Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 108 • Disclosure of information – e.g., unauthorized verbal disclosure, leaving information displayed on a monitor, electronic interception of information travelling over a transmission line, such as a fax machine or cellular phone, faxing information to the wrong fax number. • Service interruption – e.g., power failure, labour dispute, denial of service attack on an Internet server. • Misuse of information – e.g., transfer of or sale of personal information in contravention of FOIP. • Information not being available – e.g., records that are misdirected or misfiled, or that are destroyed in a manner that is not in accordance with approved records retention and disposition schedules or policies.323 Government institutions should determine the likelihood (low, medium, or high) of each or any of the above threats occurring. Identify the potential consequences and rate the seriousness (less serious, serious, or very serious) of the events if they were to occur.324 IPC Findings In Investigation Report 077-2014, the Commissioner investigated a breach of privacy involving the former Cypress Regional Health Authority (CRHA). The breach involved CRHA nurses and paramedics being asked to “strip charts” that contained personal health information of patients. The purpose of the stripping was to eliminate duplicate and outdated copies of personal health information for preparation of a new integrated facility and for possible scanning into the electronic medical record. The Commissioner reviewed the CRHA’s directions for the staff that were stripping and found that the instructions were vague and did not offer the most basic of explanations. Further, it did not emphasize the need for the protection against unauthorized access, use and disclosure during the project or refer to safeguards that would have helped. The Commissioner found that by giving vague and inconsistent instructions to its employees, the integrity of the personal information was put at 323 Government of Alberta, Health Information Act, Guidelines and Practices Manual, March 2011 at p. 318. Available at https://open.alberta.ca/dataset/50877846-0fba-4dbb-a99feeb651533bc4/resource/3e16d527-2618-48ae-80b8-93f69973878e/download/hia-guidelinespractices-manual.pdf. Accessed June 23, 2020. 324 Government of Alberta, Health Information Act, Guidelines and Practices Manual, March 2011 at p. 318. Available at https://open.alberta.ca/dataset/50877846-0fba-4dbb-a99feeb651533bc4/resource/3e16d527-2618-48ae-80b8-93f69973878e/download/hia-guidelinespractices-manual.pdf. Accessed June 23, 2020.
RkJQdWJsaXNoZXIy MTgwMjYzOA==