Prairie Health Information Privacy Day 2008

This panel discussion will examine Health Information Protection Legislation across Canada's three prairie provinces and is suitable for individuals who require a basic level of understanding. Delegates will also have the opportunity to clarify nagging questions and learn where to go when answers are not so clear.

Gail Mildren
General Counsel, Civil Legal Services
Manitoba Justice

Gail has been a lawyer with Civil Legal Services (CLS) of Manitoba Justice since her call to the Manitoba Bar, and was appointed General Counsel in 1990. She is also the team leader for the CLS Crown Law team of lawyers and the senior lawyer on CLS's Access and Privacy Law Group. Gail's legal practice is varied, and her involvement with access to information and privacy issues dates back to 1985 with the passage of Manitoba's former Freedom of Information Act. In 1996 - 1997, she was involved in the development and drafting of The Freedom of Information and Protection of Privacy Act and The Personal Health Information Act, and she continues to be involved in the implementation of these Acts.

Wendy Robillard is the Senior Manager of the Information Policy and Compliance Unit at Alberta Health and Wellness. The Unit is responsible for policy development and interpretation, for establishing and implementing appropriate security standards and for maintaining the privacy framework. The Unit provides leadership and direction to both the health sector and the department regarding the Health Information Act (HIA). The Unit assists in the development of e-health information management initiatives including the provincial electronic health record known as Alberta Netcare, ensuring health information is collected, used, protected and disclosed in compliance with HIA and other legislative requirements. Wendy was on the technical support team for the HIA Review conducted in 2004 and provides ongoing support to the Electronic Health Record Data Stewardship Committee. She capitalizes on her previous experience as a front line worker in the health sector and takes a pragmatic approach in addressing privacy, security and policy related issues.

Jacqueline has worked extensively within the private and public sectors, most recently in her current role as the Director of the Health Information Policy & Analysis Unit and Chief Privacy and Access Officer for the Saskatchewan Ministry of Health. Her background includes an undergraduate degree in Medical Laboratory Technology (Microbiology), a Masters Degree in Business Administration, and Certification in Mediation and Project Management.

Her unit is responsible for the ongoing implementation and compliance monitoring relating to The Health Information Protection Act (HIPA). In addition, her area has a significant role in the development of legislation and technology solutions for use in healthcare delivery, specifically relating to the impact on privacy and personal health information.

Prior to joining the Ministry of Health, Jacquie enjoyed a diverse career ranging from direct patient care, to the challenge of policy and legislative development for the liquor and gaming industries with the Saskatchewan Liquor and Gaming Authority.

Vivian Salmon
Manager, CQI and Risk Management
Burntwood Regional Health Authority, Manitoba

Vivian is currently the Manager, CQI and Risk Management for the Burntwood Regional Health Authority in northern Manitoba. Prior to assuming this role in 2006, she was involved in the management of health records for three decades. Her career began as a clerk in the Health Records department. In 1978 she completed the Health Record Technician course through distance education with the Canadian Healthcare Association.

In 1989, Vivian was appointed as the Supervisor of Health Records at Thompson General Hospital. Management of the Admitting/Registration department was added to the role in 1991. Then, with regionalization of healthcare in Manitoba in 1997, her role was expanded to include responsibilities for health records management throughout the region.

Vivian is also the Privacy Officer for the Personal Health Information Act and Access and Privacy Coordinator for the Freedom of Information and Protection of Privacy Act

Vivian is a Certified Health Information Management professional and holds current membership with both the Canadian and Manitoba Health Information Management Associations.

Mike Tolfree is the Chief Privacy Officer at the Calgary Health Region. The Calgary Health Region is one of the largest and most diverse health authorities in Canada, covering about 39,000 square kilometres, (about the same size as Switzerland). It provides a wide range of health care services to 1.2 million residents and employs approximately 25,000 individuals. Mike works closely with the implementation of the Region’s Electronic Health Record, one of the country’s most comprehensive and ambitious initiatives. Mike’s responsibilities include: ensuring compliance with privacy legislation, contract negotiation, privacy reviews and audits, drafting and review, mitigating and remediating breaches of patient confidentiality and responding to freedom of information requests. Prior to joining the Calgary Health Region, Mike worked as counsel for Group Health Cooperative. Mike also previously worked as an associate at Bennett Bigelow & Leedom, a law firm with a focus on health care law. Mr. Tolfree enjoys helping organizations in developing countries, and most recently worked pro bono with a non-profit health care organization in Nepal. Mr. Tolfree received a B.A. from Claremont McKenna College and has a J.D. and M.B.A. from the University of Washington.

