I’m Kate Dewhirst.

I’m a lawyer who writes about legal issues affecting healthcare in Canada

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

Watch departing employees – what happens if they have health records at home?

Posted by

Decision 69 of the Information and Privacy Commissioner of Ontario was just released.

A former hospital employee (registered health professional who was employed as a Research Coordinator) removed 15 health records, 36 research files and 2 data collection sheets from the hospital’s premises without authorization. The hospital notified police – although the hospital did not believe the former employee was acting with malice.

The former employee said she didn’t remember taking the records off site – and in any event – no longer had them. This was an issue of inappropriate access and loss of health records.

There was no evidence of intentional theft. The records were lost.

The IPC concluded that the hospital took adequate steps to respond to the situation by: following its privacy breach protocol, adequately containing the situation, notifying affected individuals, conducting an investigation and updating their practices with respect to annual confidentiality agreements, privacy training, implementing tighter control over health records, anonymizing research files, implementing sign out protocols and updating its policies for departing employees.

Bottom Line: 

This case is a good reminder to implement the following privacy protocols:

  1. Health records should NOT leave your premises – unless they must and if they must, only with authorization and tracking
  2. Ensure any employee departing your team returns any kind of health information they may have signed out or have at home – that should be a term of their departure agreement
  3. Research records can be records of personal health information – if your team does research, you must have protocols to protect those records

Here is a summary of all 70 IPC decisions.

Calling all Privacy Officers – if you want basic Privacy Officer training or Advanced Privacy Officer training our next programs start in October and November 2018 respectively.


If you enjoyed this article please share it:


Previous and next posts from Kate:

Some of Kate’s recent and upcoming events

Team Privacy Training Events

September 28; October 10,11,17 and 18; and November 8

For Primary Care clinics and FHTs

Kate trains health professionals from many more primary care organizations how being privacy-respectful can improve therapeutic relationships. more details...

Primary care webinar: “Five-Oh! How to manage visits from the police.”

October 12, 2018, 12 noon

Part of Kate’s monthly webinar series.

What do you do when a police officer arrives and wants information about a patient? What do you have to do, and what should you do?

Full details and registration here.

Privacy Officer training

October 2 through November 6, 2018

Kate’s next training course for Privacy Officers in health organizations.

Open to all health Privacy Officers, as well as those hoping to become Privacy Officers. Full details and registration here.

Advanced Privacy Officer training

November 13, 2018

For experienced Privacy Officers within healthcare organisations.

This one day training course focuses on how to handle difficult privacy situations using real-life (but anonymized) case studies and role-play. Full details and registration here.

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets

Good security practices and protocols require everyone’s attention. Your security is only as good as your team memb… https://t.co/uhT9ddSVVg

about 3 hours ago

What is health law? https://t.co/FAdB0AGOQ5 #healthinformation #personalhealth #healthprivacy #HealthLaw #legal #laws #BusinessOfLaw #lawyer

about 7 hours ago

There are 3 key issues hospitals need to manage when recruiting non-licensed physicians to non-medical roles within… https://t.co/T3S1K5YEpr

about 9 hours ago

contact details

901 King Street West Suite 400 East Tower
Toronto Ontario M5V 3H5

(416) 855 9557