Various studies and surveys have consistently shown that while electronic health records enjoy considerable public support, there is considerable concern regarding the privacy of these records. In light of these concerns, a recent Auditor General’s report on a Vancouver Coastal Health Authority system known as “PARIS” is particularly concerning. According to an article in today’s “The Province”
“Security controls throughout the network and over the database were so inadequate that there was a high risk of external and internal attackers being able to access or extract information, without VCHA even being aware of it”
I have not had time to review the report in detail nor do I know the extent to which VCHA has dealt with the issues identified in the audit. Apparently the Auditor General withheld the report for six months to give VCHA time to respond to the issues identified in the report.