EXCPE 5397 - Privacy Protection for Health Care

Course Description

Health care providers and their staff are required to follow Canadian laws that protect their patients' health information. Understand the fundamentals of privacy protection in the context of health care as you keep up-to-date with new legislation and explore the evolving security threats brought upon by emerging technologies. Learn how to establish a privacy program, protect health information, be prepared for privacy breaches, and carry out breach response plans.

Learner Outcomes

After completing this course, students should be able to: Explain what privacy means in the context of health care and recognize common concepts in Canadian privacy laws, such as: Balancing appropriate use of health information with individual privacy Understanding roles: custodians, trustees, affiliates, employees, information managers, service providers, etc. Custody and control of information Common requirements: privacy officer, policies, safeguards, notification, consent, incident reporting Reasonableness: taking reasonable steps to protect privacy Plan and propose a privacy program that includes the following elements: Privacy officer with defined roles Policies and procedures Administrative, physical and technical controls to protect privacy Practical information security Assessing and mitigating risk and privacy impact assessments Review and compliance Prepare to respond to privacy incidents by: Recognizing common privacy threats, such as: misuse of health information by insiders; phishing, malware and ransomware; unsecure disposal of information Developing and testing a privacy incident response plan Identifying and recommending notification requirements Researching reported privacy and security incidents to improve processes