Ontario Privacy Commissioner Ann Cavoukian has issued a 16-page order, an extensive set of guidelines, and a fact sheet on responsible video surveillance following her inquiry into what appears to be a gross breach of privacy involving a clinic in Sudbury.
In the incident that occurred a couple of months ago, a video image of a woman providing a urine sample at a washroom in a methadone clinic in Sudbury, Ont. was accidentally intercepted by a backup camera in a vehicle that was driving by the clinic.
The contentious issue wasn’t the presence of a surveillance camera in the washroom, as this was a methadone clinic, and patients apparently gave written consent to being monitored while providing urine samples. The crux of the investigation, rather, related to the clinic’s use of an unsecured wireless surveillance system that was open to being – and was, in fact – intercepted.
In an interview with ComputerWorld Canada, Cavoukian indicated the clinic couldn’t provide a satisfactory explanation of why it was using an unsecured wireless video surveillance system, save to say the system was installed by a provider who had been recommended to them by the Sudbury police.
“My sense is [they asked] very few questions of the service provider.”
Cavoukian said it was clear the clinic wasn’t aware their wireless video surveillance system was not secure and that signals from the system could be intercepted.
“I don’t expect that level of tech expertise on the part of healthcare providers,” the Privacy Commissioner said. “But it’s got to be incumbent on people who provide this technology to tell their customers how insecure such wireless surveillance systems can be.”
She said the reason for the order and the fact sheet was to ensure that health-care facilities and vendors of surveillance systems understand very clearly what is expected of them from a privacy perspective.
“In the order we’ve gone to great lengths to explain everything, to set the standard for how things should be in Ontario – to ensure that health-care facilities here are aware of what’s required and ask the right sort of questions from their [technology] service providers.”
Last month, following the incident at the Sudbury clinic, the College of Physicians and Surgeons of Ontario (CPSO) issued a Communiqué to Methadone Prescribers directing methadone prescribers to “immediately disconnect any wireless camera systems [they were] using for the purpose of urine collection.
It advised prescribers that the “use of wireless camera systems is not secure, [and] can be easily compromised, thereby jeopardizing patients’ privacy.”
Cavoukian told ComputerWorld Canada that for clinics using wireless surveillance systems, it’s imperative that these systems be encrypted.
“And it’s not enough they apply encryption once and forget about it. [They] have to conduct annual audits of the system, ensure that it’s secure, change the encryption keys and so on.”
Cavuokian said to their credit, the Sudbury clinic staff were “very co-operative”, shut down the system and called their service provider as soon as they were contacted by her office.
The next day, she said, the clinic installed a wired system, getting rid of the wireless one.
When asked whether she had a sense that such breaches may not be limited to a single health-care clinic, Cavoukian exclaimed, “O God, I hope not.”
Her order, however, suggests that similar privacy violations may have occurred at the same clinic over a three-year period.
An excerpt from page 12 says: “It is reasonable to conclude that video images of other clients may have been accessed by unauthorized persons between the time the wireless system was installed in 2004 and its replacement installed in May of 2007.”
The Fact Sheet issued by Cavoukian’s office points to the growing use of Closed Circuit Television (CCTV) or video surveillance cameras in health facilities across Ontario for purposes ranging from building security to observational research.
It says while, typically, these uses increase efficiency or help prevent negative patient incidents, there may be other unsavoury outcomes.
“The unintended consequence of video surveillance, however, regardless of its primary function, is often an invasion of personal privacy.”
This risk, it says, is increased if wireless communication technology is used without adequate protection.
The fact sheet includes a “checklist” for video surveillance equipment with the following points:
- Conduct a privacy impact assessment on the proposed video surveillance system, ensuring that all privacy requirements are identified and met
- Confirm that security and privacy requirements are explicit in any procurement process.
- Confirm that the signal cannot be intercepted or received by anyone other than the authorized individuals on authorized devices.
- Confirm that the video camera will be off at all times except when used for designated purposes.
It urges health-care facilities that have to use video surveillance to take special precautions to protect the privacy of video images – even when explicit consent is obtained from patients.
“No covert surveillance should be conducted,” the fact sheet says, adding that when video cameras are used in private areas, such as washrooms, there should be a very visible indicator that a camera is in use.
“Where video cameras are used for purposes of observation only, recording devices should not be used.”
Cavoukian said while her order and its findings have been issued in the context of the health-care sector and the Personal Health Information Protection Act, its message is applicable to everyone using wireless communications.