July 2016

Changes to privacy law: What nursing employers need to know

While the College holds nurses responsible for understanding recent changes to the Personal Health Information Protection Act (PHIPA), employers and facility operators should also be aware of their obligations under the new law.

Recent amendments to the PHIPA make it mandatory for employers and facility operators to report privacy breaches to the Information and Privacy commissioner. The changes also require employers to inform the College of any disciplinary action they take against a nurse who unlawfully accesses health records – even if that discipline does not result in a nurse’s firing or resignation.

But if the nurse resigns, the employer or facility operator is still required to inform the College if they believe the resignation is related to an investigation or other action with respect to the improper access of health records.

This notice must be submitted in writing to the College within 30 days of the incident regardless of whether the nurse has been terminated or suspended or some other disciplinary action is taken.

The College takes privacy breaches very seriously. It is a violation of the trust the public has in nurses.

“All complaints from the public or reports from employers about this conduct are screened for the level of risk posed to the public,” says Karen McGovern, Director, Professional Conduct. “Most are investigated. A nurse who is found to have committed professional misconduct may have to pay a fine or be publicly reprimanded by the Discipline Committee. They may be monitored while practising or be suspended from practice. In the most serious cases, a panel has the authority to revoke a nurse’s certificate of registration.”

Back to Top