Abstract

[This article was originally published in Healthcare Quarterly, Volume 7, Number 1.]

The recently released July 2003 "Guidelines for Managing Privacy, Data Protection and Security for Ontario Hospitals," prepared by the Ontario Hospital eHealth Council Privacy and Security Working Group (the "Guidelines") are useful in that they provide a comprehensive overview of the types of issues raised for hospitals by existing and pending privacy legislation, and a very high-level framework for addressing same. However, the Guidelines are, as stated high-level guidelines only - leaving hospital management to grapple with the next big step towards privacy compliance: how to operationalize the Guidelines within their particular hospital.