Stolen hospital laptop sparks new data security rules
Last Updated: Thursday, March 8, 2007 | 5:20 PM ET
CBC News
Related
Video
- Michelle Cheung reports for CBC-TV (Runs: 2:27)
- Play: QuickTime »
- Play: Real Media »
Hospitals across the province are now expected to follow new data security rules following the theft of a laptop computer holding personal information on thousands of patients at Toronto's Hospital for Sick Children, says a report by Ontario's privacy commissioner.
'That is now the standard in Ontario. You must encrypt personally identifiable data that you remove from the office on a remote device.'—Privacy commissioner Ann Cavoukian
Ann Cavoukian's report was released on Thursday, more than two months after the laptop was stolen from the minivan of a doctor. He had left the hospital on Jan. 4 with the computer to work on a research project at home that evening.
Data stored on the laptop included information on 2,900 patients, such as their names, patient numbers and medical conditions.
Hospital spokeswoman Helen Simeon admits the laptop contained sensitive material and even included the HIV status of some patients.
"In my view, there is no excuse. This should never happen again," Simeon told CBC News on Thursday.
Hospitals in question contacted
All hospital patients affected by the security breach have been contacted.
About one-third of them have died, but Cavoukian said the privacy of their medical information is still important because of links to their relatives.
Cavoukian ordered the hospital to implement a ban on the removal of personal health data in electronic form from hospital premises. In cases where such information must be removed, it must first be encrypted.
In fact, all Ontario hospitals will be expected to follow the new rule, Cavoukian said.
"That is now the standard in Ontario. You must encrypt personally identifiable data that you remove from the office on a remote device."
The only security measure on the stolen laptop was an eight-character alpha-numeric password. Cavoukian's report says password protection is no longer enough.
"There is no excuse for unauthorized access to personal health information due to the loss of a mobile computing device," it says.
Cavoukian notes that when it is necessary to upload patient data onto mobile electronic devices, it can also be encoded and include only information essential to the research.
Share Tools
Top News Headlines
- Drummond report on Ontario calls for cutbacks
- The Ontario government must curtail its spending with the kind of cuts not seen since the Mike Harris years, according to a report by former TD Bank chief economist Don Drummond. more »
- Children of immigrants challenged at school, home
- By 2016, foreign-born youth and Canadian-born youth from immigrant families will make up a quarter of the country's population, according to predictions by the Canadian Council on Social Development. As their numbers grow, more attention is being paid to their successes and failures. more »
- B.C. house party trial hears from tearful teens
- Two teenagers cried as they testified at the trial of a B.C. woman who was charged after a teen died while her son was hosting a party at her house in 2008. more »
- Whitney Houston funeral to be livestreamed
- Whitney Houston's funeral will be livestreamed, to satisfy the desire of fans to grieve alongside family members at the Saturday memorial. more »
- Drummond report on Ontario calls for cutbacks
- Barefoot girl's icy trek not blamed on babysitter
- Immigrants the proudest Canadians, poll suggests
- 2 NDP MPs back final Commons vote to kill gun registry
- Honduras prison fire kills hundreds
- Canadian housing market cools in January
- Bodyguard hired for bully victim in Fredericton
- Legalize pot, say former B.C. attorneys general
- Russians' abusive plane tirade to cost them $19K
