2. French 10. Hindi 18. Romanian 3. German 11. Chinese 19. Portuguese 4. Spanish 12. Japanese 20. Maltese 5. Italian 13. Arabic 21. Greek 6. Czech 14. Armenian 22. Macedonian 7. Dutch 15. Ukrainian 23. Bulgarian 8. Estonian 16. Korean 24. Croatian 25. Polish
Conclusions •  Big Data promises new opportunities to gain valuable insights and benefits for the health system; •  However, Big Data may also enable expanded surveillance and increase the risk of unauthorized use; •  PHIPA permits the use and disclosure of personal health information for health research and analysis with safeguards such as data minimization and privacy oversight built directly into the legislation; •  But compliance with legislative safeguards is not enough – to reap the benefits of big data, we must get smart about privacy and lead with Privacy by Design; •  Big Data needs Big Privacy – you can achieve both goals in a positive-sum paradigm through Privacy by Design.
How to Contact Us Ann Cavoukian, Ph.D. Information & Privacy Commissioner of Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario, Canada M4W 1A8 Phone: (416) 326-3948 / 1-800-387-0073 Web: www.ipc.on.ca E-mail: info@ipc.on.ca For more information on Privacy by Design, please visit: www.privacybydesign.ca

Recomendados

HIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYHIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYmariaradziminski
 
Geek Sync | Keep your Healthcare Databases Secure and Compliant
Geek Sync | Keep your Healthcare Databases Secure and CompliantGeek Sync | Keep your Healthcare Databases Secure and Compliant
Geek Sync | Keep your Healthcare Databases Secure and CompliantIDERA Software
 
Health Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceHealth Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceControlCase
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Health IT Conference – iHT2
 
HIPAA
HIPAAHIPAA
HIPAAAlanoud Alqoufi
 
HIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHarshit Trivedi
 
HIPAA Privacy & Security
HIPAA Privacy & SecurityHIPAA Privacy & Security
HIPAA Privacy & SecurityNational Pharmacy Technician Association
 
Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118robint2125
 

Recomendados

HIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYHIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYmariaradziminski
 
Geek Sync | Keep your Healthcare Databases Secure and Compliant
Geek Sync | Keep your Healthcare Databases Secure and CompliantGeek Sync | Keep your Healthcare Databases Secure and Compliant
Geek Sync | Keep your Healthcare Databases Secure and CompliantIDERA Software
 
Health Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceHealth Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceControlCase
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Health IT Conference – iHT2
 
HIPAA
HIPAAHIPAA
HIPAAAlanoud Alqoufi
 
HIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHarshit Trivedi
 
HIPAA Privacy & Security
HIPAA Privacy & SecurityHIPAA Privacy & Security
HIPAA Privacy & SecurityNational Pharmacy Technician Association
 
Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118robint2125
 
Hitech Act
Hitech ActHitech Act
Hitech ActDeborah Obasogie
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit ImplementationValency Networks
 
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDSMANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDSijsptm
 
The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act Kartheek Kein
 
HIPAA
HIPAAHIPAA
HIPAASal Lucido
 
HIPAA Compliance
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceManny Oliverez
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOsnobumoto
 
HIPAA | HITECH
HIPAA | HITECHHIPAA | HITECH
HIPAA | HITECHrcabarloc
 
Hipaa and social media using new
Hipaa and social media using newHipaa and social media using new
Hipaa and social media using newOnlineAudio Training
 
Laura Odwazny, 'Regulations Are Not the Barrier to Use of Big Data in Health ...
Laura Odwazny, 'Regulations Are Not the Barrier to Use of Big Data in Health ...Laura Odwazny, 'Regulations Are Not the Barrier to Use of Big Data in Health ...
Laura Odwazny, 'Regulations Are Not the Barrier to Use of Big Data in Health ...The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 
Hipaa
HipaaHipaa
Hipaabelziebub
 
Hipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideHipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideFelipe Prado
 
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...ijsptm
 
Confidentiality & privacy
Confidentiality & privacyConfidentiality & privacy
Confidentiality & privacykendale
 
iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...
iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...
iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...Health IT Conference – iHT2
 
