Office of the Saskatchewan Information and Privacy Commissioner. Best Practices for Information Sharing Agreements. 23 March 2018. 6 and accountability of public bodies with respect to data flows of personal information and how the privacy of individuals is being protected. Government recently recognized their fundamental importance in a statutory requirement for information-sharing agreements with respect to disclosures from health information banks [E-Health Act, s. 19]. … [120] We conclude that there are information-sharing agreements in place for most external disclosures but that they do not always impose specific or detailed standards for the protection of the privacy and security of personal health information. The agreements should not merely reference broad legislative standards, but specifically state the obligations of the recipients of the data to protect it. Given the particular sensitivity of personal health information, all information-sharing agreements should specify high standards for privacy and security, including encryption, secure storage, retention schedules, and requirements for secure disposal of personal information. Recommendation 8 VCH should ensure that all information-sharing agreements require recipients of personal health information outside VCH to maintain specific reasonable standards of privacy and security protection [emphasis added] Further, the British Columbia Information and Privacy Commissioner’s office released a resource titled, Managing Contracts and Information Sharing Agreements (ISAs). In that resource it states: ISAs usually: 1. Define what personal health information means. 2. Describe the purpose for data sharing. 3. Reference all applicable legislation that provides the legal authority for collection, use, and disclosure of personal information. 4. Establish an understanding of who has custody and control. 5. Identify the type of information that each party will share with each other.
RkJQdWJsaXNoZXIy MTgwMjYzOA==