British Columbia's privacy commissioner is calling for immediate action by provincial health authorities to boost protection of citizen's health information in the absence of disclosure laws.
Privacy Commissioner Elizabeth Denham says authorities are not legally obligated to report privacy breaches, which could involve sensitive personal information from HIV tests, to mammograms or routine blood results.
Denham has released 13 recommendations in a report that examined eight provincial health authorities between April and June.
The review found the most common breaches include lost or stolen records, unencrypted data, health workers "snooping" in electronic records and deliberate social media disclosures.
More people are affected by privacy breaches due to the growing reliance on electronic records, said Denham in a release.
As a result, Denham is urging health executives to promote a culture of rigorous security and privacy controls by providing resources and tools for implementation of stronger practices.
She says regardless of B.C.'s lack of legal requirements, authorities should promptly notify people if their personal information is breached and could cause harm.