BC OIPC provides instruction to delete a user account and DNA on 23andMe

Alberta, update to access and privacy legislation, passed in December and in force this spring

Federal Privacy Commissioner launches new online privacy breach risk self-assessment tool

Law Society – Bite Size video – cloud computing guide

Ontario IPC commissions report on workplace surveillance technologies

Australian IPC releases new Privacy Basics e-Learning module

Watch Law Society video-Cyber Breaches through Third Parties

Australia’s privacy commissioner publishes its Digital ID regulatory strategy

5 takeaways from the Lifelabs case

Put Privacy First – Privacy Commissioner of Canada speaks about privacy risk mitigation.

Blog

Circle of Care

February 13, 2020 - Ron Kruzeniski, Information and Privacy Commissioner

When my office investigates privacy breaches in the health care sector, at times, the defense, the explanation, or the reason given is that one believed they were in the “circle of care”. What is the circle of care? It certainly is not used in The Health Information Protection Act (HIPA). I did find one definition on the Canadian Medical Protective Association (CMPA) website in its “Glossary”:

Circle of care
The group of healthcare professionals providing care to a patient who need to know the patient’s personal health information to provide that care.

In using this definition, I note the words “who need to know… to provide that care”. That word “need” is most important.

HIPA, in section 23, deals with the need-to-know. If you define “circle of care” by referring to need-to-know, then one is really echoing the principle set out in section 23 of HIPA.

When people were talking to me, they referred to the “circle of care” as an etched in stone concept. I fear many have their own definition of “circle of care”. That creates problems if we all have our own definition. The CMPA definition is one that might create a common understanding of the term.

Dr. Karen Shaw has written an article in “DocTalk” and says this about “circle of care”:

Unfortunately, the use of terminology such as the concept of “circle of care” has led to some of this confusion. The term should be abandoned, as it infers that once a healthcare worker is in the circle of care that person is entitled to access all of the patient’s personal health information. This is incorrect.

There needs to be further discussion on the use and meaning of “circle of care” and how it works in light of section 23 of HIPA. My preference is that the term be abandoned.

Categories: BlogTags:

Back to Blog

Was this page helpful?

Google Translate Disclaimer

Translations on the IPC Website are performed by Google Translate. Please note that not all text may be translated accurately or be translated at all. The IPC is not responsible for incorrect or inaccurate translations. The IPC will not be held responsible for any damage or issues that may result from using Google Translate.

For more information, read our full disclaimer.