Guidance offered for electronic systems
The Yukon Information and Privacy Commissioner (IPC), Diane McLeod-McKay, has developed new guidance to help public bodies and custodians in the Yukon fulfil their obligation to perform logging and auditing on their electronic systems that contain personal information (PI) or personal health information (PHI).
The Yukon Information and Privacy Commissioner (IPC), Diane McLeod-McKay, has developed new guidance to help public bodies and custodians in the Yukon fulfil their obligation to perform logging and auditing on their electronic systems that contain personal information (PI) or personal health information (PHI).
This obligation is set out for custodians under the Health Information Privacy and Management Act and for public bodies in the Access to Information and Protection of Privacy Act Regulation.
Logging is the creation of a record that shows any access to, creation of, addition to, alteration of or deletion of PI or PHI.
Auditing is the process of formally examining these logs to investigate the confidentiality and integrity of the PI or PHI.
Having appropriate logging and auditing in place serves to deter and detect improper activity, such as unauthorized access or use of PI or PHI.
“Our office has dealt with incidents and complaints that could have been prevented or have had a lesser impact if proper logging and auditing would have been in place,” McLeod-McKay said Tuesday.
“In order to prevent PI or PHI from being accessed, used or disclosed without legal authority, public bodies and custodians which have custody or control of PI or PHI must ensure they are complying with their legal obligations regarding logging and auditing.
“They should also implement logging and auditing best practices to adequately protect this information from a breach. That’s why we’ve developed this guidance to assist custodians and public bodies.”
The Ombudsman, Information and Privacy Commissioner, and Public Interest Disclosure Commissioner is an independent officer of the Yukon Legislative Assembly.
Comments (2)
Up 14 Down 2
Ethics are not ethically applied in the Yukon… Most embarrassingly, they do not even come into play as general rules for conduct… on Jan 27, 2022 at 5:16 pm
With Mr. Facts - It’s like a game of whack-a-mole out there in YG-Land. As soon as one breach pops up there is another, and another, and another one that pops up… Sometimes there are multiple breaches that pop up at the same time…
It’s a right bloody mess. You should see the unaddressed problems with HIPMA that occur in the Longterm Care homes. It is bizarre and it is rampant. They deliberately violate the primary ethical concern around my body my choice regularly and do so without conducting proper assessments of capacity to consent - Because it’s easier and less work then to have to try and negotiate and explain things to seniors who are receiving supposed palliative care.
I had a supervisor who told me to make the paperwork fit the practice to cover up multiple breaches of HIPMA and various codes of ethics - Disgusting behaviour by YG management!
But hey, when you have the illusion of process to cover your tracks it makes the workload lighter. Maybe if they actually had Social Workers who understood ethics questioning these Nurse Ratchett types the practice may actually fall in line with the intent of the legislation.
Up 27 Down 10
Mr Facts on Jan 27, 2022 at 2:35 pm
The IPC lost any credibility when they willfully supported the illegal collection of our PRIVATE MEDICAL INFORMATION. "Just following orders, m'right?" Do your damn job. Because anything else you spout regarding "privacy" is pure unadulterated rhetoric.