Healthcare organisations have a responsibility to protect the privacy of personal information, a responsibility which is often heightened by the potential sensitivity of medical records. But what happens when this protection fails?
While the case study below discusses employees accessing patient records, more common considerations include:
- not sharing patient information over the phone
- not sharing patient information with employer, friends or police unless an approved process is followed
- ensuring patient folders and notes are not left in public view
- ensuring patient names and identities are not left in public view, such as written on whiteboards
- ensuring discussions and handovers are done confidentially.
In this case study a patient receives unwelcome attention from a hospital employee, who retrieved her contact details from her medical records. The employee was terminated following an investigation, which found that obtaining information for inappropriate reasons was a clear breach of hospital policy.
The case study highlights the confidentiality and privacy obligations that health professionals need to be aware of. Read the Lessons Learned [PDF, 213KB].