I’m Kate Dewhirst.

I’m a lawyer who writes about legal issues affecting healthcare in Canada

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

Privacy Officers: We are trust builders

Posted by

Why is privacy important?

Because it is essential for building trust.

Trust pops up time and time again in privacy breach stories.

In the 2017 sentencing hearing for a social worker in an Ontario family health team who was successfully prosecuted for looking at the health records of five clients without authorization (she had accessed many other clients’ health records without authorization but was prosecuted for five), one of the victims told her story and explained the privacy breach as a violation of trust:

There are no words to describe how I feel today. … you betrayed our trust. Trust in a system to help us understand our grief, trust that our story is our own, and trust that as a mother, I promised my children a safe place for their emotions. … You knew my family and you knew we had a story. You took the privacy of four people, two of those being children, and you decided that your curiosity was more important, and I hope today you are held accountable for that.

In the reasons for the sentence of a personal fine of $25,000 to the social worker, Justice Hampson stated:

The various victims have provided victim impact statements which are quite telling in terms of the sense of violation, the loss of trust, the loss of faith in their own health care community, and the utter disrespect that <name removed> displayed towards these individuals. One individual described being vulnerable. There is a fear of misuse of the information, a fear for future treatment. There is a sense of betrayal, a sense of embarrassment, a sense of being exposed.  Numbness and shock from others. Overall, the victim impact statements reveal a lack of trust and a sense of reluctance to share information with future health care providers.

I believe this is a truly significant factor, given that we all must believe that when we go to the doctor for our physical illness and other mental health illnesses, that we will be able to trust our own health care practitioners and their team and that what we tell them will be respected and held in confidence so we receive the treatment and care we deserve.

A trustworthy healthcare system requires robust privacy practices. Privacy Officers are trust builders.

Privacy Officers cultivate the four fundamental elements of trust in a health care environment: competence, reliability, care, and communication.

Competence:   The environment is safe. The team have sufficient skills and capability to provide the services.

Reliability: The team does what they say they will do.  The experience is consistent.

Care: The team has the best interests of patients at heart. The team and patient share the same goals and values. The patient is a valued participant.

Communication: The team operates truthfully and honestly. Information is proactively available. The rules are transparent, understandable and accessible. Questions are welcomed and answered.

Not everyone sees the role of Privacy Officer in a positive light. Privacy Officers are sometimes seen as humourless enforcers or wet blankets telling everyone else what they can’t do.

As a Privacy Officer, how do you avoid terrifying your team into privacy paralysis or constantly sounding like a wet blanket of what “can’t be done”?

The answer is culture.

Privacy compliance is of course a big part of what a Privacy Officer does.  But, a Privacy Officer is always in search of what Chris Pahl, a Privacy Compliance Program Leader at Southern California Edison, calls a “compelling why”:

Training teaches the “what” and the “how” of privacy, but adding to those a compelling “why” is what begins to create culture. Beyond explaining how principles translate into specific requirements and obligations, it is important to help individuals understand why privacy matters at all.

Privacy Officers must be able to identify the privacy rules and describe the steps to take to achieve compliance. And, to avoid being ignored by team members or viewed as a barrier to care, you must also be able to tap in and explain:

  • WHY privacy is important
  • WHY patients care about privacy
  • WHY your team members should look for ways to be more privacy respectful
  • WHY privacy is a way of demonstrating organizational commitment to your mission, vision and values

Think of your role in terms of building trust. That will help you find your compelling why.


If you enjoyed this article please share it:


Previous and next posts from Kate:

Some of Kate’s recent and upcoming events

Team Privacy Training Events
October 16, October 24 and November 21

For Primary Care clinics, Children’s Aid and FHTs

Kate trains health professionals from many more primary care organizations how being privacy-respectful can improve therapeutic relationships. More details...

Speaking event October 23, 2019

Osgoode Professional Development – Mental health Certificate

Kate joins the faculty for this training event. More details...

Primary care webinars: Managing Incapacity & Consent to Treatment

Part of Kate’s monthly webinar series.

Our October webinar is about managing incapacity, and the November title is Consent to Treatment.
Full details of the 2020 webinar series and registration here.

Advanced Privacy Officer training
December 10, 2019

For experienced Privacy Officers within healthcare organisations.

This one day training course focuses on how to handle difficult privacy situations using real-life (but anonymized) case studies and role-play. Full details and registration here...

Privacy Officer training
January 20 & 27 and February 3,10 & 18, 2020

Kate is the program chair for the Osgoode Certificate in Privacy in Healthcare.

This program explores the range of privacy interests that must be protected in the day-to-day treatment of patients, the development of information systems and the creation of institutional policies. More details...

Free healthcare privacy webinar - ask me anything!
October 2, November 6 and December 4

Free webinars - advance registration needed

Whether you're an experienced privacy officer or new in the field, pick Kate’s brain for free for an hour, in this live webinar. No charge, but you’ll need to register in advance.

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets

The main message: A doctor (or any other health information custodian) should never ignore a patient’s access reque… https://t.co/HW8mrFymnC

about 21 hours ago

What happens when someone asks for access to recordings? It depends. Here’s a story about what might happen.… https://t.co/kRnDh5IOo2

12:01 PM Oct 12th

When you have an early warning system you don't hold all those reports until the end of the year. You look for proa… https://t.co/mz22nGp89F

12:01 PM Oct 11th

contact details

901 King Street West Suite 400 East Tower
Toronto Ontario M5V 3H5

(416) 855 9557

.