Amendments to the FOIP Regulations

Chief Information Officer of Canada bans WeChat and Kaspersky applications from government-issued mobile devices

Ontario IPC investigates hospital breaches

Toronto Public Library breach

Federal public servants information breached

Ontario IPC issues draft digital charter for schools

Federal Commissioner posts personal information glossary

Federal Treasury Board Data Theft-OPC investigates

Spyware used by 13 federal agencies

BC Law Society issues guidance on Generative AI


Circle of Care

February 13, 2020 - Ron Kruzeniski, Information and Privacy Commissioner

When my office investigates privacy breaches in the health care sector, at times, the defense, the explanation, or the reason given is that one believed they were in the “circle of care”. What is the circle of care? It certainly is not used in The Health Information Protection Act (HIPA). I did find one definition on the Canadian Medical Protective Association (CMPA) website in its “Glossary”:

Circle of care
The group of healthcare professionals providing care to a patient who need to know the patient’s personal health information to provide that care.

In using this definition, I note the words “who need to know… to provide that care”. That word “need” is most important.

HIPA, in section 23, deals with the need-to-know. If you define “circle of care” by referring to need-to-know, then one is really echoing the principle set out in section 23 of HIPA.

When people were talking to me, they referred to the “circle of care” as an etched in stone concept. I fear many have their own definition of “circle of care”. That creates problems if we all have our own definition. The CMPA definition is one that might create a common understanding of the term.

Dr. Karen Shaw has written an article in “DocTalk” and says this about “circle of care”:

Unfortunately, the use of terminology such as the concept of “circle of care” has led to some of this confusion. The term should be abandoned, as it infers that once a healthcare worker is in the circle of care that person is entitled to access all of the patient’s personal health information. This is incorrect.

There needs to be further discussion on the use and meaning of “circle of care” and how it works in light of section 23 of HIPA. My preference is that the term be abandoned.

Categories: BlogTags: ,

Back to Blog