Privacy and Release of Personal Health Information

At Pembroke Regional Hospital we collect information about our patients so that you can be accurately identified each time you visit the hospital. Information about the type of tests or procedures you have during your visit is also collected and included in your chart.

Personal health information that is collected is only available to hospital staff who are involved in your care either directly (such as physicians, nurses, technologists, technicians, therapists and other health professionals), or in a supporting role such as Health Records and Financial Services.

Your personal health information may also be used for the following purposes:

• To quickly and accurately identify your health record each time you visit the hospital.
• To provide you with the most effective and appropriate health services or treatment(s). Your visit to the hospital may include assessments of your health condition, surgical and medical procedures and other treatments. All of this information is recorded in your health record and made available to those involved in your care, including health-care providers, who are partners in your care. Pembroke Regional Hospital keeps the history of your health information, so that your caregivers have a complete summary of your health status.
• To comply with legal and regulatory requirements. For example, we collect your health insurance number because it is required for the processing and funding of health-care services.
• To improve the quality and efficiency with which we provide health-care services.
• To facilitate research at Pembroke Regional. Researchers working on studies approved by Pembroke Regional Hospital Research Ethics Board may have access to health information, provided that privacy and confidentiality issues have been addressed with you.

Personal health information may be disclosed to the following persons or agencies:

• A care provider within your circle of care.
• Your personal health information will be disclosed only to care providers involved in your personal care unless you have expressly withheld or withdrawn your consent to do so. Examples of care providers may include your attending doctor, nurses, family doctor, pharmacists, laboratory technicians, etc. Your personal health information will never be disclosed to any care providers who are not involved in your personal care without your consent to do so.
• You or your legal representative.
• Your personal information can be disclosed to someone that you have designated to act on your behalf in the event that you are unable to do so (for example: Power of Attorney for Personal Care, Substitute Decision-Maker).
• Any person or agency to whom the disclosure is required by law.
• A health regulatory agency (such as Ministry of Health and Long-Term Care, Health Canada), if health regulations or laws require health information. For example, hospitals are required to provide health information for billing, statistical reporting, and health-care management purposes.
• Any third party (such as your private insurance company or lawyer) provided you have consented to the disclosure (by signing the Consent For Disclosure Of Personal Health Information To A Third Party), or law requires the disclosure.

Protecting the privacy of our patients

At Pembroke Regional Hospital, we are committed to protecting the privacy of our patients and the confidentiality and security of all personal health information.

A privacy breach happens when personal health information has been lost or stolen; or accessed, disclosed or disposed of inappropriately.

As soon as the hospital learns of a privacy breach, the Information and Privacy Office takes the following steps:

• Identifies the extent of the breach and takes steps to contain it.
• Investigates the cause of the breach and works to eliminate the risk of it happening again.
• Notifies the patient(s) whose privacy was breached.

Violations of the hospital’s privacy policy by employees are grounds for disciplinary action up to and including dismissal. Physicians and physician residents breaching their duty to protect the confidentiality of patients and safeguard their personal health information could have their privileges at Pembroke Regional Hospital suspended or terminated. In addition, privacy breaches involving regulated health professionals will be reported to their respective colleges.

Pembroke Regional Hospital has taken a variety of steps to prevent privacy breaches. They include:

• Creating and enforcing policies that clearly limit access to personal health information.
• Providing education sessions for all employees, physicians and physician residents.
• Asking all new employees, physicians and physician residents to sign a confidentiality agreement which outlines their obligations.
• Displaying an automatic notice reminding employees, physicians and physician residents of their obligations when they log-in and access personal health information.
• Performing random audits of the hospital's database for electronic records to ensure employees, physicians and physician residents are not accessing more patient information than is necessary to do their jobs.
• Providing employees and physicians with locked offices, filing cabinets and secure methods to dispose of documents.
• Restricting patient information to only those employees, physicians and physician residents who need to know.
• Ensuring all relevant computers are password-protected and all memory sticks are encrypted to protect confidential information
• Ensuring patient charts are secured in a restricted access Records storage facility.