I’m Kate Dewhirst.

I’m a lawyer who writes about legal issues affecting healthcare in Canada

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

Watch departing employees – what happens if they have health records at home?

Posted by

Decision 69 of the Information and Privacy Commissioner of Ontario was just released.

A former hospital employee (registered health professional who was employed as a Research Coordinator) removed 15 health records, 36 research files and 2 data collection sheets from the hospital’s premises without authorization. The hospital notified police – although the hospital did not believe the former employee was acting with malice.

The former employee said she didn’t remember taking the records off site – and in any event – no longer had them. This was an issue of inappropriate access and loss of health records.

There was no evidence of intentional theft. The records were lost.

The IPC concluded that the hospital took adequate steps to respond to the situation by: following its privacy breach protocol, adequately containing the situation, notifying affected individuals, conducting an investigation and updating their practices with respect to annual confidentiality agreements, privacy training, implementing tighter control over health records, anonymizing research files, implementing sign out protocols and updating its policies for departing employees.

Bottom Line: 

This case is a good reminder to implement the following privacy protocols:

  1. Health records should NOT leave your premises – unless they must and if they must, only with authorization and tracking
  2. Ensure any employee departing your team returns any kind of health information they may have signed out or have at home – that should be a term of their departure agreement
  3. Research records can be records of personal health information – if your team does research, you must have protocols to protect those records

Here is a summary of all 70 IPC decisions.

Calling all Privacy Officers – if you want basic Privacy Officer training or Advanced Privacy Officer training our next programs start in October and November 2018 respectively.


If you enjoyed this article please share it:


Previous and next posts from Kate:

Some of Kate’s recent and upcoming events

Team Privacy Training Events

November 14, 16, 29 & 30 and December 3, 11, 12, 13 & 19

For Primary Care clinics and FHTs

Kate trains health professionals from many more primary care organizations how being privacy-respectful can improve therapeutic relationships. more details...

Building healthy habits

November 26, 2018

Legal coaching at a Toronto law firm.

A private coaching session

Primary care webinar: Shared services agreements

December 6, 2018, 12 noon

Part of Kate’s monthly webinar series.

Pitfalls that primary care organizations need to look out for when agreeing to provide care in collaboration with other healthcare organizations.

Full details of the 2019 webinar series and registration here.

Privacy Officer training

April 30 through June 4, 2019

Kate’s specialist training course for Privacy Officers in health organizations.

Open to all health Privacy Officers, as well as those hoping to become Privacy Officers. Full details and registration for Privacy Officer training next spring here...

Advanced Privacy Officer training

June 18, 2019

For experienced Privacy Officers within healthcare organisations.

This one day training course focuses on how to handle difficult privacy situations using real-life (but anonymized) case studies and role-play. Full details and registration here...

Free healthcare privacy webinar - ask me anything!

December 5, 2018 4-5pm and January 9, 2019 12noon-1pm

Free webinar - advance registration needed

Whether you're an experience privacy officer or new in the field, pick Kate’s brain for free for an hour, in this live webinar. No charge, but you’ll need to register in advance.

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets

In my normal day to day life, I give legal advice to health care organizations. Suddenly, I found myself occupying… https://t.co/fGkGXXTogy

40 minutes ago


Ever get an email from a bank you don’t use saying your account has been compromised? Read this...… https://t.co/G2ERFZJAdS

about 18 hours ago

contact details

901 King Street West Suite 400 East Tower
Toronto Ontario M5V 3H5

(416) 855 9557