Issue Brief - EHRs
Issue Brief - EHRsIssue Brief - EHRs
Issue Brief - EHRsKatie Seeler Hoskins
 
HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12O2 TESTING SERVICES
 
HIPAA
HIPAAHIPAA
HIPAAkgriffin62
 
HITECH Act
HITECH ActHITECH Act
HITECH Actmeditrack
 
Imac 2011
Imac 2011Imac 2011
Imac 2011sebmojo
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Designbradley_g
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointDeena Fetrow
 

Mais conteúdo relacionado

Mais procurados

HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit ImplementationValency Networks
 
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDSMANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDSijsptm
 
The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act Kartheek Kein
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOsnobumoto
 
HIPAA | HITECH
HIPAA | HITECHHIPAA | HITECH
HIPAA | HITECHrcabarloc
 
Hipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideHipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideFelipe Prado
 
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...ijsptm
 
Confidentiality & privacy
Confidentiality & privacyConfidentiality & privacy
Confidentiality & privacykendale
 
iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...
iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...
iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...Health IT Conference – iHT2
 
Imac 2011
Imac 2011Imac 2011
Imac 2011sebmojo
 

Mais procurados (20)

Hitech Act
Hitech ActHitech Act
Hitech Act
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit Implementation
 
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDSMANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
 
The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act 
 
HIPAA
HIPAAHIPAA
HIPAA
 
HIPAA Compliance
HIPAA ComplianceHIPAA Compliance
HIPAA Compliance
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOs
 
HIPAA | HITECH
HIPAA | HITECHHIPAA | HITECH
HIPAA | HITECH
 
Hipaa and social media using new
Hipaa and social media using newHipaa and social media using new
Hipaa and social media using new
 
Laura Odwazny, 'Regulations Are Not the Barrier to Use of Big Data in Health ...
Laura Odwazny, 'Regulations Are Not the Barrier to Use of Big Data in Health ...Laura Odwazny, 'Regulations Are Not the Barrier to Use of Big Data in Health ...
Laura Odwazny, 'Regulations Are Not the Barrier to Use of Big Data in Health ...
 
Hipaa
HipaaHipaa
Hipaa
 
Hipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideHipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guide
 
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
 
Confidentiality & privacy
Confidentiality & privacyConfidentiality & privacy
Confidentiality & privacy
 
iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...
iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...
iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...
 
Issue Brief - EHRs
Issue Brief - EHRsIssue Brief - EHRs
Issue Brief - EHRs
 
HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12
 
HIPAA
HIPAAHIPAA
HIPAA
 
HITECH Act
HITECH ActHITECH Act
HITECH Act
 
Imac 2011
Imac 2011Imac 2011
Imac 2011
 

Semelhante a Ann Cavoukian Presentation

Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Designbradley_g
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointDeena Fetrow
 
Data security and Privacy in Clinical Research -Compliance and Best Practices...
Data security and Privacy in Clinical Research -Compliance and Best Practices...Data security and Privacy in Clinical Research -Compliance and Best Practices...
Data security and Privacy in Clinical Research -Compliance and Best Practices...ClinosolIndia
 
Legal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsLegal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsAHMED ZINHOM
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareDoug Copley
 
Clinical research ethics and regulation
Clinical research ethics and regulationClinical research ethics and regulation
Clinical research ethics and regulationRoger Watson
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013LeRoy Ulibarri
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013LeRoy Ulibarri
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013LeRoy Ulibarri
 
Virtual Mentor American Medical Association Journal of Ethi.docx
Virtual Mentor American Medical Association Journal of Ethi.docxVirtual Mentor American Medical Association Journal of Ethi.docx
Virtual Mentor American Medical Association Journal of Ethi.docxsheronlewthwaite
 
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Hybrid Cloud
 
Governance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy HawkesGovernance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy Hawkeshealthcareisi
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowShred-it
 
