Is our health information kept safe?

More than ever, Quebeckers realize the importance of protecting their personal information. Recent events that have shaken the world of finance certainly served as an eye-opener. Consequently, more and more people are asking themselves what measures are taken to ensure the confidentiality and security of the information that is collected about them, which includes their electronic health records.

According to Jacques Gagnon, CEO of Imagem, a high-tech firm specialized in the development of health technologies, solutions certainly exist when it comes to ensuring the protection of Quebeckers’ personal information regardless of the sector of activity.

Businesses usually have strong firewalls, which prevent people or malicious software to infiltrate their systems. Often, the real problem lies with internal security. That’s where breaches occur, says Gagnon. According to him, one of the ways a business can secure its environment is by seeking certification by a regulatory body.

Gagnon, who is an engineer by trade, mentions that in the field of medical devices, which is one of the most regulated sectors in the world, two standards provide a regulatory framework for his type of business: MDSAP (Medical Device Single Audit Program) and ISO 13485. Health Canada requires businesses in this field to obtain both certifications.

The ISO 13485 standard focuses primarily on safety and security, on risk management and on traceability. Consequently, it ensures that businesses offer products and services that meet customer expectations and comply with regulatory requirements for medical devices and related services.

As for the MDSAP, it’s an international assessment program for quality management systems used by medical device manufacturers who market their products in Australia, Brazil, Canada, Japan or the United States. 

So every year, Imagem is subjected to an external audit, which verifies that the firm has efficient and rigorous processes in place to ensure the quality of its products and services at every stage of their life cycle.

Jacques Gagnon says that the exercise is particularly onerous, but that it is absolutely indispensable for both the internal processes and the message that it sends. To some extent, the MDSAP and ISO 13485 certifications are indicators of quality that guarantee the reliability and the seriousness of his business. The certifications don’t make his processes infallible, but it shows that the risks within Imagem are minimal.      

In addition to the annual external audit, Imagem undertakes regular reviews of its operations and protocols. What is more, there exists throughout the firm a certain data culture that encourages staff members to treat any confidential information with all the professionalism that is required.

Furthermore, a task log for employees and users ensures a rigorous monitoring of the work being done.

Jacques Gagnon maintains that no matter the activity sector, all should be governed by quality management standards. In addition, business owners, including him, should take care of their staff and offer a secure and safe work environment.