Back to Top When a privacy breach occurs at The Ottawa Hospital - The Ottawa Hospital Website scanner for suspicious and malicious URLs
 

toh

When a privacy breach occurs at The Ottawa Hospital

November 30, 2010 – Upon learning of a privacy breach, immediate action is taken by the Privacy Office as follows:

  • Privacy Breach Protocol is implemented immediately
  • Identify the scope of the potential breach and take steps to contain it
  • Identify those individuals whose privacy was breached and notify them of the breach, apologizing on behalf of The Ottawa Hospital.
  • Investigate and remediate

All incidents are dealt with appropriately based on The Ottawa Hospital’s Privacy Policy and we remain committed to protecting the privacy, confidentiality and security of all personal health information we are entrusted with by our patients. Privacy Breaches are handled on a case by case basis . Violations of the Privacy Policy by employees are grounds for disciplinary action up to and including dismissal.  Physicians and residents breaching their duty of privacy and confidentiality as outlined in the Privacy Policy may be subject to suspension or termination of privileges.

Preventing breaches

Mechanisms in place to prevent breaches include:

  • Policies that clearly define and limit access to personal health information
  • Appropriate staff education is provided relating to the protection of personal health information – A privacy video was developed for this reason.
  • All new employees sign a Confidentiality Agreement which outlines their obligations and a yearly Confidentiality Pledge is sent out to all staff reminding them of this obligation.
  • Random audits are conducted on the hospital’s electronic records.  Limitations are placed on users to ensure that they only have access to information they require to do their job.
  • Many methods of protecting the information that employees are responsible for: physical (locked offices/filing cabinets), administrative (limiting access on a “need to know” basis) and technical (use of passwords, flags, encryption, etc.).