The consequences of mishandling patient information

Do unto others as you would have them do unto you. The golden rule is the best policy when it comes to patient privacy. Think about how you’d like your information handled, and treat your patients’ information with the same respect and care. That perspective is a good place to start when creating your clinic’s privacy policy and procedures. And if you train your staff to respect patient information as they would their own, you’ll likely never have to worry about the consequences of mishandling protected patient records.

In Alberta, the Office of the Information and Privacy Commissioner (OIPC) is responsible for “ensuring public bodies, health custodians and private sector organizations uphold the access and privacy rights contained in the laws of Alberta.”With access to Netcare expanding in Alberta, it’s important that you understand how to uphold the Province’s access and privacy rights.For starters, what happens when the law is not followed?

For reference, here are five OIPC articles detailing cases of inappropriate access to health information and the consequences that followed.

  1. A $3,000 fine received for accessing health information in contravention of the Health Information Act (HIA)
  1. A former supervisor of health information management was convicted for unauthorized accesses to health information.
  1. A judge issued a $5,000 fine when a woman plead guilty to wrongly accessing the health information of 26 people.
  1. A person was convicted of inappropriately accessing health information after the OIPC completed an investigation and referred the matter to Crown prosecutors at Alberta Justice.
  1. An investigation by the OIPC resulted in 14 charges being laid against an individual under the Health Information Act (HIA).

The proper handling of patient information is an important part of privacy policies and procedures outlined in your clinic’s Privacy Impact Assessment. Much of the law is common sense – don’t access information you have no professional business accessing. If your clinic staff adhere to the procedures contained in a PIA accepted by the OIPC, you can be much more certain you are protecting patient privacy as required.

For more information on how to create a PIA and what’s required, visit