A Calgary pharmacist has been cited for using the health information of a patient in an attempt to establish a personal relationship with her.
The woman complained to the Information and Privacy Commissioner, alleging that the relief pharmacist employed at a pharmacy in Calgary, had contacted her twice by phone and attempted to “friend” her on Facebook.
The Health Information Act (HIA) prohibits employees from using health information for purposes not required to do their job. The investigation by the Privacy Commissioner found that the pharmacist misused health information, and that the pharmacy manager had failed to provide privacy and security training to the pharmacist.
The pharmacy had access to privacy policies and training but the pharmacist in question was not made aware of these policies by the pharmacist manager. The investigation concluded by reinforcing the need for following through on administrative and technical safeguards and training for all staff.
Do you provide privacy training for all of your staff – including professional healthcare service providers? How do you document that each staff has received the training? How often do you re-fresh or update the training? A privacy management program is an important part of your responsibility as a healthcare provider, practice management and business owner. See our training programs for additional resources you can use right away.
For more information, check out the full OIPC Investigation Report H2013-IR-02
You can also read the Calgary Herald article (Dec 17, 2013) here