How to protect your personal health information
By Anita Jean
Under the Personal Health Information Protection Act (PHIPA), personal health information is:
- Information that can identify you
- Your physical or mental health
- The health care you receive
- What services you are eligible to receive
- Your health card number
PHIPA defines health information custodians as organizations such as hospitals, clinics or pharmacies that have personal health information related to your care. PHIPA has rules about how your health information is handled. If your health information is somehow made available to a third party not involved in your care, this is a breach of privacy. The organization that breached privacy is required to notify you of the breach. Protecting your health information is primarily the responsibility of the health information custodian, although we all have a role in keeping our personal health information private.
There are a few situations where some of your personal information may not follow you, going beyond the "circle of care" of your care providers, or does not go exactly where it should be going. This is when some of the information is not understood correctly. An example: I am treated at the Emergency Department. I am asked where I get my health care. I reply that I go to the Northwest Clinic when I meant to say NorWest Clinic. Another example: I am requesting my medical records to be faxed and provide an incorrect fax number, or if I forget I have changed pharmacies and my prescription is faxed to my old pharmacy.
Knowing your health information plays an important role. It is recommended that patients be aware of the following:
- What is the name of your health care provider? Are they a doctor or nurse practitioner?
- Where to you get your health care? Be specific with the name and location
- What pharmacy you use and the location
Communication between an individual and health care providers normally occurs in person, by telephone or in writing. Some health organizations communicate electronically via:
- Informational website
- Electronic newsletters sent to a list of subscribers
- An intranet where you log in to your account for updates relevant to you
- Online appointment booking
These types of communication with an organization's systems are usually secure due to extensive administrative, technical and physical security measures.
Electronic communication outside of an organization's system, such as external emails with clients, texting, and instant-messaging are not secure. This communication may also not be compliant with privacy legislation. Emailing and texting should be kept to a minimum, for appropriate exchanges, and where there are no other means of communication. You should be made aware that if more than basic "check in" information is shared over texting, this communication is not secure.
You should be aware that text and instant messages:
- Are not encrypted.
- Could be read by anyone.
- Can be forwarded to anyone.
- Likely stay forever on both the sender's and receiver's phone.
- The receiver of the message cannot be authenticated.
When you are seeking health information online, you should be careful about not releasing any information that can identify you. Typically, only general information will be released from an organization following an inquiry. You should consult with your health care provider about any information or health recommendations to determine if it is right for you.
Anita Jean is the Privacy Officer for the NorWest Community Health Centres.
Feel Better, Live Longer, Be Happier