I’m Kate Dewhirst.

My team and I write about legal issues affecting healthcare in Canada.

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

Privacy Officers: We are trust builders

Posted by

Why is privacy important?

Because it is essential for building trust.

Trust pops up time and time again in privacy breach stories.

In the 2017 sentencing hearing for a social worker in an Ontario family health team who was successfully prosecuted for looking at the health records of five clients without authorization (she had accessed many other clients’ health records without authorization but was prosecuted for five), one of the victims told her story and explained the privacy breach as a violation of trust:

There are no words to describe how I feel today. … you betrayed our trust. Trust in a system to help us understand our grief, trust that our story is our own, and trust that as a mother, I promised my children a safe place for their emotions. … You knew my family and you knew we had a story. You took the privacy of four people, two of those being children, and you decided that your curiosity was more important, and I hope today you are held accountable for that.

In the reasons for the sentence of a personal fine of $25,000 to the social worker, Justice Hampson stated:

The various victims have provided victim impact statements which are quite telling in terms of the sense of violation, the loss of trust, the loss of faith in their own health care community, and the utter disrespect that <name removed> displayed towards these individuals. One individual described being vulnerable. There is a fear of misuse of the information, a fear for future treatment. There is a sense of betrayal, a sense of embarrassment, a sense of being exposed.  Numbness and shock from others. Overall, the victim impact statements reveal a lack of trust and a sense of reluctance to share information with future health care providers.

I believe this is a truly significant factor, given that we all must believe that when we go to the doctor for our physical illness and other mental health illnesses, that we will be able to trust our own health care practitioners and their team and that what we tell them will be respected and held in confidence so we receive the treatment and care we deserve.

A trustworthy healthcare system requires robust privacy practices. Privacy Officers are trust builders.

Privacy Officers cultivate the four fundamental elements of trust in a health care environment: competence, reliability, care, and communication.

Competence:   The environment is safe. The team have sufficient skills and capability to provide the services.

Reliability: The team does what they say they will do.  The experience is consistent.

Care: The team has the best interests of patients at heart. The team and patient share the same goals and values. The patient is a valued participant.

Communication: The team operates truthfully and honestly. Information is proactively available. The rules are transparent, understandable and accessible. Questions are welcomed and answered.

Not everyone sees the role of Privacy Officer in a positive light. Privacy Officers are sometimes seen as humourless enforcers or wet blankets telling everyone else what they can’t do.

As a Privacy Officer, how do you avoid terrifying your team into privacy paralysis or constantly sounding like a wet blanket of what “can’t be done”?

The answer is culture.

Privacy compliance is of course a big part of what a Privacy Officer does.  But, a Privacy Officer is always in search of what Chris Pahl, a Privacy Compliance Program Leader at Southern California Edison, calls a “compelling why”:

Training teaches the “what” and the “how” of privacy, but adding to those a compelling “why” is what begins to create culture. Beyond explaining how principles translate into specific requirements and obligations, it is important to help individuals understand why privacy matters at all.

Privacy Officers must be able to identify the privacy rules and describe the steps to take to achieve compliance. And, to avoid being ignored by team members or viewed as a barrier to care, you must also be able to tap in and explain:

  • WHY privacy is important
  • WHY patients care about privacy
  • WHY your team members should look for ways to be more privacy respectful
  • WHY privacy is a way of demonstrating organizational commitment to your mission, vision and values

Think of your role in terms of building trust. That will help you find your compelling why.

If you enjoyed this article please share it:

Previous and next posts from Kate:

Some of Kate’s recent and upcoming events

Free healthcare privacy webinar - ask me anything!
the first Wednesday of every month

Free webinars - advance registration needed

Whether you're an experienced privacy officer or new in the field, pick Kate’s brain for free for an hour, in this live webinar. No charge, but you’ll need to register in advance.

Primary care webinars: Employment Law Update & Legal Issues for EDs and Board members

Part of Kate’s monthly webinar series.

Our 2025 program is now live.
Full details of the 2024 webinar series and registration here.

Mental Health webinars: Legal issues for mental health and addictions agencies and teams
Annual membership 2025

For managers and other leaders from mental health and addictions agencies, hospitals, CMHAs, CHCs, school boards, FHTs and Indigenous health services

This is an annual membership program with monthly webinars.
Full details and registration here.

Health Privacy Officer Foundations training
starts Spring 2025

For Privacy Officers within healthcare organizations.

This course focuses on how to become a more confident privacy officer and gives you the tools to document your privacy program. Full details and registration here...

Join the Shush: a collective of health privacy officers
Annual membership 2024

For Privacy Officers within healthcare organizations

This is an annual membership program that takes theory into practice and tackles real life scenarios to build Privacy Officer skills.
Full details and registration here.

Team Privacy Training Events

For Primary Care clinics, Hospitals, Community Agencies, Mental Health Teams, Public Health Units, School Boards, Police departments

Scheduled to your team's needs for comprehensive or refresher training More details...

Free summary of all PHIPA IPC decisions

Want to read privacy breach stories to learn how to improve your work? We have summarized all the Information and Privacy Commissioner's health privacy decisions for you Download here...

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets

  • Our twitter feed is unavailable right now. Follow us on Twitter

    • contact details

    P.O. Box 13024, RPO Bradford Centre
    Bradford, ON, L3Z 2Y5

    (416) 855 9557

    info@katedewhirst.com
    www.katedewhirst.com

    .