I’m Kate Dewhirst.

I’m a lawyer who writes about legal issues affecting healthcare in Canada

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

Privacy Officers: We are trust builders

Posted by

Why is privacy important?

Because it is essential for building trust.

Trust pops up time and time again in privacy breach stories.

In the 2017 sentencing hearing for a social worker in an Ontario family health team who was successfully prosecuted for looking at the health records of five clients without authorization (she had accessed many other clients’ health records without authorization but was prosecuted for five), one of the victims told her story and explained the privacy breach as a violation of trust:

There are no words to describe how I feel today. … you betrayed our trust. Trust in a system to help us understand our grief, trust that our story is our own, and trust that as a mother, I promised my children a safe place for their emotions. … You knew my family and you knew we had a story. You took the privacy of four people, two of those being children, and you decided that your curiosity was more important, and I hope today you are held accountable for that.

In the reasons for the sentence of a personal fine of $25,000 to the social worker, Justice Hampson stated:

The various victims have provided victim impact statements which are quite telling in terms of the sense of violation, the loss of trust, the loss of faith in their own health care community, and the utter disrespect that <name removed> displayed towards these individuals. One individual described being vulnerable. There is a fear of misuse of the information, a fear for future treatment. There is a sense of betrayal, a sense of embarrassment, a sense of being exposed.  Numbness and shock from others. Overall, the victim impact statements reveal a lack of trust and a sense of reluctance to share information with future health care providers.

I believe this is a truly significant factor, given that we all must believe that when we go to the doctor for our physical illness and other mental health illnesses, that we will be able to trust our own health care practitioners and their team and that what we tell them will be respected and held in confidence so we receive the treatment and care we deserve.

A trustworthy healthcare system requires robust privacy practices. Privacy Officers are trust builders.

Privacy Officers cultivate the four fundamental elements of trust in a health care environment: competence, reliability, care, and communication.

Competence:   The environment is safe. The team have sufficient skills and capability to provide the services.

Reliability: The team does what they say they will do.  The experience is consistent.

Care: The team has the best interests of patients at heart. The team and patient share the same goals and values. The patient is a valued participant.

Communication: The team operates truthfully and honestly. Information is proactively available. The rules are transparent, understandable and accessible. Questions are welcomed and answered.

Not everyone sees the role of Privacy Officer in a positive light. Privacy Officers are sometimes seen as humourless enforcers or wet blankets telling everyone else what they can’t do.

As a Privacy Officer, how do you avoid terrifying your team into privacy paralysis or constantly sounding like a wet blanket of what “can’t be done”?

The answer is culture.

Privacy compliance is of course a big part of what a Privacy Officer does.  But, a Privacy Officer is always in search of what Chris Pahl, a Privacy Compliance Program Leader at Southern California Edison, calls a “compelling why”:

Training teaches the “what” and the “how” of privacy, but adding to those a compelling “why” is what begins to create culture. Beyond explaining how principles translate into specific requirements and obligations, it is important to help individuals understand why privacy matters at all.

Privacy Officers must be able to identify the privacy rules and describe the steps to take to achieve compliance. And, to avoid being ignored by team members or viewed as a barrier to care, you must also be able to tap in and explain:

  • WHY privacy is important
  • WHY patients care about privacy
  • WHY your team members should look for ways to be more privacy respectful
  • WHY privacy is a way of demonstrating organizational commitment to your mission, vision and values

Think of your role in terms of building trust. That will help you find your compelling why.


If you enjoyed this article please share it:


Previous and next posts from Kate:

Some of Kate’s recent and upcoming events

Team Privacy Training Events

April 15, May 3, June 7, 13, 20 & 25

For Primary Care clinics and FHTs

Kate trains health professionals from many more primary care organizations how being privacy-respectful can improve therapeutic relationships. more details...

Speaking event

April 10, 2019

At Osgoode Hall

Kate speaks at the Osgoode Health Law Certificate workshop on privacy for health care organizations. More details...

Primary care webinars: Contracts & Communications

April 11 and May 2, 2019, 12 noon

Part of Kate’s monthly webinar series.

Our April webinar is on employee contracts, and in May our title is communication faux pas.

Full details of the 2019 webinar series and registration here.

Privacy Officer training

April 30 through June 4, 2019

Kate’s specialist training course for Privacy Officers in health organizations.

Open to all health Privacy Officers, as well as those hoping to become Privacy Officers. Full details and registration for Privacy Officer training next spring here...

Advanced Privacy Officer training

June 18, 2019

For experienced Privacy Officers within healthcare organisations.

This one day training course focuses on how to handle difficult privacy situations using real-life (but anonymized) case studies and role-play. Full details and registration here...

Free healthcare privacy webinar - ask me anything!

April 3, 2019 12 noon - 1 pm and
May 1, 2019 9 - 10 am

Free webinar - advance registration needed

Whether you're an experience privacy officer or new in the field, pick Kate’s brain for free for an hour, in this live webinar. No charge, but you’ll need to register in advance.

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets

Webinar recording now available! Topics covered: - Health privacy law update - When do children make their own info… https://t.co/crUhW2tgRn

56 minutes ago


contact details

901 King Street West Suite 400 East Tower
Toronto Ontario M5V 3H5

(416) 855 9557

.