What’s keeping CIOs awake at night? DDO Health Law presents its eHealth Risk Management Conference

On May 22nd, DDO Health Law (DDO) hosted its eHealth Risk Management Conference in Toronto. The conference was an opportunity to highlight the opportunities and challenges associated with the increasing role of technology in health care delivery, e.g., managing databases of personal health information and using devices and electronic processes to collect, share and deliver health information. Technology is now being used to communicate with and engage patients and clients (e-mail, apps, social media, discussion boards); to coordinate health care delivery (shared electronic health information systems); and to increase provider efficiency (use of mobile devices at work).

Taking a practical approach to balancing organizational needs and potential risks, speakers from the Healthcare Insurance Reciprocal of Canada (HIROC), eHealth Ontario (eHO) and DDO shared their expertise with a packed audience representing a broad cross-section of the health sector including academic health centres, other hospitals, community mental health agencies, shared services organizations, government agencies, and family health teams.

Conference Themes

We asked our attendees – what is keeping your Chief Information Officer awake at night?

The answer – mitigating the risks associated with e-health initiatives.  Common themes were the need for oversight (to protect the privacy of health information) and minimizing liability exposure.  Whether oversight was framed as a governance, contractual compliance, human resources or system security issue, conference participants consistently expressed a need for additional information and resources to meet their obligations. This was especially true in the context of data-sharing, where many new provincial initiatives were mandating the creation and maintenance of large, pooled repositories of personal health information – creating new province-wide risks and liabilities.

Other, more specific concerns raised included:

  • Managing patient/client consent to the creation of databases
  • Developing, implementing and enforcing best practices related to employees, client/patient and family use of technology (e.g., mobile devices, e-mail, social media use in the healthcare workplace)
  • Ensuring documentation quality where information going into shared databases
  • Controlling access to collected information.

The DDO perspective

At the heart of the issues raised at the conference is the age-old problem of how best to safeguard patient/client/staff personal (health) information. In many ways, technology has only increased the scope of oversight required to ensure the security of that information. DDO speakers offered tools (including a Data-Sharing Agreement checklist) as well as best practices and risk management strategies for organizations from a technological and employment standpoint.

If you wish to receive more information about upcoming DDO Health Law conferences and publications, please visit our website at http://ddohealthlaw.com and subscribe to our mailing list.