Lifelong Learning for a Brighter World

Fizza Malik, McMaster University Continuing Education Health Informatics graduate Fizza Malik, McMaster University Continuing Education Health Informatics graduate

Health Informatics

Where health and information
technology intersect.

Learn more today!

HTH 104 - Privacy, Confidentiality & Security- Spring 2020

Academic Credit Value:
3 units
Course Delivery Mode:
Hours of Study:
36 hours
Course Prerequisite(s):
HTH 101
Course Anti-requisite(s):
Instructor Name:
Charmaine Shaw, MA, BA, CHIM, CIPP(C)
Course Dates:
05/11/2020 - 07/12/2020

Required Course Materials:
1. Canadian Privacy; Data Protection Law and Policy for the Practitioner. Second Edition. Kris Klein. An IAPP Publication 2. Selection of CHIMA Professional Practice Briefs (Student membership required)
Optional Course Materials:
Course Description:
This course will examine the "concepts, principles and applications of the rights and obligations related to individual access, privacy and confidentiality of personal health information" (CHIMA, 2010, 21). This examination will involve health information data and records in both paper and electronic formats. The course will review legal regulations and legislations currently in place for the collection, use, storing and sharing of personal health information. Learners will study privacy requirements, responsibilities and risks associated with the life cycle of personal health information as Health Information Managers, Health Informaticians, and members of a health care organization. Various legal, ethical and professional standards as they relate to privacy and access will be presented, discussed and critically analyzed from the perspective of the consumer, organization and Health Information professional.
Learning Outcomes:

Upon completion of this course, students will:
L1. Understand the privacy rights of individuals and groups, as well as the basis for those rights.
L2. Apply Canadian privacy statutes (Freedom of Information and privacy acts) and other statutes (e.g. Hospital Acts) that affect health information.
L3. Demonstrate the CSA Model Code for the Protection of Personal Information, the Pan-Canadian Health Information Privacy and Confidentiality Framework, the concepts of fair information practices, COACH guidelines, CHIMA resources, and health professional practice.
L4. Discuss key provisions, principles and definitions addressed in health information, data protection and privacy statutes (e.g. access, consent, collection, use, disclosure, access, obligations of custodians/trustees and information managers, etc.)
L5. Analyse the role of and responsibility for ‘accountability’ and for ‘compliance with’ statutes, codes of conduct, etc., as they relate to privacy and security in an organization.
L6. Examine retention and destruction for the privacy of health information
Course Evaluation
A final grade for this course is based on the following assignments:
Assignments (5 x 16%)              80%
Discussion Post #1                   5%
Discussion Post #2                      5%
Discussion Post #3                   5%
Discussion Post #4                  5%
Course Format:
This course is designed to present the fundamental concepts and theories in privacy, confidentiality and security, and promote the application to the workplace and professional practice. Course activities will include instructor presentations, required readings and experiential learning activities (i.e. case studies, group discussions, projects, etc.).
Assignment Submission:
Course assignments are submitted to the appropriate A2L Assignment folder by the specified due date
Late Coursework:
Late submissions will be penalized 2% per day (including weekends and holidays) up to seven
(7) days past the due date. After seven days, the Dropbox will close, no further assignments will be accepted, and a grade of “0” will be assigned for the course work item unless otherwise specified by the Instructor. No late papers will be accepted for assignments due by the last official date of the course. Requests for extensions must be submitted to the Instructor before the assignment due date (see Coursework Policies). Extensions are permitted for exceptional circumstances only; supporting documentation may be requested.

Requests for late submissions due to technological issues will be considered only with supporting documentation from the Avenue to Learn technical support team. This information must be provided by the student.

Policy & Procedures:

Academic Regulations (Attendance, Coursework, Tests/Exams):

In accordance to McMaster University’s General Academic Regulations, “it is imperative that students make every effort to meet the originally scheduled course requirements and it is a student’s responsibility to write examinations as scheduled.” Therefore, all students are expected to attend and complete the specific course requirements (i.e. attendance, assignments, and tests/exams) listed in the course outline on or by the date specified.
Students who need to arrange for coursework accommodation, as a result of medical, personal or family reasons, must contact the course instructor within 48 hours of the originally scheduled due date. It is the student’s responsibility to contact the Program Manager to discuss accommodations and procedures related to deferred tests and/or examinations within
48 hours of the originally scheduled test/exam, as per policy. Failure to contact the course instructor, in the case of missed coursework, or the Program Manager, in the case of a missed test/examination, within the specified 48-hour window will result in a grade of zero (0) on the coursework/exam and no further consideration will be granted.

*Note: Supporting documentation will be required but will not ensure approval of accommodation(s).

Academic Integrity

You are expected to exhibit honesty and use ethical behaviour in all aspects of the learning process. Academic credentials you earn are rooted in principles of honesty and academic integrity. Academic dishonesty is to knowingly act or fail to act in a way that results or could result in unearned academic credit or advantage. This behaviour can result in serious consequences, e.g. the grade of zero on an assignment, loss of credit with a notation on the transcript (notation reads: “Grade of F assigned for academic dishonesty”), and/or suspension or expulsion from the university.
It is your responsibility to understand what constitutes academic dishonesty. For information on the various types of academic dishonesty please refer to the Academic Integrity Policy, located at

The following illustrates only three forms of academic dishonesty:
1.   Plagiarism, e.g. the submission of work that is not one’s own or for which other credit
has been obtained.
2.   Improper collaboration in-group work.
3.   Copying or using unauthorized aids in tests and examinations.

Academic Accommodations:
Students with disabilities who require academic accommodations must contact the Student Accessibility Centre (SAS) to meet with an appropriate Disability Services Coordinator. To contact SAS, phone 905-525-9140 ext. 28652, or email For further information, consult McMaster University’s Policy for Academic Accommodation for Students with Disabilities.
On-line Elements:
In this course, we will be using on-line elements, which may include email, Avenue to Learn, WebEX, and external web sites.  Students should be aware that, when they access the electronic components of this course, private information such as first and last names, user names for the McMaster e-mail accounts, and program affiliation may become apparent to all other students in the same course. The available information is dependent on the technology used. Continuation in this course will be deemed consent to this disclosure. If you have any questions or concerns about such disclosure please discuss this with the course instructor.
In this course, we will be using a web-based service ( to reveal plagiarism. Students will be expected to submit their work electronically to and in hard copy so that it can be checked for academic dishonesty. Students who do not wish to submit their work to must still submit a copy to the instructor. No penalty will be assigned to a student who does not submit work to All submitted work is subject to normal
verification that standards of academic integrity have been upheld (e.g., on-line search, etc.). To see the Policy, please go to  McMaster Academic Integrity Policy.

Course Changes:
Course Withdrawal Policy:

 Please refer to course withdrawal/refund policies on our website at; /cce-policies

Grading Scale:


Grade  Equivalent

Grade Point










































Course Schedule:

Module s & Topic

Readings & Assignments

Week 1

· Canadian privacy basics

· Private sector laws


Case Study #1- 16%  


Week 2

· Public sector laws

· Privacy requirements for HER



Case Study #2- 16%  


Week 3

· Privacy Impact Assessment (PIA)


Case Study #3- 16%  


Week 4

· Security strategies


· Discussion Board Post #1 10%


Week 5

· Security breaches



Case Study #4- 16% 

Week 6

· Recovering from a security breach


· Discussion Board Post #2 5%



Week 7

privacy by Design


Case Study #5- 16%

Week 8

· Security requirements for EHR

· Risk management


· Discussion Board Post #3 10%

Week 9




· Discussion Post #4- 10%