8.2 Demonstration Health - IT benifits - Bagmishika Puhan ( Session 8)
8.2 Demonstration Health - IT benifits - Bagmishika Puhan ( Session 8)8.2 Demonstration Health - IT benifits - Bagmishika Puhan ( Session 8)
8.2 Demonstration Health - IT benifits - Bagmishika Puhan ( Session 8)Apollo Hospitals Group and ATNF
 
HIPAA – Where’s the Harm? Final Rule Update
HIPAA – Where’s the Harm? Final Rule Update HIPAA – Where’s the Harm? Final Rule Update
HIPAA – Where’s the Harm? Final Rule Update Resilient Systems
 
Securing health information
Securing health informationSecuring health information
Securing health informationDarla Moore
 

Semelhante a Ann Cavoukian Presentation (20)

Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Design
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power point
 
Data security and Privacy in Clinical Research -Compliance and Best Practices...
Data security and Privacy in Clinical Research -Compliance and Best Practices...Data security and Privacy in Clinical Research -Compliance and Best Practices...
Data security and Privacy in Clinical Research -Compliance and Best Practices...
 
Legal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsLegal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informatics
 
EHR - A Consumer Perspective
EHR - A Consumer PerspectiveEHR - A Consumer Perspective
EHR - A Consumer Perspective
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in Healthcare
 
Data Management Protection Acts
Data Management Protection ActsData Management Protection Acts
Data Management Protection Acts
 
Clinical research ethics and regulation
Clinical research ethics and regulationClinical research ethics and regulation
Clinical research ethics and regulation
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013
 
Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"
Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"
Nicolas Terry, "Big Data, Regulatory Disruption, and Arbitrage in Health Care"
 
Virtual Mentor American Medical Association Journal of Ethi.docx
Virtual Mentor American Medical Association Journal of Ethi.docxVirtual Mentor American Medical Association Journal of Ethi.docx
Virtual Mentor American Medical Association Journal of Ethi.docx
 
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
 
Governance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy HawkesGovernance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy Hawkes
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to know
 
8.2 Demonstration Health - IT benifits - Bagmishika Puhan ( Session 8)
8.2 Demonstration Health - IT benifits - Bagmishika Puhan ( Session 8)8.2 Demonstration Health - IT benifits - Bagmishika Puhan ( Session 8)
8.2 Demonstration Health - IT benifits - Bagmishika Puhan ( Session 8)
 
HIPAA – Where’s the Harm? Final Rule Update
HIPAA – Where’s the Harm? Final Rule Update HIPAA – Where’s the Harm? Final Rule Update
HIPAA – Where’s the Harm? Final Rule Update
 
Securing health information
Securing health informationSecuring health information
Securing health information
 

Mais de CityAge

Health technology partnership: From blue sky to lives touched - Ryan C.N. D’Arcy
Health technology partnership: From blue sky to lives touched - Ryan C.N. D’ArcyHealth technology partnership: From blue sky to lives touched - Ryan C.N. D’Arcy
Health technology partnership: From blue sky to lives touched - Ryan C.N. D’ArcyCityAge
 
Using BC and Canadian Data to Improve Health and Healthcare What are the best...
Using BC and Canadian Data to Improve Health and Healthcare What are the best...Using BC and Canadian Data to Improve Health and Healthcare What are the best...
Using BC and Canadian Data to Improve Health and Healthcare What are the best...CityAge
 
The Canadian Clinical Trials Asset Map (CCTAM) - Shurjeel H Choudhri and Alis...
The Canadian Clinical Trials Asset Map (CCTAM) - Shurjeel H Choudhri and Alis...The Canadian Clinical Trials Asset Map (CCTAM) - Shurjeel H Choudhri and Alis...
The Canadian Clinical Trials Asset Map (CCTAM) - Shurjeel H Choudhri and Alis...CityAge
 
Moving from Big Data to Better Models of Disease and Drug Response - Joel Dudley
Moving from Big Data to Better Models of Disease and Drug Response - Joel DudleyMoving from Big Data to Better Models of Disease and Drug Response - Joel Dudley
Moving from Big Data to Better Models of Disease and Drug Response - Joel DudleyCityAge
 
