September 2017
News

Safeguarding personal health information

Privacy, and the protection of personal health information, is an essential element of client care and the therapeutic nurse-client relationship. To strengthen the protection of personal health information, the Ontario government has amended regulations under the Personal Health Information Protection Act, 2004.

These changes may affect nurses in independent practice, or those employed in health services in non-health care settings (such as occupational health).

What changed?

As of October 1, 2017, Health Information Custodians will be required to notify the Information and Privacy Commissioner of Ontario when personal health information is lost or stolen, or used or disclosed without authority. The exact circumstances when a custodian must notify the Commissioner are detailed in section 6.3 of the regulation under the Personal Health Information Protection Act, 2004.

Also, starting January 1, 2018, custodians will be required to track privacy breach statistics and provide the Commissioner with an annual report of these statistics by March 2019. We expect the Commissioner to release detailed guidance on this reporting requirement soon.

Who is affected?

In most cases, your employer (for example, a hospital, clinic, long-term care home, home care agency or public health unit) is the custodian — not individual nurses.

However, nurses in independent practice, or those employed in health services in non-health care settings (such as occupational health) may be considered custodians.

If you are unsure if you are a custodian, check the Confidentiality and Privacy: Personal Health Information practice standard or contact the office of the Information and Privacy Commissioner of Ontario.

Reporting to the Commissioner

The Office of the Information and Privacy Commissioner has guidelines to help custodians who must make a report.

If you have any questions about the reporting process, contact the office of the Information and Privacy Commissioner of Ontario directly.

Privacy breaches often lead to emotional distress for clients, and clients need to feel confident and comfortable that the information they share with their health care team will be kept confidential. All nurses are accountable to the expectations in the Confidentiality and Privacy: Personal Health Information practice standard when using personal health information in their nursing practice. 

Back to Top