Auto-suggest is a feature that many are familiar with and have used at one point or another. In essence, these suggestions are generated by an algorithm that takes into account several factors including, the first few letters of a word, the popularity and frequency of a search term, and the saved history on one’s database.
In today’s fast-paced society, auto-suggest was created and intended to be a mechanism that optimises efficiency by generating fast results. However, although in a casual context an auto-fill feature like auto-suggest might be appropriate, and even desirable, it is not a tool that is appropriate when handling sensitive information, such as personal health information, considering the real and known risk that this feature gives rise to.
On January 9, 2014, the Saskatchewan Office of the Information and Privacy Commissioner (“OIPC”) released an investigation report that examined several privacy breaches involving misdirected faxes which exposed individuals’ personal health information to persons who had no legitimate need-to-know that information.
Some of these breaches arose as a result of the auto-suggest feature in combination with a lack of attention to detail on the part of the user.
Given that the health care field regularly relies on the use of fax machines in its general day to day business, the potential for misdirected faxes is not new, and the risk is further heightened with the use of the auto-suggest feature. For that reason, the OIPC reinforced in its report the notion that trustees should have policies and procedures in place to safeguard personal health information when faxing it. This safety measure is further supported by section 16 of The Health Information Protection Act (“HIPA”) , which imposes a legal obligation on health information trustees to establish such policies and procedures in order to protect the integrity, accuracy and confidentiality of the information being transmitted.
One of the recommendations that came out of the OIPC’s report is to disable the auto-suggest function. The rationale behind this recommendation is simple: the inherent risks that this feature poses significantly outweigh any benefits generated by the auto-suggest field. It is common sense that when dealing with sensitive private information that is protected by law, extra care should be taken in its management and distribution.
Therefore, although auto-suggest can heighten efficiency and save a user a few extra minutes when transmitting information, the increased risk it presents and damage it can cause are far greater than the convenience it affords.