Security & Health Care-Enter the Privacy Commissioner

A recent security breach at a clinic in Sudbury has prompted a fleury of activity from the provinces Privacy Commissioner Ann Cavoukian. Evidently, an unsecured wireless access point allowed someone driving by to pick up a signal from a feed used to monitor Methodone addicts in the clinic while in the washroom.

While they did have consent to conduct this monitoring - they did not have consent to broadcast it out to the world. Wireless and wired networks need to be secured. The principles and philosophies behind securing both are exactly the same.

The incident has prompted the commissioner to issue a fact sheet illustrating the precautions to be taken when implementing and utilizing wireless networking technologies. Good advice for us all.

I would however like to take issue with one comment in the article made by Ms. Cavoukian:

"I don't expect that level of tech expertise on the part of healthcare providers," the Privacy Commissioner said. "But it's got to be incumbent on people who provide this technology to tell their customers how insecure such wireless surveillance systems can be."

Lets see here, our Privacy Commissioner is sending the direct message that the organizations that are in possession of highly private information are not responsible for securing it, it is their providers. Hmmm.....I see. Shame on you Ms. Cavoukian, in my humble opinion, this is exactly the opposite message of what we should be sending.