Auto-suggest is a feature that many are familiar with and have
used at one point or another. In essence, these suggestions are
generated by an algorithm that takes into account several factors
including, the first few letters of a word, the popularity and
frequency of a search term, and the saved history on one's
In today's fast-paced society, auto-suggest was created and
intended to be a mechanism that optimises efficiency by generating
fast results. However, although in a casual context an auto-fill
feature like auto-suggest might be appropriate, and even desirable,
it is not a tool that is appropriate when handling sensitive
information, such as personal health information, considering the
real and known risk that this feature gives rise to.
On January 9, 2014, the Saskatchewan Office of the
Information and Privacy Commissioner ("OIPC")
released an investigation report that examined several privacy breaches
involving misdirected faxes which exposed individuals' personal
health information to persons who had no legitimate need-to-know
Some of these breaches arose as a result of the auto-suggest
feature in combination with a lack of attention to detail on the
part of the user.
Given that the health care field regularly relies on the use of
fax machines in its general day to day business, the potential for
misdirected faxes is not new, and the risk is further heightened
with the use of the auto-suggest feature. For that reason, the OIPC
reinforced in its report the notion that trustees should have
policies and procedures in place to safeguard personal health
information when faxing it. This safety measure is further
supported by section 16 of The Health Information Protection Act
("HIPA") , which imposes a legal obligation on
health information trustees to establish such policies and
procedures in order to protect the integrity, accuracy and
confidentiality of the information being transmitted.
One of the recommendations that came out of the OIPC's
report is to disable the auto-suggest function. The rationale
behind this recommendation is simple: the inherent risks that this
feature poses significantly outweigh any benefits generated by the
auto-suggest field. It is common sense that when dealing with
sensitive private information that is protected by law, extra care
should be taken in its management and distribution.
Therefore, although auto-suggest can heighten efficiency and
save a user a few extra minutes when transmitting information, the
increased risk it presents and damage it can cause are far greater
than the convenience it affords.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).