Governance: Is Ontario Ready for an EHR?

Imagine building a house without wiring it for electricity. Despite good intentions, millions of dollars, years of effort and, probably matching the historical norm of any visionary undertaking, a scandal or two, Ontario does not yet have an electronic health record (“EHR”). Despite some success with building networks and applications to support an EHR, the […]

Author: emp     07 25th, 2010 in Information Security, Privacy     No Comments »

UHN. Encryption. Devil. Details.

Another lost laptop; another press release, something entirely too common these days. But one press release issued last week had an element that caught my eye and serves as a reminder that encrypted laptops are not a panacea for those who want to have data readily at hand in a portable device.

Author: emp     06 3rd, 2010 in Information Security     7 Comments »

“…About Your PHR”: A Response

A little over a month ago a post, written by Michael Martineau and Michael Power, was published on this blog (as well as eHealth Musings and ITWorld Canada) entitled “Dear McGill University Health Centre … About Your PHR”.  Shortly after it appeared, the authors were contacted by Philippe Panzini, Chief Technology Officer at MEDICAL.MD EHR […]

Author: emp     05 5th, 2010 in Information Security, Privacy     1 Comment »

EHR Regulation in Canada: Did They Get It Right?

On 31 August 2009, Health Canada issued a Notice indicating that “patient management software” is subject to the Medical Devices Regulations (“MDRs”) and regulated under Canada’s Food and Drugs Act. While this action is laudable, the approach taken by Health Canada raises questions as to whether privacy and security are sufficiently addressed in this new […]

Author: emp     04 7th, 2010 in Information Security     5 Comments »

Dear McGill University Health Center…About Your PHR.

This post, written by myself and Michael Martineau, is also posted on eHealth Musings and ITWorld Canada. North Americans appear ready to interact electronically with their healthcare providers and take a more active role in managing their own health care.   A much-talked about tool in this regard is the Personal Health Record (“PHR”).  While there […]

Author: emp     03 26th, 2010 in Information Security, Privacy     2 Comments »

Can Governments Force Patient Data into EHRs?

If a government builds an EHR, can it require your data be put into it? Governments in many jurisdictions have embarked on a concerted effort to build and use electronic health records (EHRs) and to encourage health professionals to use electronic medical records (EMRs). Everyone seems to have assumed that creating an EHR would be […]

Author: emp     03 23rd, 2010 in Information Security, Privacy     2 Comments »

Security Breaches: Treat the Disease Not The Symptoms

Dealing with breaches is like treating the symptoms: organizations really need to address the underlying problems. To that end, I would suggest that anyone considering how best to prevent breach management really think in terms of “incident management”. What’s the difference between incidents and breaches? A lot and a thorough understanding the former may help minimize the latter.

Author: emp     03 18th, 2010 in Information Security     4 Comments »

Next Entries »