Concurrent Sessions

AB1 Leadership in the Age of Privacy Breaches: Cyber Risk and Lessons Learned

Theme 1. Effective leadership and governance for system transformation

Presentation Details

  • Date: Wednesday, October 25, 2017
  • Concurrent Session A & B
  • Time: 2:30pm-4:15pm
  • Room:
  • Focus: Balance between both (e.g. Presentation of a best-practice guideline that combines research evidence, policy issues and practical steps for implementation)

1. Privacy and Cyber Risk and Information Governance for FHTs

Style: Presentation (information provided to audience, with opportunity for audience to ask question)

Target Audience: Leadership (ED, clinical lead, board chair, board member, etc.), Clinical providers, Administrative staff, Representatives of stakeholder/partner organizations

Learning Objectives

  1. Participants will learn about the evolution of privacy and cyber risk in the health sector, unique issues for family health teams and strategies for managing privacy and cyber breaches and risks.
  2. They will learn about the key components of an Enterprise Risk Management framework for privacy and cyber security and how this relates to effective Board Governance.


This session will address the evolution of privacy and cyber risk in the health sector, including new trends, the emergence of new privacy torts and class action law suits. In this context, it will examine the unique structure of family health teams, the importance of defining roles and responsibilities under the Personal Health Information Protection Act, 2004, including as it relates to the sharing of personal health information, and the obligations of senior leadership and the board of directors for the protection of personal health information and information governance. The presenters will explore the implications of privacy and cyber breaches and strategies to manage this risk, including enterprise risk management. The presenters will explore strategies for addressing, mitigating, avoiding through the development of information governance frameworks or transferring this risk, including through the use of cyber insurance or other tools.


  • Kathyrn Frelick, Partner, Leader Heath, Miller Thomson
  • Declan Friel, Healthcare Practice Leader, Hub International

2. Tales of a Privacy Breach – What Our FHT Learned and How We Are Stronger Because of It

Style: Panel Discussion (in addition to providing information, panelists interact with one another to explore/debate a topic)

Target Audience: Leadership (ED, clinical lead, board chair, board member, etc.), Clinical providers, Administrative staff

Learning Objectives

  • Participants will hear first hand how our team managed a major privacy breach that occurred as a result of a privacy audit on the EMR after a practice transition to another family physician.
  • Skills and knowledge gained will include:
    1. The importance of having privacy policies and audit procedures
    2. What do to in the event of a breach
    3. How to report a breach – and manage the communication stakeholders (patients)
    4. Dealing with the media
    5. Our leadership team’s role in supporting the process
    6. Managing next steps
    7. Our HFHT will share lessons learned and our privacy resources with attendees


We envision having a panel discussion/presentation that will provide an overview on how a privacy breach was discovered and then how it was managed. Our response and support to the practice team who discovered the breach.  How we dealt with reporting the breach, dealing with the privacy commissioner, EMR vendor, those who were involved with the breach, managing the media and managing the communication about this across our organization. We gained valuable lessons learned and although this was a very difficult situation, those involved felt supported through the process and we are stronger for having gone through this. We feel our lesson’s learned would be of value to other FHTs and healthcare providers. Each panel member had a role to play in the process and they will share their experience. We will provide a short presentation/overview of how the breach was discovered, how we managed the process and our lessons learned. We will then open it up to the audience to ask questions and have an interactive dialogue with attendees.


  • Dr. Lindsey George, Privacy Officer, Hamilton Family Health Team
  • Terry McCarthy, Executive Director, Hamilton Family Health Team
  • Vanessa Foreman, Health Planning and Communications Coordinator, Hamilton Family Health Team
  • Monica Debenedetti, Lead Physician, Hamilton Family Health Team

Author & Contributor

  • Kate Dewhurst, Lawyer