I’m Kate Dewhirst.

I’m a lawyer who writes about legal issues affecting healthcare in Canada

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

Privacy Officers: We are trust builders

Posted by

Why is privacy important?

Because it is essential for building trust.

Trust pops up time and time again in privacy breach stories.

In the 2017 sentencing hearing for a social worker in an Ontario family health team who was successfully prosecuted for looking at the health records of five clients without authorization (she had accessed many other clients’ health records without authorization but was prosecuted for five), one of the victims told her story and explained the privacy breach as a violation of trust:

There are no words to describe how I feel today. … you betrayed our trust. Trust in a system to help us understand our grief, trust that our story is our own, and trust that as a mother, I promised my children a safe place for their emotions. … You knew my family and you knew we had a story. You took the privacy of four people, two of those being children, and you decided that your curiosity was more important, and I hope today you are held accountable for that.

In the reasons for the sentence of a personal fine of $25,000 to the social worker, Justice Hampson stated:

The various victims have provided victim impact statements which are quite telling in terms of the sense of violation, the loss of trust, the loss of faith in their own health care community, and the utter disrespect that <name removed> displayed towards these individuals. One individual described being vulnerable. There is a fear of misuse of the information, a fear for future treatment. There is a sense of betrayal, a sense of embarrassment, a sense of being exposed.  Numbness and shock from others. Overall, the victim impact statements reveal a lack of trust and a sense of reluctance to share information with future health care providers.

I believe this is a truly significant factor, given that we all must believe that when we go to the doctor for our physical illness and other mental health illnesses, that we will be able to trust our own health care practitioners and their team and that what we tell them will be respected and held in confidence so we receive the treatment and care we deserve.

A trustworthy healthcare system requires robust privacy practices. Privacy Officers are trust builders.

Privacy Officers cultivate the four fundamental elements of trust in a health care environment: competence, reliability, care, and communication.

Competence:   The environment is safe. The team have sufficient skills and capability to provide the services.

Reliability: The team does what they say they will do.  The experience is consistent.

Care: The team has the best interests of patients at heart. The team and patient share the same goals and values. The patient is a valued participant.

Communication: The team operates truthfully and honestly. Information is proactively available. The rules are transparent, understandable and accessible. Questions are welcomed and answered.

Not everyone sees the role of Privacy Officer in a positive light. Privacy Officers are sometimes seen as humourless enforcers or wet blankets telling everyone else what they can’t do.

As a Privacy Officer, how do you avoid terrifying your team into privacy paralysis or constantly sounding like a wet blanket of what “can’t be done”?

The answer is culture.

Privacy compliance is of course a big part of what a Privacy Officer does.  But, a Privacy Officer is always in search of what Chris Pahl, a Privacy Compliance Program Leader at Southern California Edison, calls a “compelling why”:

Training teaches the “what” and the “how” of privacy, but adding to those a compelling “why” is what begins to create culture. Beyond explaining how principles translate into specific requirements and obligations, it is important to help individuals understand why privacy matters at all.

Privacy Officers must be able to identify the privacy rules and describe the steps to take to achieve compliance. And, to avoid being ignored by team members or viewed as a barrier to care, you must also be able to tap in and explain:

  • WHY privacy is important
  • WHY patients care about privacy
  • WHY your team members should look for ways to be more privacy respectful
  • WHY privacy is a way of demonstrating organizational commitment to your mission, vision and values

Think of your role in terms of building trust. That will help you find your compelling why.


If you enjoyed this article please share it:


Previous and next posts from Kate:

Some of Kate’s recent and upcoming events

Team Privacy Training Events
December 11, January 16-17

For Primary Care clinics, Children’s Aid and FHTs

Kate trains health professionals from many more primary care organizations how being privacy-respectful can improve therapeutic relationships. More details...

Speaking event February 4, 2020

Osgoode Professional Development – Health Law Certificate

Kate joins the faculty for this training event. More details...

Primary care webinars: Employment Law Update & Legal Issues for EDs and Board members

Part of Kate’s monthly webinar series.

Our December webinar is an employment law update, and the January program is a legal update for EDs and Board members.
Full details of the 2020 webinar series and registration here.

Advanced Privacy Officer training
December 10, 2019

For experienced Privacy Officers within healthcare organisations.

This one day training course focuses on how to handle difficult privacy situations using real-life (but anonymized) case studies and role-play. Full details and registration here...

Osgoode Health Privacy training
January 20 & 27 and February 3,10 & 18, 2020

Kate is the program chair for the Osgoode Certificate in Privacy in Healthcare.

This program explores the range of privacy interests that must be protected in the day-to-day treatment of patients, the development of information systems and the creation of institutional policies. More details...

Free healthcare privacy webinar - ask me anything!
December 4 (cancelled) but back January 8

Free webinars - advance registration needed

Whether you're an experienced privacy officer or new in the field, pick Kate’s brain for free for an hour, in this live webinar. No charge, but you’ll need to register in advance.

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets

Law2Life Coaching is the best place successful lawyers can go to unlock more fun and fulfillment from life and work… https://t.co/WUshA9UCqK

about 4 hours ago

It’s not enough for health care organizations to respect patient privacy rights. I believe we have an obligation t… https://t.co/dTMI2lfrOx

about 5 hours ago

contact details

901 King Street West Suite 400 East Tower
Toronto Ontario M5V 3H5

(416) 855 9557

.