As the saying goes, you can have security without privacy, but you cannot have privacy without security. This adage comes to mind this week when I read that Commissioner Beamish continues to tackle the vexing problem that is caused when people snoop on others medical records. As the headline suggests, the Ontario commissioner is urging for better privacy education within the health care sector to try and combat the problem.
But, another way to prevent snooping is to tell all employees that their use of their employer’s computer systems is going to be surveilled, monitored, audited and scanned for bad behaviour.
See? If you increase security, you reduce the risk of a privacy violation for a patient. But, it leaves me wondering if you’re throwing the baby out with the bathwater, in the sense that while you’re protecting the privacy of one segment, you’re essentially reducing all employee privacy rights to nil. Maybe this is why Commissioner Beamish is urging for better education. Maybe he is following in his predecessor’s footsteps and refusing to give in to the zero sum theory.
Maybe they’re right. Maybe stronger penalties for snooping will help. Maybe both are required. All I know, is that if you were prepared to reduce the employee’s privacy rights to nil, patient records would be better protected. There … you now have a conundrum to think about this weekend.
Oh … and just as I was about to submit this to send to you, I came across this excellent little podcast with none other than IAPP’s Trevor Hughes. A great little dialogue about privacy and security and what it means in the big picture.
If you want to comment on this post, you need to login.