Treatment as Prevention The Key to an AIDS & HIV free Generation or Harnessin...
Treatment as Prevention The Key to an AIDS & HIV free Generation or Harnessin...Treatment as Prevention The Key to an AIDS & HIV free Generation or Harnessin...
Treatment as Prevention The Key to an AIDS & HIV free Generation or Harnessin...CityAge
 
My Personal Odyssey with Big Data - Brad Popovich
My Personal Odyssey with Big Data - Brad PopovichMy Personal Odyssey with Big Data - Brad Popovich
My Personal Odyssey with Big Data - Brad PopovichCityAge
 
Applying innovative commercial technology to deliver on the promise of person...
Applying innovative commercial technology to deliver on the promise of person...Applying innovative commercial technology to deliver on the promise of person...
Applying innovative commercial technology to deliver on the promise of person...CityAge
 
Simon O'Byrne Presentation: Ignite Your City's Brand: Mess up Your Neighbourh...
Simon O'Byrne Presentation: Ignite Your City's Brand: Mess up Your Neighbourh...Simon O'Byrne Presentation: Ignite Your City's Brand: Mess up Your Neighbourh...
Simon O'Byrne Presentation: Ignite Your City's Brand: Mess up Your Neighbourh...CityAge
 
Seshadri Subbanna Presentation: Driving Collaborative Innovation with Clients...
Seshadri Subbanna Presentation: Driving Collaborative Innovation with Clients...Seshadri Subbanna Presentation: Driving Collaborative Innovation with Clients...
Seshadri Subbanna Presentation: Driving Collaborative Innovation with Clients...CityAge
 
Pierre Meulien Presentation: The Innovation Economy: How Genomics could chang...
Pierre Meulien Presentation: The Innovation Economy: How Genomics could chang...Pierre Meulien Presentation: The Innovation Economy: How Genomics could chang...
Pierre Meulien Presentation: The Innovation Economy: How Genomics could chang...CityAge
 
Mike Murray Presentation: The Big Shift: Fostering Innovation in Waterloo Reg...
Mike Murray Presentation: The Big Shift: Fostering Innovation in Waterloo Reg...Mike Murray Presentation: The Big Shift: Fostering Innovation in Waterloo Reg...
Mike Murray Presentation: The Big Shift: Fostering Innovation in Waterloo Reg...CityAge
 
Eric Simmons Presentation: Delivering the Connected City
Eric Simmons Presentation: Delivering the Connected CityEric Simmons Presentation: Delivering the Connected City
Eric Simmons Presentation: Delivering the Connected CityCityAge
 
Tom Jenkins Presentation: Open Data and the Implications for Local Government...
Tom Jenkins Presentation: Open Data and the Implications for Local Government...Tom Jenkins Presentation: Open Data and the Implications for Local Government...
Tom Jenkins Presentation: Open Data and the Implications for Local Government...CityAge
 
James Lingerfelt smarter approach to crime reduction
James Lingerfelt smarter approach to crime reductionJames Lingerfelt smarter approach to crime reduction
James Lingerfelt smarter approach to crime reductionCityAge
 
Crime Patterns and Urban Living - Dr. Patricia Brantingham
Crime Patterns and Urban Living - Dr. Patricia BrantinghamCrime Patterns and Urban Living - Dr. Patricia Brantingham
Crime Patterns and Urban Living - Dr. Patricia BrantinghamCityAge
 
LEVERAGING YOUR ANALYTIC CAPACITY TO DRIVE VALUE FROM YOUR DATA ASSETS - Marc...
LEVERAGING YOUR ANALYTIC CAPACITY TO DRIVE VALUE FROM YOUR DATA ASSETS - Marc...LEVERAGING YOUR ANALYTIC CAPACITY TO DRIVE VALUE FROM YOUR DATA ASSETS - Marc...
LEVERAGING YOUR ANALYTIC CAPACITY TO DRIVE VALUE FROM YOUR DATA ASSETS - Marc...CityAge
 
Data Science Meets Healthcare: The Advent of Personalized Medicine - Jacomo C...
Data Science Meets Healthcare: The Advent of Personalized Medicine - Jacomo C...Data Science Meets Healthcare: The Advent of Personalized Medicine - Jacomo C...
Data Science Meets Healthcare: The Advent of Personalized Medicine - Jacomo C...CityAge
 
