Circle of Care
When my office investigates privacy breaches in the health care sector, at times, the defense, the explanation, or the reason given is that one believed they were in the “circle of care”. What is the circle of care? It certainly is not used in The Health Information Protection Act (HIPA). I did find one definition on the Canadian Medical Protective Association (CMPA) website in its “Glossary”:
Circle of care
The group of healthcare professionals providing care to a patient who need to know the patient’s personal health information to provide that care.
In using this definition, I note the words “who need to know… to provide that care”. That word “need” is most important.
HIPA, in section 23, deals with the need-to-know. If you define “circle of care” by referring to need-to-know, then one is really echoing the principle set out in section 23 of HIPA.
When people were talking to me, they referred to the “circle of care” as an etched in stone concept. I fear many have their own definition of “circle of care”. That creates problems if we all have our own definition. The CMPA definition is one that might create a common understanding of the term.
Dr. Karen Shaw has written an article in “DocTalk” and says this about “circle of care”:
Unfortunately, the use of terminology such as the concept of “circle of care” has led to some of this confusion. The term should be abandoned, as it infers that once a healthcare worker is in the circle of care that person is entitled to access all of the patient’s personal health information. This is incorrect.
There needs to be further discussion on the use and meaning of “circle of care” and how it works in light of section 23 of HIPA. My preference is that the term be abandoned.
Records blowing in the wind – Saskatchewan needs a private-sector privacy law Sample access request policy and checklist