Who is the “health information custodian” when an institution with an educational mandate provides health care? PHIPA gives institutions choice. Here’s a presentation I gave yesterday in which I argue that the institution (and not its employed practitioners) should assume the role of the HIC. Also includes some simple content on the new PHIPA breach notification amendment.
It has been a few years since Carswell published its Managing Personal Information text, but this morning I had cause to look up a chapter on information governance that I contributed. I had forgotten about what I had written about the qualities of a privacy officer, but liked what I read and thought I would share it here.
Acting in support of self-policing is not an easy role. With this in mind, here is a list of good behaviors for privacy officers to demonstrate:
- Flexibility. Privacy officers should understand that few things required by privacy statutes are black and white and should be prepared to accommodate reasonable business risk.
- Creativity. Privacy officers should be prepared to help line managers think creatively about how to manage around privacy-related constraints in a responsible manner.
- Benign skepticism. Privacy officers should give others the benefit of the doubt, while also looking diligently for objective evidence of non-compliance.
- Fairness and consistency. Privacy officers should take an even-handed approach to their duties, treating all departments and employees in a principled and objective manner. They should deal with similar scenarios in similar ways.
- Empathy. Privacy officers should communicate the rules with a view to helping audience members comply and should be understanding of audience members’ business demands.
Privacy officers should strive to foster and protect their credibility with line management. This involves demonstrating unwavering commitment to the principles underlying their privacy programs, yet a willingness to apply those principles in a manner that invites respect and keeps “doors open.”
Thank you Claudiu Popa for involving me in your book project. For more about Managing Personal Information and to purchase a copy see here.