PEI

6 ways P.E.I.'s Health Information Act preserves your privacy

In July a new Health Information Act came into effect on P.E.I., and this week Health PEI revealed a staff member had been accessing medical files without authority for three years.

Queen Elizabeth Hospital staff member accessed 353 files according to Health PEI

Every time medical information is accessed, the user leaves an electronic footprint. (Shutterstock)

In July a new Health Information Act came into effect on P.E.I., and this week Health PEI revealed a staff member had been accessing medical files without authority for three years.

Health department lawyer Nichola Hewitt helped draft the Health Information Act, and provided this information on how it works.

What's in the file

Personal health information records can contain a wide range of information.

In addition to the expected information on physical and mental health illnesses, there can be personal and family health histories, your entitlements to health care benefits, as well as information on what medications or medical devices you are using.

Limits to access

Only health care professionals who are directly involved in your care can access your personal health information.

But that can involve a number of people, from doctors to nurses to pharmacists and X-ray technicians.

Not everyone has access to everything in the file. Access can be limited to those parts of the file required for the person to do their job.

How access is controlled

Information is stored electronically. In order to access the file, health care professionals have to use their own unique login.

An electronic footprint is left every time someone accesses your information.

You can look for yourself

Patients have a right to review their own information.

You can either sit down with a health-care professional and go through the information, or ask for copies. A nominal fee will be charged if you want your own copy.

The person or institution holding the records has to maintain a record of who is viewing the information, and you can also ask for that list.

What happens if there is a breach?

There are several kinds of breaches possible.

In addition to unauthorized access, information can be lost or stolen, or destroyed when it should not have been.

If there is a breach, the person involved must be notified along with the privacy commissioner. The commissioner will review the breach and can provide advice.

Are there penalties?

The act provides for fines of up to $15,000 and six months in jail.

In the case of corporations, the maximum fine is $50,000.

With files from Island Morning