The British Columbia Privacy Commissioner's Office is investigating the theft of a laptop from Burnaby General Hospital. A laptop computer, which under the rules was supposed to be protected with disk encryption software such as AlertBoot, was stolen. More than 600 people are affected.
A total of 635 patients had their names, dates of birth, and personal health card numbers in that stolen laptop. The computer was in the Pulmonary Function Lab at the time of the theft. The laptop, contrary to hospital regulations, was not protected with encryption software. The official investigating the matter noted that "health authority [Fraser Health Authority] should be protecting people's privacy before things are stolen, not afterward" and that, We've been saying for years now that portable storage devices, including laptops or flash drives — those kinds of devices, that contain personal information — that information about identifiable individuals must be encrypted. [cbc.ca] Meh. Who hasn't been saying that?
A total of 635 patients had their names, dates of birth, and personal health card numbers in that stolen laptop. The computer was in the Pulmonary Function Lab at the time of the theft. The laptop, contrary to hospital regulations, was not protected with encryption software.
The official investigating the matter noted that "health authority [Fraser Health Authority] should be protecting people's privacy before things are stolen, not afterward" and that,
We've been saying for years now that portable storage devices, including laptops or flash drives — those kinds of devices, that contain personal information — that information about identifiable individuals must be encrypted. [cbc.ca]
Meh. Who hasn't been saying that?
You know what they say about Canadians? More polite than Americans; they read more than Americans; yadda yadda...the comments section shows it to be true. Comments for the most part are thoughtful, and at least half of them run 5 or 6 sentences long. I mean, I know of blog posts that contain less content... Anyhow, one of the recurring questions is, why was a laptop being used to collect data in the first place? Maybe it's just me but it seems that, since the device was stolen from the Pulmonary Function Lab, the laptop was hooked up to some lung-function-measuring apparatus. If so, the rest of the criticisms related to "not storing patient data on laptops" and "it should have been saved on servers" just sloughs off. I mean, can you imagine designing a spirometer so that it connects to a remote server? And people complain that health-care costs are out of whack; when I listen to some people, it's a wonder it's not worse. Believe it or not, there are situations where sensitive information is stored on a laptop for legitimate reasons. This does not mean that what the hospital did was right. All I'm pointing out is that many people are criticizing an irrelevant issue. What they should be asking is: why did the hospital not encrypt their hospital laptop?
You know what they say about Canadians? More polite than Americans; they read more than Americans; yadda yadda...the comments section shows it to be true. Comments for the most part are thoughtful, and at least half of them run 5 or 6 sentences long. I mean, I know of blog posts that contain less content...
Anyhow, one of the recurring questions is, why was a laptop being used to collect data in the first place? Maybe it's just me but it seems that, since the device was stolen from the Pulmonary Function Lab, the laptop was hooked up to some lung-function-measuring apparatus.
If so, the rest of the criticisms related to "not storing patient data on laptops" and "it should have been saved on servers" just sloughs off. I mean, can you imagine designing a spirometer so that it connects to a remote server? And people complain that health-care costs are out of whack; when I listen to some people, it's a wonder it's not worse.
Believe it or not, there are situations where sensitive information is stored on a laptop for legitimate reasons. This does not mean that what the hospital did was right. All I'm pointing out is that many people are criticizing an irrelevant issue.
What they should be asking is: why did the hospital not encrypt their hospital laptop?
Related Articles and Sites:http://www.cbc.ca/canada/british-columbia/story/2010/09/02/bc-stolen-laptop-patient-data.html?ref=rss1#socialcommentshttp://www.theglobeandmail.com/news/national/british-columbia/stolen-burnaby-hospital-laptop-contained-patients-private-information/article1693862/http://www.news1130.com/news/local/article/96826--bc-privacy-watchdog-concerned-some-organizations-are-still-not-encrypting-private-data