Information Privacy Commissioner/ Ontario Français | Contact Us | Site Map Advanced Search search
Skip Navigation Links
Privacy
Access To Information
Resources
Decisions & Resolutions
About Us
Home | Decisions and Resolutions | HO-002

E-mail | Print | Accessibility | Share:

Add to Twitter |
Skip Navigation Links.

HO-002

Document

HO-002
File # HC-050048-1
Summary
  • A patient's personal health information was accessed by a nurse who was not providing care to the patient. The nurse disclosed the patient's personal health information to the patient's estranged husband.
  • Section 3 – definition of health information custodian. The hospital was a health information custodian.
  • Section 2 – definition of agent. The nurse was an agent of the health information custodian.
  • Section 4 – definition of personal health information. The patient’s electronic health record that the nurse accessed was personal health information.
  • Section 2 – definition of use. The nurse used the patient’s personal health information.
  • Section 37 – permissible use of personal health information. The nurse was not permitted to use the patient’s personal health information and contravened Section 37.
  • Section 17 – agents’ collection, use, disclosure and retention of personal health information. The nurse’s use of the personal health information was not in accordance with Section 17.
  • Section 2 – definition of disclose. The nurse disclosed the patient’s personal health information.
  • Sections 38 through 49 – permitted disclosures of personal health information. The nurse was not permitted to disclose the patient’s personal health information.
  • Section 29 – general limitations on the use and disclosure of personal health information. The nurse contravened Section 29.
  • Section 12(1) – security of personal health information. The health information custodian breached Section 12(1) in failing to safeguard the patient’s personal health information.
  • The health information custodian was ordered to review and revise its practices, procedures and protocols relating to patient health information and privacy, and those relating to human resources, including the implementation of a protocol to ensure that immediate steps are taken upon notification of an actual or potential breach to cease the unauthorized access to, use and disclosure of personal health information.
  • The health information custodian was also ordered to ensure that is agents are informed of their duties under PHIPA, pursuant to Section 15(3)(b), and their obligations to comply with the revised information practices of the health information custodian.
  • The health information custodian was urged to issue an apology to the patient.
Legislation
  • PHIPA
  • Section 2
  • 3(1)
  • 12(1)
  • 4(1)
  • 17(1)
  • 6(1)
  • 15(3)(b)
  • Section 29
  • 37(1)
  • 38(1)
  • 49(1)
Investigator Cathy Hamilton
Signed by Ann Cavoukian
Published Jul 27, 2006
Type Order
Related Orders HI-050013-1 - A Hospital in an Urban Centre  
Issue Outcomes
  • A patient's personal health information was accessed by a nurse who was not providing care to the patient. The nurse disclosed the patient's personal health information to the patient's estranged husband.
  • Section 3 – definition of health information custodian. The hospital was a health information custodian.
  • Section 2 – definition of agent. The nurse was an agent of the health information custodian.
  • Section 4 – definition of personal health information. The patient’s electronic health record that the nurse accessed was personal health information.
  • Section 2 – definition of use. The nurse used the patient’s personal health information.
  • Section 37 – permissible use of personal health information. The nurse was not permitted to use the patient’s personal health information and contravened Section 37.
  • Section 17 – agents’ collection, use, disclosure and retention of personal health information. The nurse’s use of the personal health information was not in accordance with Section 17.
  • Section 2 – definition of disclose. The nurse disclosed the patient’s personal health information.
  • Sections 38 through 49 – permitted disclosures of personal health information. The nurse was not permitted to disclose the patient’s personal health information.
  • Section 29 – general limitations on the use and disclosure of personal health information. The nurse contravened Section 29.
  • Section 12(1) – security of personal health information. The health information custodian breached Section 12(1) in failing to safeguard the patient’s personal health information.
  • The health information custodian was ordered to review and revise its practices, procedures and protocols relating to patient health information and privacy, and those relating to human resources, including the implementation of a protocol to ensure that immediate steps are taken upon notification of an actual or potential breach to cease the unauthorized access to, use and disclosure of personal health information.
  • The health information custodian was also ordered to ensure that is agents are informed of their duties under PHIPA, pursuant to Section 15(3)(b), and their obligations to comply with the revised information practices of the health information custodian.
  • The health information custodian was urged to issue an apology to the patient.
<< Back
Back to Top
Privacy | Access to Information | Resources | Decisions & Resolutions | About Us
Français | Contact Us | Site Map | Advanced Search | RSS | Accessibility | Privacy Policy
© Copyright 2010 Information and Privacy Commissioner of Ontario. All Rights Reserved.