Treatment as Prevention: THE KEY TO AN AIDS FREE GENERATION - Irene Day and D...
Treatment as Prevention: THE KEY TO AN AIDS FREE GENERATION - Irene Day and D...Treatment as Prevention: THE KEY TO AN AIDS FREE GENERATION - Irene Day and D...
Treatment as Prevention: THE KEY TO AN AIDS FREE GENERATION - Irene Day and D...CityAge
 
The big data opportunity - Chris Yiu
The big data opportunity - Chris YiuThe big data opportunity - Chris Yiu
The big data opportunity - Chris YiuCityAge
 
A Strong Canada Depends on Strong Wireless Networks - Bernard Lord
A Strong Canada Depends on Strong Wireless Networks - Bernard LordA Strong Canada Depends on Strong Wireless Networks - Bernard Lord
A Strong Canada Depends on Strong Wireless Networks - Bernard LordCityAge
 

Mais de CityAge (20)

Health technology partnership: From blue sky to lives touched - Ryan C.N. D’Arcy
Health technology partnership: From blue sky to lives touched - Ryan C.N. D’ArcyHealth technology partnership: From blue sky to lives touched - Ryan C.N. D’Arcy
Health technology partnership: From blue sky to lives touched - Ryan C.N. D’Arcy
 
Using BC and Canadian Data to Improve Health and Healthcare What are the best...
Using BC and Canadian Data to Improve Health and Healthcare What are the best...Using BC and Canadian Data to Improve Health and Healthcare What are the best...
Using BC and Canadian Data to Improve Health and Healthcare What are the best...
 
The Canadian Clinical Trials Asset Map (CCTAM) - Shurjeel H Choudhri and Alis...
The Canadian Clinical Trials Asset Map (CCTAM) - Shurjeel H Choudhri and Alis...The Canadian Clinical Trials Asset Map (CCTAM) - Shurjeel H Choudhri and Alis...
The Canadian Clinical Trials Asset Map (CCTAM) - Shurjeel H Choudhri and Alis...
 
Moving from Big Data to Better Models of Disease and Drug Response - Joel Dudley
Moving from Big Data to Better Models of Disease and Drug Response - Joel DudleyMoving from Big Data to Better Models of Disease and Drug Response - Joel Dudley
Moving from Big Data to Better Models of Disease and Drug Response - Joel Dudley
 
Treatment as Prevention The Key to an AIDS & HIV free Generation or Harnessin...
Treatment as Prevention The Key to an AIDS & HIV free Generation or Harnessin...Treatment as Prevention The Key to an AIDS & HIV free Generation or Harnessin...
Treatment as Prevention The Key to an AIDS & HIV free Generation or Harnessin...
 
My Personal Odyssey with Big Data - Brad Popovich
My Personal Odyssey with Big Data - Brad PopovichMy Personal Odyssey with Big Data - Brad Popovich
My Personal Odyssey with Big Data - Brad Popovich
 
Applying innovative commercial technology to deliver on the promise of person...
Applying innovative commercial technology to deliver on the promise of person...Applying innovative commercial technology to deliver on the promise of person...
Applying innovative commercial technology to deliver on the promise of person...
 
Simon O'Byrne Presentation: Ignite Your City's Brand: Mess up Your Neighbourh...
Simon O'Byrne Presentation: Ignite Your City's Brand: Mess up Your Neighbourh...Simon O'Byrne Presentation: Ignite Your City's Brand: Mess up Your Neighbourh...
Simon O'Byrne Presentation: Ignite Your City's Brand: Mess up Your Neighbourh...
 
Seshadri Subbanna Presentation: Driving Collaborative Innovation with Clients...
Seshadri Subbanna Presentation: Driving Collaborative Innovation with Clients...Seshadri Subbanna Presentation: Driving Collaborative Innovation with Clients...
Seshadri Subbanna Presentation: Driving Collaborative Innovation with Clients...
 
