A recent decision by the Information and Privacy Commissioner of Ontario involving a medical clinic highlights the importance of having written job duties and policies regarding the protection of patient personal health information.
The Capital One Data Breach has been big news lately, and for good reason. It’s a big deal. This breach compromised the data of over 100 million Capital One customers. Instead of a shadowy overseas hacker or a creepy crawler from the dark web, the hacker was a former employee of the cloud hosting company through which Capital One stored their data.
This spring the largest penalty to date was issued under Ontario’s Personal Health Information Protection Act (PHIPA). A social work student was convicted of accessing personal health information without authorization, and ordered pay a $20,000 fine and a $5,000 victim fine surcharge.