Investigation finds that Aspen Regional Health Authority #11 did not maintain administrative safeguards to protect confidentiality of health information and Capital Health Region partly maintained administrative safeguards to protect confidentiality of health information
Frank Work, Q.C., Information and Privacy Commissioner, publicly released an Investigation Report concerning the theft of computers containing individually identifying health information from HealthWise HomeCare Inc, an affiliate of both Capital Health Region and Aspen Regional Health Authority # 11.
The Commissioner’s Office determined that the Health Information Act (HIA) requires a Regional Health Authority to maintain administrative safeguards to protect the confidentiality of health information, and to ensure that its affiliates are aware of and adhere to these safeguards.
The Commissioner’s Office found that Aspen Regional Health Authority # 11 did not establish or adopt policies and procedures, and therefore did not maintain administrative safeguards required by the HIA.
The Commissioner’s Office found that Capital Health Region has developed corporate policies and procedures related to the protection of confidentiality of health information, but had not completed corporate policies and procedures related to the security of health information. As such, the Commissioner’s Office found that Capital Health Region had partly maintained administrative safeguards as required by the HIA.
The Commissioner’s Office found that HealthWise HomeCare Inc. had taken reasonable steps to protect health information.