I’m Kate Dewhirst.

I’m a lawyer who writes about legal issues affecting healthcare in Canada

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

Watch departing employees – what happens if they have health records at home?

Posted by

Decision 69 of the Information and Privacy Commissioner of Ontario was just released.

A former hospital employee (registered health professional who was employed as a Research Coordinator) removed 15 health records, 36 research files and 2 data collection sheets from the hospital’s premises without authorization. The hospital notified police – although the hospital did not believe the former employee was acting with malice.

The former employee said she didn’t remember taking the records off site – and in any event – no longer had them. This was an issue of inappropriate access and loss of health records.

There was no evidence of intentional theft. The records were lost.

The IPC concluded that the hospital took adequate steps to respond to the situation by: following its privacy breach protocol, adequately containing the situation, notifying affected individuals, conducting an investigation and updating their practices with respect to annual confidentiality agreements, privacy training, implementing tighter control over health records, anonymizing research files, implementing sign out protocols and updating its policies for departing employees.

Bottom Line: 

This case is a good reminder to implement the following privacy protocols:

  1. Health records should NOT leave your premises – unless they must and if they must, only with authorization and tracking
  2. Ensure any employee departing your team returns any kind of health information they may have signed out or have at home – that should be a term of their departure agreement
  3. Research records can be records of personal health information – if your team does research, you must have protocols to protect those records

Here is a summary of all 70 IPC decisions.

Calling all Privacy Officers – if you want basic Privacy Officer training or Advanced Privacy Officer training our next programs start in October and November 2018 respectively.


If you enjoyed this article please share it:


Previous and next posts from Kate:

Some of Kate’s recent and upcoming events

Health Privacy Officer training
September 22, 2020

For Privacy Officers within healthcare organizations - now totally online.

This course focuses on how to become a more confident privacy officer and gives you the tools to document your privacy program. Full details and registration here...

Primary care webinars: Employment Law Update & Legal Issues for EDs and Board members

Part of Kate’s monthly webinar series.

Our September program is on privacy litigation and the October program will address harassment issues and scenarios.
Full details of the 2020 webinar series and registration here.

Free healthcare privacy webinar - ask me anything!
the first Wednesday of every month (Off for the Summer - next up: September 2 and October 7)

Free webinars - advance registration needed

Whether you're an experienced privacy officer or new in the field, pick Kate’s brain for free for an hour, in this live webinar. No charge, but you’ll need to register in advance.

Free Part X CYFSA privacy webinar - ask me anything!
the second Wednesday of every month (next up: July 8 and August 12)

Free webinars - advance registration needed

Whether you're an experienced privacy officer or new in the field, pick Kate’s brain for free for an hour, in this live webinar. No charge, but you’ll need to register in advance.

Team Privacy Training Events
July 8, 23, 28 August 4, October 7, 8

For Primary Care clinics, Hospitals, Community Agencies and Children’s Aid

Kate trains health professionals from many more health care organizations how being privacy-respectful can improve therapeutic relationships. More details...

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets

[OCT 1] Webinar Series Case Study: Harassment investigations Register now - webinars on legal topics for EDs and ma… https://t.co/lgZdYW7mt6

about 7 hours ago

[STARTS SEPT 22, 2020] Become an even better Privacy Officer! Join my health sector online Privacy Officer training… https://t.co/EfW1pfFy4f

12:02 PM Sep 17th

[OCT 7] Register for my free upcoming Ask Me Anything About Health Privacy webinar at this link...… https://t.co/j63mcVxsHJ

12:02 PM Sep 16th

contact details

P.O. Box 97010 Roncesvalles
Toronto Ontario M6R 3B3

(416) 855 9557

.