Saskatchewan

Sask. health minister considering beefing up privacy rules

Saskatchewan's privacy commissioner says it should be mandatory for anyone who breaches a patient's personal health information to tell them about it.

Commissioner says disclosure of breaches should be mandatory, not voluntary

Saskatchewan's information and privacy commissioner recommends improvements for health protection in the future. (Stefani Langenegger/CBC)

Saskatchewan's privacy commissioner says it should be mandatory for those who breach a patient's personal health information to tell them about it.

Ron Kruzeniski released his annual report as Saskatchewan Information and Privacy Commissioner on Tuesday morning.

Included in it, are 26 proposals to improve the protection of people's health information.

Disclose privacy breaches

Among them, is a recommendation by the commissioner that it be mandatory for a health trustee to tell someone when his or her personal health information has been disclosed without consent.

"Say for example if I have cancer and I've chosen not to tell my family and for some reason it's breached," said Kruzeniski. "I need the opportunity to take remedial action to do whatever I'm going to do to, I guess, let my family know."

Health Minister Dustin Duncan said he wants time to review all of the recommendations and decide which to implement.

But on the face of it, he said that particular suggestion by the commissioner seems to make sense. 

"If somebody's privacy is violated, even if that information isn't shared beyond one person snooping into the files, it does make some sense that an individual would be notified that their privacy had been breached," he said.

Protect whistleblowers

Kruzeniski also recommends the government implement a whistleblower provision for those who alert others to privacy breaches.

"We've certainly encountered instances where it's the colleague next door that notices that somebody is snooping or something isn't right," he said.

Kruzeniski also wants the definition of trustee broadened to include anyone who operates a health facility as well as the definition of employee broadened to include anyone who comes into contact with a person's health information — including trainees and volunteers.

The government has made two recent amendments to its Health Information Protection Act in June, related to employee snooping and abandoned patient records.

Kruzeniski expects the government to study his latest recommendations for the next year or two.