Responses from health authorities to patient data story

VANCOUVER — Here are the full responses from each of the health authorities across B.C. in response to a reported vulnerability in paging technology used in health care systems across the province.

Vancouver Coastal Health

Thank you for bringing this important issue to the attention of Vancouver Coastal Health.

We don’t have anyone available for an interview on recent steps to secure patient data through paging systems, but can provide you with some information.

VCH has clear privacy protocols to protect patient information and we take breaches of privacy extremely seriously.

VCH acts in accordance with the Freedom of Information and Protection of Privacy Act and we adhere to prescribed reporting to the Office of the Information and Privacy Commissioner and seek advice when necessary.

We recently made changes to our systems to limit the information contained in paging broadcasts.

We are constantly looking for better ways to improve patient information including new technology.

Fraser Health

Fraser Health is aware of concerns with the existing pager system and we take patient privacy matters seriously.

We are taking steps to mitigate potential privacy breaches and consulting with the Office of the Information and Privacy Commissioner as we move to alternative technologies.

Island Health

Island Health’s primary paging system is called Vocera, which encrypts data as it transverses our network and is used throughout Island Health within clinical areas. No vulnerability issues have been identified with this system.

Island Health currently uses secure, encrypted transmission solutions within patient transport/portering service areas.

Island Health did identify the utilization of 194 alpha-numeric pagers. Island Health’s policy is that these transmissions not include personal information, including patient names. Steps were taken to re-inforce this policy with users.

Our information was shared with the OIPC.

Northern Health

In response to your questions below, I can confirm that Northern Health does not use pager technology via which any patient information can be transmitted. Northern Health ITS Security did a thorough inventory of the pagers in use in the NH region, and all are numeric pagers (none are alphanumeric); the OIPC was advised of this finding.

Interior Health

An internal review by IH Privacy and Security in September determined that IH had only 15 alphanumeric pagers that could potentially be used to transmit patient data.

All of these pagers have been decommissioned .

This information has been shared with OIPC.

(Follow up emails)

Confirmed that the small number of pagers here were not encrypted.

Provincial Health Services Authority

PHSA takes the privacy of our patients seriously and we have thorough privacy protocols in place to protect patient information.

PHSA has limited usage of pager technology and mostly as a backup communication device.

Where pagers usage exists the sensitive information has been limited and/or removed.

PHSA continuously seeks improved pathways to protect patient privacy including exploring new emerging technologies to better security practices. Plans are underway to replace pager technology where it does exist.

Our organization closely works with the Office of the Information and Privacy Commissioner of BC to ensure we have and are implementing best practices.

Providence Health Care

At Providence Health Care (PHC), our surveys show fewer than 1 per cent of transmitted pager messages are alphanumeric. This information has been shared with the OIPC.

PHC has clear privacy protocols to protect patient information and we take breaches of privacy extremely seriously. We have no information to suggest private patient information has been used in any malicious way.

PCH is constantly looking for better ways to protect patient information. Those measures will improve with new technology.

View original article here Source