We're sorry but your browser is not supported by Marsh.com

For the best experience, please upgrade to a supported browser:



Mitigating Cyber Risks for Health Care Facilities


There is an inherent and fundamental understanding that the relationship with a health care provider is one of trust, whereby professionals are tasked with protecting their clients and patients. The notion of patient privacy is as old as the profession of medicine — and is in fact, an essential part of the Hippocratic Oath.

While medication errors and adverse events/outcomes regularly test this relationship, the most recent threat, privacy and data breaches, have proven to be just as dangerous.


The shift towards electronic health records has been riddled with challenges and has given rise to a whole new area of risk: privacy and data breaches. “Ehealth” was intended to help improve data sharing, access, quality of care, cost reduction through collaboration, and reduction in duplicate service offerings. Instead, there is an identified data and knowledge gap with respect to mitigation strategies, prevention, and appropriate implementation of measures.

In the US, the movement towards ehealth recognized the need to move towards electronic health records to improve both the quality and cost effectiveness of care.

However, health care organizations were not prepared for the potential onslaught of breaches and privacy violations.

In Canada, two pieces of federal legislation currently guide privacy data security: the Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA)