Stolen hospital laptop sparks new data security rules
Last Updated: Thursday, March 8, 2007 | 5:20 PM ET
CBC News
Related
Video
- Michelle Cheung reports for CBC-TV (Runs: 2:27)
- Play: QuickTime »
- Play: Real Media »
Hospitals across the province are now expected to follow new data security rules following the theft of a laptop computer holding personal information on thousands of patients at Toronto's Hospital for Sick Children, says a report by Ontario's privacy commissioner.
'That is now the standard in Ontario. You must encrypt personally identifiable data that you remove from the office on a remote device.'—Privacy commissioner Ann Cavoukian
Ann Cavoukian's report was released on Thursday, more than two months after the laptop was stolen from the minivan of a doctor. He had left the hospital on Jan. 4 with the computer to work on a research project at home that evening.
Data stored on the laptop included information on 2,900 patients, such as their names, patient numbers and medical conditions.
Hospital spokeswoman Helen Simeon admits the laptop contained sensitive material and even included the HIV status of some patients.
"In my view, there is no excuse. This should never happen again," Simeon told CBC News on Thursday.
Hospitals in question contacted
All hospital patients affected by the security breach have been contacted.
About one-third of them have died, but Cavoukian said the privacy of their medical information is still important because of links to their relatives.
Cavoukian ordered the hospital to implement a ban on the removal of personal health data in electronic form from hospital premises. In cases where such information must be removed, it must first be encrypted.
In fact, all Ontario hospitals will be expected to follow the new rule, Cavoukian said.
"That is now the standard in Ontario. You must encrypt personally identifiable data that you remove from the office on a remote device."
The only security measure on the stolen laptop was an eight-character alpha-numeric password. Cavoukian's report says password protection is no longer enough.
"There is no excuse for unauthorized access to personal health information due to the loss of a mobile computing device," it says.
Cavoukian notes that when it is necessary to upload patient data onto mobile electronic devices, it can also be encoded and include only information essential to the research.
Share Tools
Top News Headlines
- Montreal protesters march in peaceful defiance
- The clanging of pots and pans sounded throughout Montreal's downtown core Saturday night and into early Sunday morning, as thousands of protesters marched on in peaceful — but loud — defiance of Bill 78. more »
- Quebec tornadoes cause millions in damage
- Environment Canada confirms that two tornadoes — one of which was classed as a moderate F-1 packing winds of up to 150 km/h — touched down near Montreal Friday night, causing millions of dollars in damage. more »
- Teen struck by lightning in Ottawa dies
- The victim of a Friday lightning strike during a storm in east Ottawa has died, CBC News has learned. more »
- Missing Winnipeg children found in Mexico
- Two Winnipeg children reported missing and possibly in Mexico have been found alive, according to unofficial reports from an agency that works to find missing people. more »
- Teen struck by lightning in Ottawa dies
- Missing Winnipeg children found in Mexico
- Quebec tornadoes cause millions in damage
- Woman's remains found in hockey bag on Cape Breton river
- Montreal protesters march in peaceful defiance
- Pope's butler arrested in Vatican leaks scandal
- Everest team unable to bring down Toronto woman's body
- WWE apologizes to Brazil over Canadian's flag stomp
- What a Greek euro exit could mean for Canada
