The Information and Privacy Commissioner of Ontario released new guidelines today for disposing of electronic media.

These guidelines explain what it means to take “reasonable steps” to safeguard personal health information through secure destruction. The guidelines apply to all custodians under the Personal Health Information Protection Act, 2004.  That means you, health care providers and organizations of Ontario.

These guidelines specifically address disposing of electronic media such as:

• magnetic media (such as hard drives, magnetic tapes)
• electronic drives (such as solid-state drives, USB flash drives, memory cards)
• mobile devices (such as smartphones, tablets)
• optical discs (such as CDs, DVDs, Blu-ray discs)

Two-step Action Required:

There are two things you need to do …

Step 1: Who disposes of your electronic media now?  Is it a team member or vendor?  Is it you? Whoever it is, tell that person about these new guidelines. Send them an email with a link to the website.  Ask them to make sure they are disposing of your electronic media in accordance with these new rules.

Step 2: Pull out your privacy policies. Look at the section on “destruction” or “disposal”.  Make sure your policy maps to the IPC’s expectations of how you dispose of health information saved on these devices.

Calling all Privacy Officers …

If you are a Privacy Officer for a health care organization and you are looking for training to support you to become an even better Privacy Officer – join me starting May 8th. Read all about my Privacy Officer training program.

If you are advanced, consider joining me in November for my next Advanced Privacy Officer program.  To keep in touch, sign up for my newsletter: www.katedewhirst.com