Does your organization have a plan when it learns about a potential privacy breach? Regardless if a privacy breach actually took place, it is imperative that your organization establishes protocols for responding to potential privacy breaches. These protocols will make the investigation of these breaches more efficient, will aid in determining what actually happened, and ensure that breaches are resolved in a timely fashion. Through an examination of the Winnipeg Regional Health Authority's experiences you will learn about:

• The potential for privacy breaches
• Acknowledging your potential risk
• Developing a plan...and redeveloping your plan...and then again
• Potential challenges for implementation

Landis Esposito
Chief Privacy Officer
Winnipeg Regional Health Authority

Landis assumed the role as WRHA Chief Privacy Officer July of 2006. Prior to taking on this new challenge, Landis spent the past 18 years managing Health Information Services at St. Boniface General Hospital and Community Health Services. She also has nine years experience as an Education Consultant with Canadian Healthcare Association. During her years with Community Health Services, Landis was project lead on the development of requirements, selection of a vendor, and implementation of a solution to meet the needs of an integrated EHR. Landis is also a member of the International Association of Privacy Professionals.

The issue of Access or Disclosure in the Healthcare community is not exactly black or white, especially when emotions are running high and people are looking for answers. Issues around what can be provided to whom, the patient’s ability to provide consent, and one's relationship to the patient etc. all play an integral role in determining what can and what shouldn’t be done. This session is dedicated to helping you determine whether sharing with family or friends is an Access issue or a Disclosure issue or whether it matters. Join Heather McLaren of Manitoba Health for her presentation that will address:

• What do we mean by "access" in personal health information legislation?
• What do we mean by "disclosure" in personal health information legislation?
• What kinds of disclosures might be made to friends or family?
• What privacy rules apply to disclosures to friends and families?
• When can a family member or friend "access" an individual's personal health information?
• How does legislation affect access and disclosure to family or friends?

Heather McLaren
Executive Director, Legislative Unit
Manitoba Health

Heather McLaren is the Executive Director of the Legislative Unit at Manitoba Health. She was involved in the policy development and drafting of The Personal Health Information Act and the Personal Health Information Regulation, both of which have been in force since December 1997. She was most recently involved in the drafting of amendments to the Act which will become law this Fall.

She has participated in federal/provincial/territorial working groups on privacy of health information. She has also delivered presentations at national conferences on implementation of the legislation. Her unit continues to be the first contact point for trustees and the public who have questions about the legislation.

Heather’s educational background includes a Bachelor or Physiotherapy and a Bachelor of Laws from the University of Manitoba. Prior to joining Manitoba Health, she practiced corporate and commercial law with a large Winnipeg law firm.

One of the world’s most extensive and complete Repositories of patient and user information resides at the Manitoba Centre for Health Policy, a research unit of the University of Manitoba’s Faculty of Medicine. Dr. Patricia Martens, who is the Director of MCHP, holds the key (or does she?). Learn how the sensitive information in the Manitoba Population Health Research Data Repository is de-identified. Discover under what terms and conditions local, national and international researchers can utilize the over 90 databases that make up the Repository. Find out how MCHP collaborates in mutli-disciplinary studies to answer questions of key relevance to health & social policy-makers, questions like: Do people receive different levels of care in different regions of the province? Do health and social outcomes differ by region, and where do we see “promising practices”? What are the real graduation rates of school children from different socio-economic areas? Who is using the emergency departments of Winnipeg, and what are the social policy implications?

Dr. Pat Martens
Director, MB Centre for Health Policy
University of Manitoba

Dr. Patricia Martens is the Director of the Manitoba Centre for Health Policy and Associate Professor in the Faculty of Medicine’s Department of Community Health Sciences at the University of Manitoba. As a Canadian Institutes of Health Research (CIHR) New Investigator (2003-2008) and a CIHR/PHAC Applied Public Health Chair (2008-2013), she has done over 200 invited presentations and published over 100 articles, books and abstracts. Patricia’s interests in health services and population health research include projects on the health status and healthcare use of Manitoba’s rural & northern residents, mental health and the use of health care services by those with mental illness, the health of Aboriginal people, and child health (including evaluating community intervention strategies to increase breastfeeding rates). Dr. Martens directs The Need To Know Team, a collaborative research team of university academics and planners from the 11 Regional Health Authorities of Manitoba and the Manitoba Department of Health. This Team’s research impact on health policy and planning was recognized through receipt of the prestigious CIHR’s national Knowledge Translation Award for Regional Impact in 2005.

Mobile devices such as laptops, Blackberries, USB keys etc. are providing professionals in all fields with tremendous power and flexibility when it comes to the realities of today's work environment. The Healthcare community certainly has not been left behind when it comes to the use of such devices, however it is still coming to grips with the potential risk(s) that exist and the subsequent safeguards that need to be in place. This session will leverage the experiences of health regions across Alberta and examine:

• The current laws as they pertain to the use of such devices
• The potential adverse affects when a privacy breach occurs
• Tips on how to implement a safeguard program
• Ongoing challenges and successes

Steven Jewell
Senior Counsel
Capital Health

Currently Senior Director Access, Privacy and Legal Services for Capital Health overseeing privacy, legal and clinical claim matters. Prior to that for three years I was Legal Counsel at the Office of the Information and Privacy Commissioner of Alberta. Before that I had been in private practice and in-house roles in both Canada and England. I am member of both the Law Society of Alberta and the Law Society of England and Wales.

