http://www.cbc.ca/canada/ottawa/story/2007/03/08/sickkids-stolenlaptop.html CBC News March 8, 2007 Hospitals across the province are now expected to follow new data security rules following the theft of a laptop computer holding personal information on thousands of patients at Toronto's Hospital for Sick Children, says a report by Ontario's privacy commissioner. Ann Cavoukian's report was released on Thursday, more than two months after the laptop was stolen from the minivan of a doctor. He had left the hospital on Jan. 4 with the computer to work on a research project at home that evening. Data stored on the laptop included information on 2,900 patients, such as their names, patient numbers and medical conditions. Hospital spokeswoman Helen Simeon admits the laptop contained sensitive material and even included the HIV status of some patients. "In my view, there is no excuse. This should never happen again," Simeon told CBC News on Thursday. Hospitals in question contacted All hospital patients affected by the security breach have been contacted. About one-third of them have died, but Cavoukian said the privacy of their medical information is still important because of links to their relatives. Cavoukian ordered the hospital to implement a ban on the removal of personal health data in electronic form from hospital premises. In cases where such information must be removed, it must first be encrypted. In fact, all Ontario hospitals will be expected to follow the new rule, Cavoukian said. "That is now the standard in Ontario. You must encrypt personally identifiable data that you remove from the office on a remote device." The only security measure on the stolen laptop was an eight-character alpha-numeric password. Cavoukian's report says password protection is no longer enough. "There is no excuse for unauthorized access to personal health information due to the loss of a mobile computing device," it says. Cavoukian notes that when it is necessary to upload patient data onto mobile electronic devices, it can also be encoded and include only information essential to the research. _________________________________________ Visit the InfoSec News Security Bookstore http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Sun Mar 11 2007 - 23:28:53 PST