The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

Privacy Calendar

Links

RSS FEED for this site

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Tuesday, October 05, 2004

GAO Report on HIPAA's first year

The US GAO has produced a report on the first year of the HIPAA privacy rule. Over at HIPAA Blog, Jeffrey Drummond has posted his own snapshot for this first anniversary:

HIPAA Blog: GAO Reports on the First Year Experience:
"Of course, Privacy 'went live' way back in April 2003. How have things gone for providers, plans and clearinghouses? For the most part, according to the GAO (Government Accountability Office, not, as I always thought, General Accounting Office), fairly smoothly. There is some confusion and challenges abound (accounting for disclosures and business associate issues are highlighted), and the general public is ill-informed of the requirements and benefits, and governmental organizations face some specific problems. Anecdotal evidence shows some over-implementation of the rules resulting in family members being excluded from access to information on loved ones, and research organizations have their own troubles as well. But overall, the implementation of HIPAA has gone fairly well.
Personally, I think this is because the medical community has always been quite good at keeping private what is supposed to stay private. HIPAA was, in large part, drafted to fix a problem that existed primarily in the minds of the paranoid and over-reactionary. Were evil drug companies and marketing firms using personal medical information for nefarious (or at least profit-driven) purposes? Sure, it happened occasionally. But the vast, vast majority (well over the Ivory Soap threshold of 99.44%) of individuals and entities that had access to personal medical information maintained the privacy and confidentiality of that information at least as well as HIPAA now mandates. It's easy to fix a problem if it doesn't really exist in the first place."

Labels: information breaches