The Access to Information and Privacy Act (ATIP) of Canada came into effect in 1983. With this act, under the control of a federal government institution, Canadian citizens, permanent residents, or other individuals or corporations in Canada have the right of access to information. This act defines the procedures for processing ATIP requests including deadlines for response and the circumstances under which government agencies can withhold information.
The Information Commissioner was created to investigate complaints about non-compliance with the act’s requirements.
The government recognizes ATIP as an essential element of democracy, transparency, and openness. Even so, according to the Information Commissioner, federal agencies are struggling to keep up with that transparency.
Old Age: The Root Cause of ATIP Complaints
According to the Information Commissioner Caroline Maynard, ATIP is very outdated:
“I was surprised by how complex the Access to Information Act was. It’s a very complicated part of the law … and very outdated, unfortunately.”
Bill C-58 should provide a long-overdue update of the ATIP framework that hasn’t seen any changes since its inception. The outdated framework and the growing number of ATIP requests (up 225% in the past 5 years) is placing a heavy burden on government agencies.
The old legal framework accompanied by old software and a growing number of ATIP requests results in a growing number of complaints.
“(We) are struggling to respond to the demand for access. (Institutions) don’t have the resources and we don’t have the technology to respond to that kind of increase,” said Maynard.
It is obvious from Maynard’s statements that Canadian agencies lack a modern technology that could help them respond to all the received requests in a timely manner.
Expedience isn’t the only problem Canadian agencies are facing.
Top Challenges of Canadian ATIP Agencies
Let’s start from the very beginning – the submission of requests. Citizens can file for the disclosure of information through an online portal. But online requests can be subjected to security issues, especially when requesting a document from a public space.
The whole process of submitting a request is very complex, and depending on the type of request, the citizens can easily be overwhelmed with the required documents.
Image Source: https://www.canada.ca/en/treasury-board-secretariat/services/access-information-privacy/access-information/request-information.html
Submitting a request to the wrong department is a common mistake, and in that case, most requests cannot be transferred across the institutions.
Security, complexity, and collaboration between departments are some of the key challenges Canadian government agencies are facing today. Since government agencies are working with personal information, data security is the first thing they should think of.
Staﬃng issues are another problem Canadian agencies are facing on a daily basis. Many federal agencies have reported the lack of staff and expertise needed to process requests effectively. This is one of the major causes of delays. To retain and attract personnel, employees are promoted before they possess the required skills. This lack of knowledge hinders efficiency.
Job classifications vary between departments, reducing flexibility. The skills required to perform in multiple functions is not well-defined.
Budget constraints are another challenge for reducing backlog of requests and resulting complaints. According to the Information Commissioner, the government’s “stopgap approach” to funding is jeopardizing the efforts to clear the backlog of complaints from dissatisfied requesters.
In her latest annual plan, Maynard said, it is difficult to set goals and maintain momentum because of the financial instability her office is facing.
Deadline extensions and search volume are also problematic. The ability for agencies to manage information successfully is key to a sustainable access regime. The speed with which ATIP records are created has outpaced the traditional record-keeping practices. This has a direct impact on the ability for agencies to search and locate records needed to fulfill a request.
As a result, government agencies are increasing deadline extensions, so they can effectively search for the needed information and process massive volumes of documents.
Email communications themselves have added to the number of records processed without adding to their quality.
Government agencies also struggle with the review and redaction of records. Although some agencies use software for this purpose, other agencies are still struggling to manually review and redact requests. Government agencies do know that automated tools help reduce the processing time, but by focusing on up-front cost alone, decision-makers deem these solutions as too costly.
Obviously, there are many challenges government agencies are struggling with. The ATIP process has numerous issues, not surprisingly since the system is over three decades old and administered by a law that has never had a complete overhaul.
What can the agencies do to reduce the time spent on processing requests and still stay in budget?
Invest in a modern yet cost-effective ATIP solution.
ArkCase ATIP Solution: A Modern, Cost-Effective Solution for Canadian Agencies
ArkCase provides an adaptive, dynamic open-source case Management platform to support your ATIP needs. ArkCase for ATIP reduces the time spent on request processing and improves the effectiveness of the entire process, increasing efficiency throughout the entire public request lifecycle: from submission to final response and delivery of the requested documents.
The ArkCase ATIP solution is created to meet all the requirements to provide necessary security.
Here are some of the key features and their benefits of the ArkCase ATIP software solution:
1. Automation of the Entire ATIP Process
Processing a vast number of requests is one of the biggest problems government agencies face. To assist in reducing backlogs, the ArkCase ATIP solution is fully automated and easy-to-use.
From online public request submission to delivery, this solution accelerates and automates processing. No more piles of paper. No more backlogs. No more complaints.
2. One Interface for Communication
The ArkCase ATIP solution uses one interface for internal and external communications. This allows fast and easy communication between departments and agencies as well as citizens.
3. Pre-Configured Workflows
When a request is submitted, the ArkCase ATIP solution stores it and creates a pre-configured secure workflow. The standard format of the workflow makes the whole process easier for staff.With ArkCase’s ‘multi-track and automatic status update feature, ATIP staff will always know when and what they are supposed to do. This makes public request processing much simpler, easier, and faster.
