PROCEDURE FOR PRIVACY BREACH
Below is an outline of the procedure carried out in the event of a privacy breach.
i) Identification and Reporting of a Privacy Breach
If an employee, physician, learner or patient of the Niagara North Family Health Team believes that there has been a breach of privacy they must report the breach immediately to the Privacy Officer using the Privacy Breach Reporting Form.
ii) Containment of the Breach and Preliminary Assessment
The Niagara North Family Health Team will take proper measures to limit and contain the breach.
iii) Evaluate the Risks Associated with the Breach
Risks such as: What caused the breach? What information was involved? Who was affected? And the anticipated harm from the breach are taken into account.
iv) Notify the Affected Individuals and Staff
The individual affected by the breach as well as appropriate staff and supervisors are notified of the incident and of the procedures being taken to mitigate the situation.
v) Investigation and Remediation
The final steps include an internal investigation into the matter with the goals of:
•Ensuring containment and notification have occurred
•Review circumstances around the breach
•Review existing policies to ensure adequacy
•Identify opportunities to prevent a similar breach from happening in the future
Typical Privacy Breaches
1.Leaving a detailed telephone message including personal health information
2. Faxing information to wrong fax number and/or to a non-health care provider
3. Sending mailings/emailings with personal health information to the wrong person
4. Wrong or incorrect information is placed in chart.
5. Sharing information about a patient in a non private setting
6. Patient information sent to the incorrect doctor (referral)