Blogs Home
Thursday, March 22, 2018 12:00 PM

Security and Patient Privacy: Just Like Peanut Butter and Jelly

Written by Rob Rhodes, CHCIO, CISSP, HCISPP, Executive Vice President - iatricSystems

Based on an Interview with Seana-Lee Hamilton
Privacy Officer for Fraser Health in British Columbia

Peanut butter and jelly; milk and cookies; Canada and hockey — some things just go together. One more to add to the list — data security and patient privacy. You just can’t have effective and robust patient privacy without security. How secure is data that isn’t private?

Seana-Lee Hamilton is the Privacy Officer for Fraser Health, which cares for 1.8 million patients throughout British Columbia. She has worked diligently to create a program for Fraser Health that intertwines privacy and security.

“At Fraser Heath, we believe in ‘Security and Privacy by Design’ because a robust privacy program doesn’t just happen,” said Seana-Lee. “Whether it’s a software patch, a new biomedical device, or a new way to integrate data from different systems or devices, we review everything with data security and patient privacy perspectives to help us employ best practices throughout the project.”

She goes on to share how, while many things in healthcare technology have changed, much has stayed the same during her 16 years in healthcare patient privacy.

“When I started working in this industry in the early 2000s, privacy and security were considered obstacles to care. Technology and processes have made giant leaps — but still, some people seem bent on avoiding the technology tools that are at our fingertips. With ‘Security and Privacy by Design,’ we empower the use of technology because we work with departments and individuals to help them understand that it comes down to how technology is used.”

As the leader in charge of protecting patient privacy across several facilities, Seana-Lee still faces challenges.

“User literacy is one of the most significant patient privacy threats. Staff and clinicians are aware of patient privacy, in theory, but there’s still a deep need to help them learn and understand the need for protecting the hospital’s network and the role they play in keeping patient information private. Education and continual training are paramount elements of our security program,” she said.

Technology itself is often one of the most substantial challenges to protecting patient privacy, she said.

“Various technologies are necessary to provide high-quality care, but with so many across an organization, it can seem impossible to keep all of the needed and moving data secure,” Seana-Lee said. “Then there are things like email — how do you secure the unsecureable? This is where ‘Security and Privacy by Design’ is vital. We must implement best practices organization-wide to help everyone understand how to use these technologies in ways that don’t risk the privacy of the data.”

The other side is that technology is necessary to know who is accessing patient data and why. The more robust this technology is with analytics and other advancements, the better, because it helps privacy officers determine when access is inappropriate, a large task with more than 27,000 employees. By having ‘Security and Privacy by Design’ in place, Seana-Lee and her team are better able to make a mole hill out of this mountain, and it’s why she takes the responsibility seriously.  

“This is the legacy I want to leave — doing all I can to educate everyone so that each of us, in our own way, is a protector of patient data, keeping our patients’ data secure and private so their health information is where it should be — between the patient and their care team. Gaining and keeping our patients’ trust, that’s the true point of what we do. “