Privacy & Confidentiality

Clients trust their health care providers to protect their privacy and to keep their medical records confidential. Nova Scotia’s Personal Health Information Act (PHIA) lays out the privacy expectations of health care providers. All information about a client is confidential, including birthdate, address, the information they share during their service, medical history, and even the fact that they were clients at a particular clinic or hospital.

According to PHIA, a custodian is a regulated health care professional or a person who operates a group practice of regulated health professionals. A district health authority and the Isaak Walton Killam Health Centre are custodians. To be a custodian under PHIA, those individuals or organizations listed in the Act (section 3(f)) must also have custody or control of personal health information. Custodians have specific responsibilities to the individuals whose information they hold. Refer to the Toolkit for more information about these duties.

The PHIA Toolkit’s chapter on Consent, Capacity and Substitute Decision-makers addresses the concept of the circle of care.

The following are examples of a breach of patient privacy:

• Accessing medical information about a friend or family member without a professional reason to do so.
• Informing a colleague or friend that someone they know has had an encounter with the health care system.
• Asking someone about their visit to an emergency department or clinic after learning of their visit through one’s professional role.
• In a professional capacity, requesting personal information that is not required.

The storage of personal information in an electronic age presents unique considerations. Travelling with personal information also presents a risk of a breach of privacy. The following are precautions that may prevent a breach.

• Encrypt data on electronic devices and safeguard encryption keys.
• Enable password protection on electronic devices and safeguard passwords.
• Avoid using unsecured Wi-Fi networks.
• Avoid the use of public computers to access sensitive data.
• Use locks and keys whenever possible.
• Avoid working in public places where others can view information.
• Avoid carrying personal information outside of the workplace.
• Avoid downloading documents to a personal or public computer.
• Email – use confidentiality signature/privacy statement, secure email, do not use personal email for work, reply to messages rather than initiating email, and password-protect email and attachments.

PHIA outlines the procedure to follow if there has been a privacy breach.

PHIA focuses on the collection, use, disclosure, retention, disposal, and destruction of personal health information. The Toolkit provides essential information for custodians of healthcare information.

Resources related to this section:
Personal Health Information Act

PHIA Toolkit