Back to Top Privacy Breaches | The Ottawa Hospital Favourite Icon

Protecting the privacy of our patients

At The Ottawa Hospital, we are committed to protecting the privacy of our patients and the confidentiality and security of all personal health information.

What is a privacy breach?

A privacy breach happens when personal health information has been lost or stolen; or accessed, disclosed or disposed of inappropriately.

What happens when a privacy breach occurs?

As soon as the hospital learns of a privacy breach, the Information and Privacy Office takes the following steps:

  • Identifies the extent of the breach and takes steps to contain it.
  • Investigates the cause of the breach and works to eliminate the risk of it happening again.
  • Notifies the patient(s) whose privacy was breached.

Violations of the hospital’s privacy policy by employees are grounds for disciplinary action up to and including dismissal. Physicians and physician residents breaching their duty to protect the confidentiality of patients and safeguard their personal health information could have their privileges at The Ottawa Hospital suspended or terminated. In addition, privacy breaches involving regulated health professionals will be reported to their respective colleges.

How does the Hospital prevent privacy breaches?

The Ottawa Hospital has taken a variety of steps to prevent privacy breaches. They include:

  • Creating and enforcing policies that clearly limit access to personal health information.
  • Providing education sessions for all employees, physicians and physician residents.
  • Asking all new employees, physicians and physician residents to sign a confidentiality agreement which outlines their obligations.
  • Displaying an automatic notice reminding employees, physicians and physician residents of their obligations when they log-in and access personal health information.
  • Performing random audits of the hospital’s database for electronic records to ensure employees, physicians and physician residents are not accessing more patient information than is necessary to do their jobs.
  • Providing employees and physicians with locked offices, filing cabinets and secure methods to dispose of documents.
  • Restricting patient information to only those employees, physicians and physician residents who need to know.
  • Ensuring all relevant computers are password-protected and all memory sticks are encrypted to protect confidential information.