Monday, October 25, 2010

Now for the Flip Side


So a few weeks ago I posited in “Don’t Need It, Don’t Want It” that service providers should not be the sacrificial lamb regarding handling of personal information (“PI”), or personal health information (“PHI”), where the service provider does not need access to this type of information to provide the services. Now for the flip side.

If the services that a service provider is providing do in fact necessitate an entity entrusting this type of information to it, then the service provider does have to accept more stringent controls and security that are legislated in a number of jurisdictions – e.g. Personal Health Information Protection Act, 2004 (Ontario), Personal Information Protection and Electronic Documents Act (Canada) etc..

By way of examples: service providers to the health care industry who have to have access to the PHI in a client’s care should have in place, as a matter of course, use and security standards that meet regulatory requirements for the handling of PHI. Service providers to the financial services industry who have to have access to the PI in a client’s care should have in place, as a matter of course, use and security standards that meet regulatory requirements for the handling of PI. As part of their business model these standards should be “baked into” the services provider’s fees.

What becomes tricky is if a particular client stipulates a stricter standard than industry standards or regulatory requirements. In these instances the client needs to be prepared to lose some of the cost benefits of using the service provider’s standard services, and the service provider needs to evaluate the extra cost associated with it accommodating the special requirements. Both parties have to work together to address their respective concerns in these circumstances.

To quote the philosophical geniuses that are The Rolling Stones (Mick Jagger and Keith Richards),

“…You can’t always get what you want
But if try sometimes you just might find
You get what you need…”

No comments: