If you are working in an area that gives you access to the public's personal private information, including your own, you could get into serious trouble if you are found looking up information just for curiosity sake. You can even lose your job so do not be too curious and mind your own business. Here is a clip from the Ombudsman Newsletter
Questions often arise about whether
it is a breach of PHIA and FIPPA for
employees and health professionals
to view their own personal health
information (PHI) or personal
information (PI) maintained in a
trustee’s or public body’s electronic
information system. For example,
if you work in health care and
use electronic health information
systems, your PHI may be contained
in those systems. If your job gives
you access to these systems and you
want to see your PHI, should you
look up yourself?
No. Access to your PHI and PI is not a
self service under PHIA and FIPPA.
Here’s why self look up is wrong
When you view anyone’s PHI or
PI, including your own, this is
considered to be a “use” of the
information. The restrictions on the
use of PHI and PI under Part 3 of
PHIA and FIPPA require that every
use must be for a purpose authorized
under the acts (section 21 of PHIA
and section 43 of FIPPA describe the
purposes for which PHI and PI may
be lawfully used).
Generally speaking, you must
restrict your use of PHI and PI to
only the information that you need
to perform your job duties. For
example, if you are providing health
care or another service to a patient
or client, and you need to view that
individual’s PHI or PI in order to
provide the care or service, viewing
the information would be for an
authorized purpose.
Looking up your PHI or PI would
not be necessary for, or in keeping
with, performing your duties. The
use of PHI or PI for self look up
is for a personal purpose rather
than a purpose related to your
duties. This use would violate the
restrictions on the use of PHI and PI
under the acts and would constitute
a breach of the acts. This is the same
reason why snooping and looking up
other people to whom you are not
providing health care or a service is
wrong and is a violation of the acts.
Employees of public bodies and
trustees and health professionals
are permitted to use sensitive
information about Manitobans for
lawful purposes and are trusted to
not abuse this privilege. Self look
up violates that trust. If someone
is prepared to breach PHIA or
FIPPA and risk their employment
and reputation by viewing their
own information, it casts doubt on
whether that person can be trusted
to not view information about other
people.
In snooping incidents investigated
in Alberta a common factor was that
the people who breached Alberta’s
Health Information Act to view other
people’s health information had also
viewed their own. This doesn’t mean
that viewing one’s own PHI causes
a person to snoop, but perhaps
once people have crossed the line
to view their own information, they
feel emboldened to view others’
information.
Here’s what you should do
instead
In many situations, you are able to
obtain your own PHI and PI simply by
asking. If a formal request is needed,
the access to information process
under Part 2 of PHIA and FIPPA is
available and should be followed.
The acts provide a right of access to
information, subject to specific and
limited exceptions under the acts
and the payment of any applicable
fees. Specific people within a public
body or trustee have responsibility
for responding to access requests
and making access decisions: the
public body’s access and privacy
coordinators and officers under
FIPPA or your health care provider
or the trustee’s privacy officer under
PHIA.
Under the acts, individuals can
specify and authorize another person
to exercise their right of access. If
an employee or health professional
is authorized to exercise the access
rights of another individual, such as a
family member, the employee/health
professional must make an access to
information request under Part 2 of
the acts on behalf of that individual.
Looking up the information would
be contrary to the employee’s/health
professional’s job duties and would
violate the restrictions on use under
the acts.
http://gww.internal/global/pdf/2014-2-en.pdf
No comments:
Post a Comment