4. Online Submission of ATIP Requests
The ArkCase solution allows online submission of requests. Citizens anywhere can easily request government information.
5. Data Storage & Access to Records
As cloud-based software, our solution stores and maintains all the records and correspondences on a secure AWS cloud infrastructure that meets Canadian security requirements.
This allows employees to have secure access to data from anywhere in the world on any device with an Internet connection.
These are just a handful of features that make the ArkCase ATIP Software Solution a reliable, scalable, secure, and cost-effective solution.
With the ArkCase ATIP solution, government agencies can significantly simplify request submission and fulfillment. From the online submission of public requests to digital delivery, the ArkCase ATIP software solution improves the process from beginning to end.
This way, government agencies can get more done, in less time, with less manual work, and with fewer complaints to the Information Commissioner office.
The purpose of ATIP is to provide Canadian citizens a right of access to records under the control of government agencies. Agencies are facing many challenges that contribute to large backlogs and a huge number of complaints.
The biggest challenge is that most of the agencies still lack the technology needed to effectively accept and process requests in a timely manner.
Luckily, there is a modern, cost-effective solution to their challenges – the ArkCase ATIP solution. With ArkCase, Canadian agencies can reduce backlogs and get more done, in less time.
I hope that this blog post will be helpful for you as an ATIP department manager or staﬀ member, to see what challenges government agencies to struggle with, and how a solution like ArkCase can help overcome those challenges.
If you want to discover more about the ArkCase ATIP solution, or you have any questions or comments, don’t hesitate to contact us.
And don’t forget to share this blog post with your friends on social media networks so they can also see how the biggest challenges of government agencies can easily be solved with one modern solution.
For years now, cyberattacks targeting local governments and organizations are making headlines. The most threatened, however, is the healthcare sector. With outdated technologies and a relatively low IT security literacy, medical workers are a perfect target for network and social hacks that result in expensive and embarrassing data breaches.
Every year, we get to hear terrible stories of security breaches in medical organizations. In 2016 the Hollywood Presbyterian Medical Center paid an equivalent of $17,000 ransom fee in bitcoin to retrieve their encrypted files. This attack got so much coverage that the medical center now has a section explaining the attack on its Wikipedia page.
The same year, MedStar Health was under a cybersecurity attack, and it had to turn away patients or treat them without important computer records.
Unfortunately, these two cases were just the beginning of ransomware attacks against healthcare data servers.
Attacks like these create confusion, disrupt patient services, and in 2019, have forced many healthcare providers to shut their doors permanently. Healthcare cybersecurity attacks across the world, such as the WannaCry ransomware attack, have only highlighted how quickly personal information can become compromised when technology is the weak link.
Why are legacy applications are a threat to healthcare cybersecurity?
Common Social-Hacking Threats Plaguing Healthcare Organizations
To effectively manage patient information, the healthcare industry needs to digitize the data and automate processes. Unfortunately, the problem in healthcare organizations is the high complacency with outdated technology and generally low IT literacy of medical staff.
Utilizing poorly managed legacy applications makes hospitals vulnerable to cyberattacks. Low IT security literacy of medical staff makes them an easy target for social hacking. These two issues are among the reasons hospitals face significant risks with potential high-impact consequences for both them and their patients.
Cyber attackers hit wherever systems are most vulnerable. This is usually the medical staff, who are concerned with customer service. Some common exploitation schemes include:
- Email phishing: users are requested to click to open an email or website. Cyber attackers often send an email providing an infected link for the users to click on.
- Usage of default passwords. Cyber attackers take advantage of weak passwords in cases where password strength has not been enforced.
- Insecure configurations. Configurations with unintended security holes are obvious vulnerabilities which can be addressed through a combination of greater awareness and improved testing during system configuration.
- Lack of essential network security. Very often, security takes a back seat to other priorities. Healthcare providers need to standardize practices around the network and data-access security and undertake proactive steps to monitor and ensure adherence.
Healthcare organizations that take serious steps to solve these issues will protect themselves from attacks that would otherwise probably be successful.
How Legacy Applications Pose a Threat for Healthcare Organizations
Although digital transformation is enabling greater patient engagement through the rise of Cloud Computing and the Internet of Things (IoT), it also contributes to a growing threat for potential cyberattacks. Increasing connectivity is a catalyst for exploits. This is especially true with legacy applications, where cybercriminals can exploit ‘back doors’ to compromise data centers of health organizations.
It is common for institutions to continue using legacy applications to store historical data that is not migrated to modern, more secure solutions. The driving force behind this practice is human and/or financial resource constraints, as well as unfamiliarity with modern technologies.
Adopting modern technologies to reduce exposure to vulnerabilities has become more important than ever as healthcare organizations have become top targets for cyber-criminals.
Below are some alarming statistics about healthcare cybersecurity threats in the US in the last couple of years:
- From 2009 to 2018, there have been 2,546 data breaches in the healthcare industry, impacting more than 189 million medical records
Source: HIPPA Journal
According to these statistics, cybersecurity doesn’t seem to be effective, especially in healthcare organizations. Obviously, there’s plenty of room for improvement. Any hospital that continues to use legacy applications is simply inviting risk. The longer these vulnerable systems are in use, the greater the threat they are presenting. The infection can rapidly spread and affect mission-critical applications with catastrophic implications.
