Patient Health Information and Privacy Breaches

A famous person shows up at a hospital. A colleague has a serious accident. A friend of the family attempts suicide.
 
A nurse working in the care facility where any of these people are being treated may feel concerned, curious or think their case has some educational value. However, unless a nurse is part of the client's circle of care, it's illegal to access their records.
 
On May 6, 2016, two health workers became the first in Ontario to be convicted under the Personal Health Information Protection Act for snooping into former Toronto mayor Rob Ford's electronic health record. They were each fined $2,505.
Since then, the Act has been amended to include new measures that protect clients' health information and impose tougher penalties for privacy breaches. The amendments, which were passed on May 18, 2016, make it mandatory to report privacy breaches to the privacy commissioner. It also removed a requirement to prosecute within six months and doubled fines imposed for convictions of privacy breaches to a maximum of $100,000 for an individual and $500,000 for organizations.
 
The College also holds nurses accountable for adhering to its standards of privacy and confidentiality in their practice. While most nurses strictly observe these standards, there has been a worrying increase in the number of privacy breaches brought before the College. The outcomes of these cases show the College takes breaches of confidential health information seriously. Several nurses have been disciplined for accessing the health records of clients not under their care.
 
"All complaints from the public or reports from employers about this conduct are screened for the level of risk posed to the public," says Karen McGovern, Director, Professional Conduct. "Most are investigated. A nurse who is found to have committed professional misconduct may have to pay a fine or be publicly reprimanded by the Discipline Committee. They may be monitored while practising or be suspended from practice. In the most serious cases, a panel has the authority to revoke a nurse's certificate of registration."
 
Review College standards
It's important that all nurses regularly review the 'Confidentiality and Privacy - Personal Health Information' practice standard. This practice standard defines "personal health information" and outlines the situations in which a nurse can access this kind of information. It also reminds nurses that personal health information belongs to clients and is simply housed in health care facilities.
In addition, nurses need to keep up to date with current privacy legislation, policies and best practices. Best practices are outlined in the Ontario Privacy Commissioner's Circle of Care: Sharing Personal Health Information for Health-Care Purposes.
 
Note that these guidelines would apply to our RNs and RPNs but that we would also expect these same guidelines for maintaining privacy with patient health information would apply to our Personal Support Workers as well. 
 
Reference Source: College of Nurses of Ontario