Not all privacy breaches of Humboldt Broncos' records by doctors are 'snooping,' says college
Privacy commissioner found 6 doctors, 1 office employee inappropriately looked at records
Saskatchewan's privacy commissioner found several doctors had inappropriately accessed electronic health records of Humboldt Broncos involved in a fatal bus crash last April, but a spokesperson for the College of Physicians and Surgeons of Saskatchewan says some of the cases don't meet the bar of "snooping."
Saskatchewan's eHealth branch began monitoring the files of people involved in the high-profile tragedy almost immediately after the fatal crash.
"Anytime the profiles were accessed, eHealth would receive an alert," confirmed Shaylene Salazar, who is the VP of Strategy, Quality and Risk for eHealth Saskatchewan.
A few of the circumstances pointed out by the privacy commissioner involved three doctors who had provided emergency care to some Broncos at the Nipawin Hospital. Those doctors later reviewed patient records of those they treated, believing they were in the patient's "circle of care."
The privacy commissioner's findings indicate that " there is a misunderstanding among a lot of health care practitioners — when they provided care to a particular patient — when it may be appropriate to look at information about the patient they provided care to," said Bryan Salte, legal counsel for the College of Physicians and Surgeons of Saskatchewan.
The college won't look into the physician's conduct unless a formal complaint is filed.
Salte said it appears the physicians are "a very different circumstance then what we regard as snooping, which is something that is significant and serious."
The college would view snooping as "looking at patient records completely unrelated to the care that's being provided, so [for example] somebody who looks at their daughter's boyfriend's patient records."
The privacy commissioner's report "recommended some changes to the regulations to allow physicians to access patient information when they provided care in the past in order to know did they provide appropriate care," he said.
Salte said current legislation says doctors must only look at a file in order to provide care, regardless of past or potential future encounters.
He said this is problematic because they may not know if they provided adequate care, he said.
"There are still some ongoing challenges as to what the proper balance between privacy and providing appropriate health care is."
The privacy commissioner issued several recommendations in the reports, including that eHealth should conduct regular monthly audits of the physicians involved for the next three years. He also recommended that the organization comply with a need-to-know principle rather than a circle-of-care concept.
Salazar said eHealth is considering the "lengthy list" of recommendations and said they want to balance securing patient information while ensuring health providers can access patient information in a timely manner.
Patients can request increased privacy
There are about 10,000 healthcare workers in the province who have access to the electronic viewer which contains patient records, Salazar said.
The workers are required to take privacy training and agree to the terms prior to gaining access to the record system.
Salazar said professionals aren't supposed to view their own information or the information of family members, for example, and eHealth will be flagged if they do so. People can also request increased security on their personal information.
"Patients can ask eHealth to fully block or mask their information if choose to, so this would prevent providers or individuals from being able to access that information," she said.
Patients can also request a report that details everyone who has viewed their information.
with files from The Canadian Press