Jurisprudence Handbook

Privacy and Confidentiality

Clients trust their health care providers to protect their privacy and to keep their medical records confidential. The Nova Scotia Personal Health Information Act (PHIA) lays out the expectations of health care providers. All information encountered about a client is confidential, including birthdate, address, information they share during their service, medical history, and even the fact that they were a client at a particular clinic or hospital. Information can be shared with other members of the client’s health care team.

PHIA’s definition of a custodian includes a regulated health care professional or a person who operates a group practice of regulated health professionals. A district health authority and the Isaak Walton Killam Health Centre are custodians. To be a custodian under PHIA, those individuals or organizations listed in the Act (section 3(f)) must also have custody or control of the personal health information. Custodians have specific responsibilities to the individuals whose information they hold. Refer to the Toolkit for more information about these duties.

The PHIA Toolkit’s chapter on CONSENT, CAPACITY, AND SUBSTITUTE DECISION-MAKERS addresses the concept of circle of care.

The following are examples of a breach of patient privacy:
-Accessing medical information about a friend or family member without a professional reason to do so.
-Informing a colleague or friend that someone they know has had an encounter of any kind with the health care system.
-Asking someone about their visit to an emergency department or clinic after learning of their visit through one’s professional role.
-In a professional capacity, requesting personal information that is not required.

The storage of personal information in an electronic age presents unique considerations. Travelling with personal information also presents a risk of a breach of privacy. The following are precautions which may be taken to prevent a breach.
-Encrypt data on electronic devices; safeguard encryption keys
-Enable password protection on electronic devices; safeguard passwords
-Avoid use unsecured WiFi networks
-Avoid the use of public computers to access sensitive data
-Use locks and keys whenever possible
-Avoid working in public places where others can view information
-Avoid carrying personal information outside of the workplace
-Avoid downloading documents to personal public computer / use of i-cloud/Google Drive or private server
-Email – use confidentiality signature/privacy statement, secure email, not using personal email for work, reply to messages rather than initiating email, password protected email and attachments.

PHIA outlines the procedure to follow if there has been a privacy breach.

PHIA focuses on the collection, use, disclosure, retention, disposal and destruction of personal health information. The Toolkit provides essential information for custodians of healthcare information.

Reference: The Nova Scotia College of Medical Laboratory Technologists (2016). Professional Practice for Medical Laboratory Technologists in Nova Scotia.