The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Sunday, September 17, 2006
A study by the US Government Accountability Office shows that more than 40% of contractors handling public health insurance data have experienced privacy breaches. Unfortunately, the report is unclear about the severity: one misdirected fax is different from widespread information theft, but the report treats them equally. The report also considers the extent of offshore outsourcing and its impact on privacy.
GAO: Health care privacy breaches widespread:
But the frequency and severity of the breaches is unclear
September 06, 2006 (Computerworld) -- More than 40% of U.S. Medicare contractors and state Medicaid agencies have experienced a privacy breach involving personal health information -- although the frequency or severity of the breaches remains unclear, according to report released yesterday by the U.S. Government Accountability Office (download PDF).
The GAO reviewed the role of private contractors in administering three of the nation's major public health insurance programs -- Medicare, Medicaid and the U.S. Department of Defense's Tricare program. Those agencies have medical data on more than 100 million Americans, according to the GAO.
According to the study, 47% of Medicare Advantage contractors reported privacy breaches within the past two years, as did 44% of Medicaid agencies, 42% of Medicare FFS (fee for service) contractors and 38% of the contractors for the Tricare program.
The report noted that more than 90% of Medicare contractors and state Medicaid agencies -- and 63% of Tricare contractors -- reported some level of domestic outsourcing in 2005, involving anywhere from three to 20 U.S. vendors.
In addition, some federal contractors and state Medicaid agencies knew that those domestic vendors had sent some of the work offshore, the GAO said. Thirty-three Medicare Advantage contractors, two Medicare FFS contractors and one Medicaid agency indicated that their domestic vendors transferred personal health information of U.S. citizens offshore. They did not, however, offer data about the scope of the information transferred overseas.
"Moreover, the reported extent of offshore outsourcing by vendors may be understated because many federal contractors and agencies did not know whether their domestic vendors transferred personal health information to other locations or vendors," the GAO said....
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.