Issues Persist with Health Workers Understanding Privacy Rules

With cases of health record “snooping” continuing to emerge in Canadian clinics and hospitals, organizations should be sure that they are providing appropriate guidance and training to employees with respect to patient privacy and regularly auditing their own practices, says Elyse Sunshine.

“The Information and Privacy Commissioner of Ontario recently estimated that he sees about 10 snooping breaches a month, and they primarily occur in hospitals,” says Sunshine.“What it shows is that although we’ve had this privacy legislation for 15 years, there are still issues with our front-line workers really understanding their obligations,” she adds.

In one recent case in Alberta, an office assistant at a medical clinic was fined for looking at two people’s health records on numerous occasions without a valid reason.“Privacy culture and privacy knowledge have to start from the top-down, and cases like the one that occurred in Alberta are quite concerning and would certainly have ramifications for the employer,” Sunshine tells AdvocateDaily.com.

Potential consequences for employers in these matters can include privacy orders made against them, civil lawsuits, as well as reputational damage, she says.

Although some snooping cases may result from more “innocent” circumstances — for example, a health-care worker is concerned about a patient or someone they know is in the hospital — others are more nefarious cases where people are accessing information to use for ulterior purposes. Regardless, Sunshine says none of these motives makes accessing records permissible, and all of these incidents point to a lack of knowledge about appropriate privacy practices.