Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
of Electronic Health
Records: What Do Nurses
and Other Health
Professionals Need to
Know?
Virginia Dallaire
Jane Clarke
There is a new transition from paper
to electronic health records(EHR) in
Canada. Although many stakeholders
view EHR as a means to improving
the quality of health care for every
individual in Canada, the issue of
confidentiality and privacy needs to
be in the forefront for all decision
makers and health care providers(
Smit, McAllister, Slonim, 2005)
What is Confidentiality,
Privacy and EHR?
Confidentiality addresses the
individual’s health information , the
management and protection of this
information from intentional or
accidental disclosure to unauthorized
individuals( Weitz, Drummond,
Pringle, Ferris, Globerman, Hebert et
al. , 2003).
Privacy is “ the right of an individual
to determine for himself [ or herself]
when, how and to what extent he[or
she] will release personal information
about himself[ or herself]” ( Morris,
Ferguson, Dykeman,1999, p.92)
Electronic Health Records are a
client’s entire health and health care
history that is electronically
accessed, collected and stored
( Weitz, Drummond, Pringle, Ferris,
Globerman, Hebert et al. 2003)
“Confidentiality should be protected
because it protects patients from
harm, supports access to health care
and produces better health
outcomes”( Mulligan& Braunack-
Mayer, 2004, p.48).
What is Personal and
Confidential Electronic
Information?
All personal information such as:
name, address, age , individual’s
educational, financial, criminal and
employment history, race, religion,
associations, personal views or
opinions, any identifying numbers or
symbols assigned to individual
Health Information: Individual’s
health history, disabilities, inheritable
characteristics, fingerprints, blood
type( VIHA, 2002)
What Provincial, Territorial
and Federal Legislation
Exists to Protect Personal
Information?
Federal: Personal Information
Protection and Electronic Document
Act( PIPEDA)
PIPEDA is Federal Legislation that
protects all personal information
which includes electronic health
information
Provincial: Every Registered Nurse in
Canada is a member of a College of
Registered Nurses that sets out
standards and codes which address
confidentiality and privacy in practice
Alberta: Freedom of Information and
Protection of Privacy Act ( FOIPPA)
and Health Information Act(HIA)
http://foip.alberta.ca
BC. : Freedom of Information and
Protection of Privacy Act( FOIPPA)
Http://www.mser.gov.bc.ca/FOI_POP/
Manitoba: Freedom of Information and
Protection of Privacy Act( FOIPPA)
Personal Health Information Act
http://www.gov.mb.ca/chc/fippa/index.htm
http://www.gov.mb.ca/health/phia/index.ht
Northwest Territories: Access to
Information and Protection of Privacy
Act
http://www.justice.gov.nt.ca/ATIPP/atipp.ht
Nova Scotia: Freedom Of Information
and Protection of Privacy Act(
FOIPPA)
http://www.gov.ns.ca/just/foi/foisvcs.htm
Nunavut: Access to Information and
Protection of Privacy Act
Ontario: Freedom of Information and
Protection of Privacy Act
Municipal Freedom of Information
and Protection of Privacy Act
Personal health Information
Protection Act,2004
http://www.mgs.gov.on.ca/english/index.ht
Prince Edward Island: Freedom of
Information and Protection of Privacy
Act
http://.gov.pe.ca/foipp/index.php3
Quebec: Act respecting Access to
documents held by Public Bodies and
the Protection of Personal
Information
http://www.institutiondemocratiques.gouv
a/index_en.htm
Saskatchewan: Freedom of Information
and Protection of Privacy Act
Local Freedom of Information and
Protection of Privacy Act
Health Information Protection Act
http://www.saskjustice.gov.sk.ca/legismma
freedomofinfoact.shtml
Yukon: access to Information and
Protection of Privacy Act
http://www.atipp.gov.yk.ca/
( Canadian Standards
Association,2009)
Key Factors in Managing
Privacy and
Confidentiality in EHR
Development of policies and
procedures that incorporate the
following principles:
Transparency: Everyone has the
right to know who is accessing their
health information
Collection and Use of Personal Health
Information: Policies must follow the
federal and provincial privacy acts.
All health information should be
accurate and relevant to why it is
being collected
Individual control: Individual can
access an audit trail to see who
access their personal health
information; individual can also limit
who can access their information
Security: all measures should exist to
protect personal health information(
access, collection and storage)
Audit: comprehensive audit done
frequently to ensure only authorized
Accountability and Oversight: Policies
in place that will address the
monitoring of confidentiality, how to
disclose a breach and violations will
be dealt with
Technology and Privacy: Privacy
protection will be have
comprehensive standards and
policies
( Health Initiative Blueprint, 2009)
What is a Breach of
Confidentiality?
Unauthorized viewing of any client’s
health information
Accessing information about
yourself, family or friends
Asking co-workers about confidential
information that is not pertinent to
your care role
Discussion of confidential information
in a public area
Unauthorized sharing and disclosure
of confidential health information
other than authorized by Federal
and Provincial Privacy Act s
Lending your keys to someone else
to access filing cabinets, file storage
rooms where confidential information
is stored
Telling your co-worker your password
Using a co-workers password to log
in to a computer
Failing to log off your computer
Failure to report any breach of
confidentiality
(VIHA, 2002)
Breaches of Confidentiality:
Where do the most
commonly occur?
81% occur in the health care setting
Usually occurred during informal
conversation among health care
employees
While on the telephone
Between health care providers and a
client
Conversations with family friends
and people outside the health care
agency
( Nursing, 2004)
How Can Nurses
Safeguard the Privacy
and Confidentiality of
their
Ensure Clients
passwords EHR?
are kept
confidential
Use passwords that can not be
deciphered and change regularly
Do not share passwords and sign off
immediately before leaving the
computer
Never delete information
Routinely ask “ Do I need to know
this information?”
Report any suspicious or actual
breaches of confidentiality