Federal Privacy Commissioner on Bill c-27 news release.

US states move forward on privacy laws

Report into the 2021 cyber attack on Newfoundland health information systems released.

Privacy Commissioner of Canada announced his office is launching a joint investigation into OpenAI

Federal Privacy Commissioner launches new guidance on workplace privacy

Cybersecurity: Best Practices for Setting Up a Security Operations Centre

Blog

The Importance of Securing Patient Information

February 9, 2015 - Tim Kasprick, Privacy and Access Consultant, Sunrise Health Region

I am the Privacy and Access Consultant of the Sunrise Health Region and staff consult me on a regular basis for privacy advice including when a privacy breach has occurred. I was recently consulted during a privacy breach that occurred when a list of patients admitted to a particular ward of our hospital was found on the floor of a local business just a few blocks from the hospital. The ensuing investigation revealed that the misplaced document was a patient census list used by staff to record brief details about the patients on their ward. It has always been standard practice to shred these lists securely at the end of every shift and never remove the list from the building. It would appear in this case that an employee forgot the list in their pocket when leaving work. In Sunrise we have implemented electronic patient status boards and initial phases of nursing documentation, to reduce or eliminate the need for paper notes. However, this list came from a ward not yet equipped with an electronic status board.

Fortunately, excellent privacy awareness by the local business resulted in the business contacting the Sunrise Health Region. A Sunrise employee from the nursing department quickly went to the business to retrieve the list. The business requested identification to verify that she was the Sunrise employee authorized to retrieve it. This employee and her manager then met with me and it was quickly decided to notify the patients on the list to inform them of what had happened. We felt patients would be in the best position to tell us what impact this privacy breach could have on them and for us to discuss with them what we could do to further mitigate any risks to them. As we were notifying patients, we were also notifying staff of what happened so that we could raise awareness to prevent a similar incident in the future. Thanks to the high privacy awareness of the local business and prompt action by Sunrise Managers and employees responding to the situation, we are confident that the breach was contained.

Tips for Keeping Temporary Lists Secure

  1. Educate and remind staff on proper security of temporary lists containing personal health information.
  2. Ensure shredding bins are in convenient locations to be used during and at the end of shifts.
  3. Make each staff member responsible for his/her own working notes by having their name appear on census sheets they print from the computer.
  4. Continue to advance electronic records to eliminate the need for paper notes.

Categories: BlogTags: , , , ,

Back to Blog