Pierre Meulien Presentation: The Innovation Economy: How Genomics could chang...
Pierre Meulien Presentation: The Innovation Economy: How Genomics could chang...Pierre Meulien Presentation: The Innovation Economy: How Genomics could chang...
Pierre Meulien Presentation: The Innovation Economy: How Genomics could chang...
 
Mike Murray Presentation: The Big Shift: Fostering Innovation in Waterloo Reg...
Mike Murray Presentation: The Big Shift: Fostering Innovation in Waterloo Reg...Mike Murray Presentation: The Big Shift: Fostering Innovation in Waterloo Reg...
Mike Murray Presentation: The Big Shift: Fostering Innovation in Waterloo Reg...
 
Eric Simmons Presentation: Delivering the Connected City
Eric Simmons Presentation: Delivering the Connected CityEric Simmons Presentation: Delivering the Connected City
Eric Simmons Presentation: Delivering the Connected City
 
Tom Jenkins Presentation: Open Data and the Implications for Local Government...
Tom Jenkins Presentation: Open Data and the Implications for Local Government...Tom Jenkins Presentation: Open Data and the Implications for Local Government...
Tom Jenkins Presentation: Open Data and the Implications for Local Government...
 
James Lingerfelt smarter approach to crime reduction
James Lingerfelt smarter approach to crime reductionJames Lingerfelt smarter approach to crime reduction
James Lingerfelt smarter approach to crime reduction
 
Crime Patterns and Urban Living - Dr. Patricia Brantingham
Crime Patterns and Urban Living - Dr. Patricia BrantinghamCrime Patterns and Urban Living - Dr. Patricia Brantingham
Crime Patterns and Urban Living - Dr. Patricia Brantingham
 
LEVERAGING YOUR ANALYTIC CAPACITY TO DRIVE VALUE FROM YOUR DATA ASSETS - Marc...
LEVERAGING YOUR ANALYTIC CAPACITY TO DRIVE VALUE FROM YOUR DATA ASSETS - Marc...LEVERAGING YOUR ANALYTIC CAPACITY TO DRIVE VALUE FROM YOUR DATA ASSETS - Marc...
LEVERAGING YOUR ANALYTIC CAPACITY TO DRIVE VALUE FROM YOUR DATA ASSETS - Marc...
 
Data Science Meets Healthcare: The Advent of Personalized Medicine - Jacomo C...
Data Science Meets Healthcare: The Advent of Personalized Medicine - Jacomo C...Data Science Meets Healthcare: The Advent of Personalized Medicine - Jacomo C...
Data Science Meets Healthcare: The Advent of Personalized Medicine - Jacomo C...
 
Treatment as Prevention: THE KEY TO AN AIDS FREE GENERATION - Irene Day and D...
Treatment as Prevention: THE KEY TO AN AIDS FREE GENERATION - Irene Day and D...Treatment as Prevention: THE KEY TO AN AIDS FREE GENERATION - Irene Day and D...
Treatment as Prevention: THE KEY TO AN AIDS FREE GENERATION - Irene Day and D...
 
The big data opportunity - Chris Yiu
The big data opportunity - Chris YiuThe big data opportunity - Chris Yiu
The big data opportunity - Chris Yiu
 
A Strong Canada Depends on Strong Wireless Networks - Bernard Lord
A Strong Canada Depends on Strong Wireless Networks - Bernard LordA Strong Canada Depends on Strong Wireless Networks - Bernard Lord
A Strong Canada Depends on Strong Wireless Networks - Bernard Lord
 

