Introduction: Breaches of medical confidentiality can have long-lasting effects on not only individuals but organisations and communities as well. Personal information like medical records should only be accessed, used, or disclosed after proper authorization. To ensure this, Canadian laws and regulations are in place to protect medical information. This article discusses a Canadian case of a confidentiality breach in the healthcare sector, provides comments on it based on HIPAA knowledge, and goes over the role of Health Information Custodian (HUC) in protecting patient data.

Body: In 2008, there was a case of confidentiality breach in the Canadian healthcare sector where a person gained unauthorised access to patient information. It was later found that this had been ongoing for at least two years. The hospital discovered the breach while auditing its patient data. Over 400 patient files were found to be improperly accessed by the transcriptionist, who also transmitted some of the information to a personal email address. Charges of criminal breach of trust and unauthorised computer use were brought against the transcriptionist. This case bears similarity to those where HIPAA confidentiality laws are broken in the United States. Under federal statute HIPAA, patient health information's security and privacy is governed. In case of a breach, a HIPAA-covered entity must notify affected parties and the Department of Health and Human Services.

The HUC in Canada is responsible for safeguarding patient information privacy. The HUC oversees the enforcement of Canadian privacy laws in hospitals and healthcare facilities. They can investigate and enforce privacy laws while ensuring healthcare organizations are following necessary procedures and taking security precautions to protect patient data.

Recommendations: Healthcare providers must guarantee the necessary security measures to protect patient data. Access control and encryption are essential security measures that healthcare providers should use to protect patient information. It is also critical to ensure that every staff member has received sufficient training on how to manage and safeguard patient information. Finally, a routine system audit must be performed to ensure unauthorized access to patient information has not occurred.

References:

Canadian Press. (2008, August 21). Medical Transcriptionist Accessing Patient Files. Retrieved from https://www.cbc.ca/news/canada/medical-transcriptionist-accessing-patient-files-1.722212

HIPAA Journal. (2020, April 21). What is HIPAA? Retrieved from https://www.hipaajournal.com/what-is-hipaa/

Privacy Commissioner of Canada. (2020). Health Information Custodian. Retrieved from https://www.priv.gc.ca/en/health-information-custodian/.