Cyber hacking and data breaches have been capturing headlines around the globe, making online security a top priority for everyone. With patient confidentiality and important clinical information on the line, the stakes in health care are very high. Our digital privacy and protection expert Janine Johnston decodes what clinicians and researchers can do to protect their electronic data from attack.
Q: I regularly hear news reports about cyber attacks. How vulnerable is the confidential information on my computer?
A: Our computers may be quite vulnerable to attack, depending on how information is stored and shared. Email is most vulnerable through attachments and links embedded in the body of the text. While Vancouver Coastal Health Research Institute (VCHRI) accounts have many safeguards against attacks, this does not mean that attacks cannot happen.
Q: Can I get a virus just from opening an email?
A: Opening an email is usually okay. What is of concern is opening attachments and clicking on links or images within an email message sent by an attacker. Attachments may have malicious programs embedded in them that, when opened, can harm your computer or network. Links and images within messages may redirect you to a malicious website, or may try to trick you into entering sensitive information.
Q: My computer is password protected, so why do some of my private documents need to be encrypted?
A: Think of a password as the lock on the front door of your house. It may stop a thief from easily walking in, but it will not stop him or her from entering through your window. Similarly, a password that is easy to guess is like leaving the keys to your house under your front door mat.
Q: Why is it important to limit the collection of personal information if data is already secured properly?
A: It is about respect, transparency and good information management. Whenever we collect personal information, we become stewards of that information and accountable for its accuracy, use and security. Collecting only the information you need to do your job reduces the risk of that information being inappropriately shared, misused or lost.
Q: What are the best practices I should know about to help protect sensitive digital information?
A: Four ways you can protect information online are:
- De-identify early. Remove personal identifiers to reduce the risk of causing a privacy breach.
- Limit access to your data. Not everyone on the research team needs access to all the information you collect for your project.
- Secure your data. Encrypt your devices and store your data on secure and managed networks.
- Use secure tools to transfer your data, such as:
- Secure File Transfer Service for staff at Vancouver Coastal Health (VCH), Providence Health Care and Provincial Health Services Authority
- Workspace for staff and students at University of British Columbia (UBC)
- Secure email accounts—such as health authority or academic institution email accounts—and send any sensitive information or data as encrypted attachments
Read more about research privacy at VCH.
New Confidentiality Undertaking process at VCHRI
Researchers at VCHRI and other health authority affiliates will now only have to sign one online Confidentiality Undertaking form every two years, instead of filling out a new form for each research project. Researchers will also receive an email reminder before their privacy acknowledgement expires.
The Confidentiality Undertaking form is a standard set of terms that researchers need to agree to when conducting research at our health authority. This new online form significantly simplifies that process. Learn more at http://learninghub.phsa.ca.