Ann Cavoukian Presentation

  • 1. Big Data Requires Big Privacy Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario The Data Effect October 19, 2012
  • 2. Presentation Outline 1.  Importance of Protecting Personal Health Information 2.  Importance of Health Research and Analysis 3.  Consequences if Inadequate Attention to Privacy 4.  Personal Health Information Protection Act (PHIPA) 4.  Legislative Safeguards 5.  Additional Safeguards that Should be Implemented 6.  Privacy by Design: The Gold Standard 7.  Conclusions
  • 4. Unique Characteristics of Personal Health Information •  Highly sensitive and personal in nature; •  Must be shared immediately and accurately among a range of health care providers for the benefit of the individual; •  Widely used and disclosed for secondary purposes seen to be in the public interest (e.g., research, health system planning and evaluation, quality assurance); •  Dual nature of personal health information is reflected in the health privacy legislation in Ontario.
  • 6. “Big Data” • Each day we create 2.5 quintillion bytes of data – 90% of the data today has been created in the past 2 years; • Big data analysis and data analytics promises new opportunities to gain valuable insights and benefits; • However, it can also enable expanded surveillance and increase the risk of unauthorized use and disclosure, on a scale previously unimaginable.
  • 7. The Case for Health Research and Analysis Health research and analytics are vital in: •  Understanding the determinants of health; •  Informing and improving clinical practice guidelines; •  Identifying and achieving cost efficiencies; •  Facilitating health promotion and disease prevention; •  Assessing the need for health services; •  Evaluating the services provided; •  Allocating resources to the health system; •  Educating the public how to improve their health.
  • 8. Consequences if Inadequate Attention to Privacy
  • 9. Consequences if Inadequate Attention to Privacy •  Individuals may suffer discrimination, stigmatization and economic or psychological harm; •  Individuals may be deterred from seeking testing or treatment or may engage in multiple doctoring; •  Individuals may withhold or falsify information provided; •  Loss of trust or confidence in the health system; •  Damage to the reputation of the health care provider; •  Lost time and expenditure of resources needed to contain, investigate and remediate privacy breaches; •  Costs of legal liabilities and ensuing proceedings.
  • 11. Recognition of the Value of Health Research and Analysis •  The Personal Health Information Protection Act (PHIPA) came into effect on November 1, 2004; •  It recognizes the value of health research and analysis; •  PHIPA permits health care providers to collect, use and disclose personal health information for purposes beyond the provision of health care, in appropriate circumstances; •  PHIPA attempts to ensure that these other purposes are achieved in a manner that minimizes the impact on privacy.
  • 13. Legislative Framework with Oversight •  A legislative framework, PHIPA, governs the collection, use and disclosure of personal health information in the health sector; •  Section 16 of PHIPA requires health care providers to be transparent about their information practices, including their information practices related to research and analysis; •  Section 12 of PHIPA requires health care providers to notify individuals at the first reasonable opportunity about privacy breaches – mandatory breach notification; •  Section 56 of PHIPA provides individuals with the right to complain to my office about contraventions of PHIPA.
  • 14. Order-Making Powers and Offence Provisions •  My office has broad order-making powers; •  A person affected by a final order issued by my office may commence a lawsuit for damages for actual harm suffered as a result of a breach of PHIPA; •  PHIPA also creates offences, such as for wilfully collecting, using or disclosing personal health information in contravention of PHIPA; •  On conviction, an individual may be liable for a fine of up to $50,000 and corporations face fines of up to $250,000.
  • 15. Data Minimization •  Data minimization is the most important safeguard in protecting personal health information, including for purposes for health research and analysis; •  PHIPA prohibits health care providers from collecting, using or disclosing personal health information if other information (such as de-identified or anonymized information) will serve the purpose; •  It also prohibits health care providers from collecting, using or disclosing more personal health information than is reasonably necessary to meet the purpose.
  • 16. Dispelling the Myths about De-Identification… •  The claim that de-identification has no value in protecting privacy due to the ease of re-identification, is a myth; •  If proper de-identification techniques and re-identification risk management procedures are used, re-identification becomes a very difficult task; •  While there may be a residual risk of re-identification, in the vast majority of cases, de-identification will strongly protect the privacy of individuals when additional safeguards are in place. www.ipc.on.ca/English/Resources/Discussion-Papers/Discussion-Papers-Summary/?id=1084