This session will walk you through the process used by the Brandon Regional Health Authority to conduct a comprehensive privacy and security assessment. The assessment was completed by the Privacy and Security committee and included a walk-through of the entire RHA. The purpose of the assessment was to review the information assets, information technology resources and infrastructure, and the privacy and security practices within the RHA to ensure the protection of all confidential information. The completed assessment would enable the committee to meet the requirement under the Personal Health Information Act to audit security safeguards. In addition, they were able to identify areas of risk, develop a plan to mitigate risk and to develop a foundation for future assessments.

Donna Kimpinski
Privacy Officer
Brandon Regional Health Authority

Donna Kimpinski is currently the Privacy Officer at the Brandon Regional Health Authority. Her career in health information management has spanned over the past 29 years and includes experience in data analysis, mental health and management. For several years she worked part time to enable her to raise her three children. Her most recent appointment as the designated Privacy Officer occurred in February 2003 from which time the Brandon RHA privacy program has evolved. The program currently includes two standing committees, the Privacy and Security Committee and the Privacy and Security Awareness Team, both of which are chaired by Donna.

Robert Martin is currently the Director, IT Security and Compliance for Capital Heatlh in Edmonton Alberta. Prior to joining Capital Health in December of 2007 he was the Manager, Information Security and Privacy, for Alberta Health & Wellness where he was responsible for the information security policy, controls and auditing of Alberta Health and Wellness and the Alberta Electronic Health Record. Prior to joining the Government of Alberta, Robert consulted for numerous Canadian and American organizations on all aspects of information security, and he has delivered over 35 courses on information security and enterprise networking.

Given the reliance on technology and the need to bring in information system/technology/management experts to help address issues and challenges faced by your organization in developing an electronic health record, Information Management Agreements (IMA's) with third party contractors become a necessary step to ensuring the privacy of individuals and the personal health information you hold about them. One might think this would be fairly simple...as did Alberta Health and Wellness. 4000 plus IMA's later they realize that it is not. Alberta's legislation enables health information custodians to enter into agreements with an information manager to process, store, retrieve (etc) health information. What started as a simple process to enable the health system to engage IT organizations to provide technical support, has become a complicated system of agreements required to maintain data inputs to and data access from the electronic health record.

This session is dedicated to examining:

• Why IMA's can become very complex,
• The variety of situations in which IMA's can apply...or shouldn't apply
• The challenges faced by Alberta
• Lessons learned by Alberta in order to help you start crafting more effective IMA's for your own organization

Wendy Robillard
Senior Manager, Information Policy and Compliance Unit
Alberta Health and Wellness

Wendy Robillard is the Senior Manager of the Information Policy and Compliance Unit at Alberta Health and Wellness. The Unit is responsible for policy development and interpretation, for establishing and implementing appropriate security standards and for maintaining the privacy framework. The Unit provides leadership and direction to both the health sector and the department regarding the Health Information Act (HIA). The Unit assists in the development of e-health information management initiatives including the provincial electronic health record known as Alberta Netcare, ensuring health information is collected, used, protected and disclosed in compliance with HIA and other legislative requirements. Wendy was on the technical support team for the HIA Review conducted in 2004 and provides ongoing support to the Electronic Health Record Data Stewardship Committee. She capitalizes on her previous experience as a front line worker in the health sector and takes a pragmatic approach in addressing privacy, security and policy related issues.

Perhaps one of the greatest on-going challenges with health information privacy is ensuring the organization is adhering to policies and procedures you establish. During this presentation, Bobbylynn Stewart, Privacy Officer, will detail the steps taken at Saskatoon Health Region to establish an education and training program to approximately 11,500 employees in over 80 facilities within her jurisdiction. Based on her experience, she will discuss the key points in promoting compliance and mitigating privacy risk by increasing employees’ understanding of privacy and access law. She will outline the strategy her team utilized, which includes the successes achieved, challenges faced, as well as the continuing evolution required to keep staff informed of their responsibilities.

Bobbylynn Stewart
Privacy Officer
Saskatoon Regional Health Authority

Bobbylynn Stewart is the Privacy Officer for Saskatoon Health Region, responsible for overseeing the application of The Health Information Protection Act and The Local Authority Freedom of Information and Protection of Privacy Act to health facilities with the Saskatoon region. A graduate of the IAPP Program at the University of Alberta, Bobbylynn’s key role over the last three years has been developing and implementing a privacy and access education plan to her organization, which represents the largest health region in Saskatchewan, serving 289,000 local residents in more than 100 cities, towns, villages, RMs and First Nation communities.