Modern ECM Systems: The End of Healthcare Cybersecurity Nightmares
One of the biggest concerns when thinking about the modernizing ECM systems is how secure your patient data will be, especially if it’s a cloud-based solution on a third-party server. Data security is the first concern for medical organizations which must comply with regulatory frameworks like HIPAA (Health Insurance Portability and Accountability Act) for secure data portability.
On-premise modern ECM solutions can be one option, but the organization will need to work with a trusted, reliable service provider. On-premise IT infrastructure will be the facility’s responsibility. If the equipment fails, healthcare organizations may lose all their data. If the equipment isn’t maintained and updated regularly, network breaches can happen again. If the data/server room isn’t secured properly, there’s the threat of physical access to data storage devices.
Cloud-based ECM systems solve the IT infrastructure problem and not only allow users to access data remotely, but include automated backups and disaster recovery options. Cloud solutions will leverage Platform as a Service deals with large technology companies like AWS.
Addressing the cybersecurity issue in healthcare organizations requires a multi-faceted approach. This can include everything from bare-metal infrastructure solutions, to server virtualization, data storage solutions, secure networks between systems, and secure yet user-friendly ECM interfaces. This also includes on-premise training for the integrated system and ECM.
With an all-encompassing approach, healthcare organizations can get drastic improvements in several key areas:
- ECM systems have advanced safeguard capabilities, particularly when it comes to data access. User roles and access levels are easy to set up, and digital signatures ensure that each employee’s login credentials are secure. Electronic signatures, audit trails, detailed activity logs, etc., help close as many security gaps as possible.
- Quick Recovery. Modern ECM systems deployed as hybrid solutions (on-premise and cloud integration) can be set up to run data backups in the cloud. Data stored on providers like AWS will be easily retrievable, making local data loss a non-issue. These data storage solutions will be usually HIPPA, FedRAMP, HITECH, etc. compliant.
- Collaboration & Communication. Since healthcare organizations are usually running multiple departments, collaboration and communication between the doctors and other staff across those departments are crucial.
Using a cloud-based ECM system, healthcare providers can easily transfer data between each department using one interface for communication. A modern ECM system will allow for secure, easy, and fast access to documents. It will also allow for cross-department collaboration based on predetermined permissions and workflows, and so on.
- Scalable Data Storage. Healthcare organizations are working with electronic medical records and have numerous other devices generating data. Wearable monitors, MRI scans, X-ray scans, etc., all end up as digital documents shared and attributed to specific patients. This is a lot of different data that should be stored securely, on a platform that allows easy scalability.
A modern ECM system that’s either cloud-based or uses a hybrid deployment will be built with scalability in mind. Expanding storage capacity on the Cloud, especially with AWS, is a non-issue.
- Instant Data Access & Searchability. When all of your data is on the Cloud, accessing it is much easier.
With Cloud-based ECM software, you can access data much faster and much easier. This means that anyone with given permissions can access patients’ data from anywhere in the world.
Modern ECM systems will usually have the ability to search for key phrases within the document texts as well as through the documents’ metadata. These systems enable medical workers to easily find any piece of data from anywhere in the world, via a secure connection.
Armedia, as an ECM solution Integrator, can also help your healthcare organization with migrating data from any legacy system onto any new ECM system of your choosing. For fast, reliable and secure data migration, we built Caliente, an ECM data migration application that has enabled us to move petabytes of data at 100% data accuracy. Using Caliente, our team can perform quick one-time data migrations from your legacy system.Additionally, if your healthcare organization struggles with paper-based patient files, with Ephesoft, we can help you achieve full digitization. Ephesoft’s capture solutions help large organizations increase data accessibility, organization, and data extraction from your paper-based documents.
For HIPPA and DoD-compliant data storage, we use Alfresco, and for a customized case management platform, we rely on ArkCase.
Threats to healthcare cybersecurity are real. Legacy applications leave healthcare organizations exposed to cyber-attacks. Ransomware attacks on healthcare organizations have led to an inability to access patient data, forcing hospitals to a fallback scenario of pen-and-paper patient management. To make things worse, these cyberattacks expose sensitive patient data and lead to substantial financial costs for healthcare organizations.
Considering all the issues legacy systems present, it is advisable to migrate patient data and daily operations to a modern, cloud-based ECM system.
Over the years, Armedia, as a platform agnostic ECM solutions integrator, has helped organizations migrate away from their legacy systems onto modern ECM solutions. Whether it was an on-premise, cloud or hybrid deployment, organizations benefited from our expertise in fast data migration at 100% reliability, every time.
So, what do you think about healthcare cybersecurity? Do you think a cloud-based ECM is the right solution against threats on healthcare cybersecurity? Will technology help us protect our data from prying eyes?
We’d love to hear your thoughts in the Comments section below. Or if you have specific ECM Modernization questions, please feel free to contact us.