  • 17. Data De-Identification Tool •  Developed by Dr. Khaled El Emam, a leading investigator at the Children s Hospital of Eastern Ont. Research Institute; •  De-identification tool that minimizes the risk of re-identification based on: -  The low probability of re-identification; -  Whether mitigation controls are in place; -  Motives and capacity of the recipient; -  The extent a breach invades privacy; •  Simultaneously maximizes privacy and data quality while minimizing distortion to the original database. www.ipc.on.ca/images/Resources/positive-sum-khalid.pdf
  • 18. Evidence that the Tool Works • Dr. El Emam was approached to create a longitudinal public use dataset using his de-identification tool for the purposes of a global data mining competition – the Heritage Health Prize; • Participants in the Heritage Health Prize competition were asked to predict, using de-identified claims data, the number of days patients would be hospitalized in a subsequent year; • Dr. El Emam won the competition, but before awarding him the prize, his de-identified dataset was subjected to a strong re-identification attack by a highly skilled expert; • The expert concluded the dataset could not be re-identified – Dr. El Emam's de-identification tool was highly successful!
  • 19. Evidence that Re-Identification is Extremely Difficult • A literature search by Dr. El Emam et al. identified 14 published accounts of re-identification attacks on de-identified data; • A review of these attacks revealed that one quarter of all records and roughly one-third of health records were re-identified; • However, Dr. El Emam found that only 2 out of the 14 attacks were made on records that had been properly de-identified using existing standards; • Further, only 1 of the 2 attacks had been made on health data, resulting in a very low re-identification success rate of 0.013%.
  • 20. Data Minimization for Record Linkages •  Dr. El Emam has also developed a protocol for securely linking databases without sharing any identifying information; •  The protocol uses an encryption system to identify and locate records relating to an individual, existing in multiple datasets; •  This involves encrypting personal identifiers in each dataset and comparing only the encrypted identifiers, using mathematical operations, resulting in a list of matched records, without revealing any personal identifiers; •  The protocol promotes compliance with existing prohibition in PHIPA by allowing linkages of datasets without the disclosure of any identifying information – a win/win solution – positive-sum!
  • 21. Additional Safeguards that Should be Implemented
  • 22. The Decade of Privacy by Design
  • 23. Privacy by Design: The 7 Foundational Principles 1.  Proactive not Reactive: Preventative, not Remedial; 2.  Privacy as the Default setting; 3.  Privacy Embedded into Design; 4.  Full Functionality: Positive-Sum, not Zero-Sum; 5.  End-to-End Security: Full Lifecycle Protection; 6.  Visibility and Transparency: Keep it Open; 7.  Respect for User Privacy: Keep it User-Centric. www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf
  • 24. Adoption of “Privacy by Design” as an International Standard Landmark Resolution Passed to Preserve the Future of Privacy By Anna Ohlden – October 29th 2010 - http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy JERUSALEM, October 29, 2010 – A landmark Resolution by Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian, was unanimously passed by International Data Protection and Privacy Commissioners in Jerusalem today at their annual conference. The resolution ensures that privacy is embedded into new technologies and business practices, right from the outset – as an essential component of fundamental privacy protection. Full Article: http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy
  • 25. Privacy by Design: Proactive in 25 Languages! 1. English 9. Hebrew 17. Russian 2. French 10. Hindi 18. Romanian 3. German 11. Chinese 19. Portuguese 4. Spanish 12. Japanese 20. Maltese 5. Italian 13. Arabic 21. Greek 6. Czech 14. Armenian 22. Macedonian 7. Dutch 15. Ukrainian 23. Bulgarian 8. Estonian 16. Korean 24. Croatian 25. Polish
  • 26. Conclusions •  Big Data promises new opportunities to gain valuable insights and benefits for the health system; •  However, Big Data may also enable expanded surveillance and increase the risk of unauthorized use; •  PHIPA permits the use and disclosure of personal health information for health research and analysis with safeguards such as data minimization and privacy oversight built directly into the legislation; •  But compliance with legislative safeguards is not enough – to reap the benefits of big data, we must get smart about privacy and lead with Privacy by Design; •  Big Data needs Big Privacy – you can achieve both goals in a positive-sum paradigm through Privacy by Design.
  • 27. How to Contact Us Ann Cavoukian, Ph.D. Information & Privacy Commissioner of Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario, Canada M4W 1A8 Phone: (416) 326-3948 / 1-800-387-0073 Web: www.ipc.on.ca E-mail: info@ipc.on.ca For more information on Privacy by Design, please visit: www.privacybydesign.ca