Privacy Officers: We are trust builders
Why is privacy important?
Because it is essential for building trust.
Trust pops up time and time again in privacy breach stories.
In the 2017 sentencing hearing for a social worker in an Ontario family health team who was successfully prosecuted for looking at the health records of five clients without authorization (she had accessed many other clients’ health records without authorization but was prosecuted for five), one of the victims told her story and explained the privacy breach as a violation of trust:
There are no words to describe how I feel today. … you betrayed our trust. Trust in a system to help us understand our grief, trust that our story is our own, and trust that as a mother, I promised my children a safe place for their emotions. … You knew my family and you knew we had a story. You took the privacy of four people, two of those being children, and you decided that your curiosity was more important, and I hope today you are held accountable for that.
In the reasons for the sentence of a personal fine of $25,000 to the social worker, Justice Hampson stated:
The various victims have provided victim impact statements which are quite telling in terms of the sense of violation, the loss of trust, the loss of faith in their own health care community, and the utter disrespect that <name removed> displayed towards these individuals. One individual described being vulnerable. There is a fear of misuse of the information, a fear for future treatment. There is a sense of betrayal, a sense of embarrassment, a sense of being exposed. Numbness and shock from others. Overall, the victim impact statements reveal a lack of trust and a sense of reluctance to share information with future health care providers.
I believe this is a truly significant factor, given that we all must believe that when we go to the doctor for our physical illness and other mental health illnesses, that we will be able to trust our own health care practitioners and their team and that what we tell them will be respected and held in confidence so we receive the treatment and care we deserve.
A trustworthy healthcare system requires robust privacy practices. Privacy Officers are trust builders.
Privacy Officers cultivate the four fundamental elements of trust in a health care environment: competence, reliability, care, and communication.
Competence: The environment is safe. The team have sufficient skills and capability to provide the services.
Reliability: The team does what they say they will do. The experience is consistent.
Care: The team has the best interests of patients at heart. The team and patient share the same goals and values. The patient is a valued participant.
Communication: The team operates truthfully and honestly. Information is proactively available. The rules are transparent, understandable and accessible. Questions are welcomed and answered.
Not everyone sees the role of Privacy Officer in a positive light. Privacy Officers are sometimes seen as humourless enforcers or wet blankets telling everyone else what they can’t do.
As a Privacy Officer, how do you avoid terrifying your team into privacy paralysis or constantly sounding like a wet blanket of what “can’t be done”?
The answer is culture.
Privacy compliance is of course a big part of what a Privacy Officer does. But, a Privacy Officer is always in search of what Chris Pahl, a Privacy Compliance Program Leader at Southern California Edison, calls a “compelling why”:
Training teaches the “what” and the “how” of privacy, but adding to those a compelling “why” is what begins to create culture. Beyond explaining how principles translate into specific requirements and obligations, it is important to help individuals understand why privacy matters at all.
Privacy Officers must be able to identify the privacy rules and describe the steps to take to achieve compliance. And, to avoid being ignored by team members or viewed as a barrier to care, you must also be able to tap in and explain:
- WHY privacy is important
- WHY patients care about privacy
- WHY your team members should look for ways to be more privacy respectful
- WHY privacy is a way of demonstrating organizational commitment to your mission, vision and values
Think of your role in terms of building trust. That will help you find your compelling why.