I’m Kate Dewhirst.

I’m a lawyer who writes about legal issues affecting healthcare in Canada

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

Watch departing employees – what happens if they have health records at home?

Posted by

Decision 69 of the Information and Privacy Commissioner of Ontario was just released.

A former hospital employee (registered health professional who was employed as a Research Coordinator) removed 15 health records, 36 research files and 2 data collection sheets from the hospital’s premises without authorization. The hospital notified police – although the hospital did not believe the former employee was acting with malice.

The former employee said she didn’t remember taking the records off site – and in any event – no longer had them. This was an issue of inappropriate access and loss of health records.

There was no evidence of intentional theft. The records were lost.

The IPC concluded that the hospital took adequate steps to respond to the situation by: following its privacy breach protocol, adequately containing the situation, notifying affected individuals, conducting an investigation and updating their practices with respect to annual confidentiality agreements, privacy training, implementing tighter control over health records, anonymizing research files, implementing sign out protocols and updating its policies for departing employees.

Bottom Line: 

This case is a good reminder to implement the following privacy protocols:

  1. Health records should NOT leave your premises – unless they must and if they must, only with authorization and tracking
  2. Ensure any employee departing your team returns any kind of health information they may have signed out or have at home – that should be a term of their departure agreement
  3. Research records can be records of personal health information – if your team does research, you must have protocols to protect those records

Here is a summary of all 70 IPC decisions.

Calling all Privacy Officers – if you want basic Privacy Officer training or Advanced Privacy Officer training our next programs start in October and November 2018 respectively.


If you enjoyed this article please share it:


Previous and next posts from Kate:

Some of Kate’s recent and upcoming events

Team Privacy Training Events
February 12, 19, 26, 27, Mar 2, 9, 11, 24, 27

For Primary Care clinics, Hospitals, Community Agencies and Children’s Aid

Kate trains health professionals from many more health care organizations how being privacy-respectful can improve therapeutic relationships. More details...

Speaking event March 25, 2020

Osgoode Professional Development – Health Law Certificate

Kate joins the faculty for this training event. More details...

Primary care webinars: Employment Law Update & Legal Issues for EDs and Board members

Part of Kate’s monthly webinar series.

Our March webinar is on questions to ask your insurer and the April program is on changes to pregnant employees' positions.
Full details of the 2020 webinar series and registration here.

Health Privacy Officer training
April 28, 2020

For Privacy Officers within healthcare organisations.

This course focuses on how to become a more confident privacy officer and gives you the tools to document your privacy program. Full details and registration here...

Osgoode Health Privacy training
January 20 & 27 and February 3,10 & 18, 2020

Kate is the program chair for the Osgoode Certificate in Privacy in Healthcare.

This program explores the range of privacy interests that must be protected in the day-to-day treatment of patients, the development of information systems and the creation of institutional policies. More details...

Free healthcare privacy webinar - ask me anything!
March 4 (cancelled) but back April 1

Free webinars - advance registration needed

Whether you're an experienced privacy officer or new in the field, pick Kate’s brain for free for an hour, in this live webinar. No charge, but you’ll need to register in advance.

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets

Trust Builders: Profiles of Health Privacy Officers – Simeon Kanev, Alliance for Healthier Communities… https://t.co/7ZoEPyhzIk

about 4 hours ago

I was thrilled to be invited to participate in the 4th Edition of Public Health Law and Policy in Canada, which was… https://t.co/PuQKQZLXu9

about 13 hours ago

contact details

901 King Street West Suite 400 East Tower
Toronto Ontario M5V 3H5

(416) 855 9557

.