When the WHO declared COVID to be a worldwide pandemic in March of 2020, one of the immediate impacts was the movement to provide services virtually. Traffic using internet-based video conferencing soared as people abandoned their physical workspaces in droves and set up home offices in basements, attics and kitchen tables. Laptops and technical solutions like Zoom or Skype made this sudden migration home technically possible and relatively smooth. It did, however, also expose a weakness in the traditional models of IT security and information privacy that relied on a combination of technology and physical containment of hardware.
Healthcare also shifted rapidly from decades old familiar practices of providing services in a clinical setting, to a new virtual model. Within a matter of days, healthcare professionals were providing patient consultation via computer video links and issuing treatment plans with referrals and prescriptions. The public was generally amazed at the new service delivery model and we all cheered at how quickly it was deployed. However the impact to patient privacy and clinic responsibilities may have been overlooked in the rush to a virtual delivery model.
Government regulatory bodies also began to quickly update their privacy policies to reflect the realities of a virtual model. The fast response by these bodies was unprecedented and the changes were absorbed and acted on by many healthcare providers. Indeed, the Office of the Information and Privacy Commissioner of Alberta noted in their 2020 annual report that over 100 Privacy Impact Assessments (PIA) were updated from providers between March 19 and March 31, 2020. While the number of clinics that responded so quickly is impressive, overall it demonstrates that many organisations have fallen behind in the rush to a virtual model. In fact, the number of cases opened under the Alberta Health Information Act in 2019 – 2020 increased by 36% over the previous reporting period. This is an important reminder that compliance with the Act remains a challenge for many organizations. Provincial regulators have made two important points clear regarding this switch to a virtual/at-home model:
- Privacy Impact Assessments (PIAs) must be updated to reflect the new service model. Despite the unusual and trying circumstances of the COVID pandemic, healthcare organisations are under the same obligations of standards for privacy requirements
- There is no relaxing of privacy regardless of the public health emergency.
As many family physicians, and specialist now do patient appointments from the home office, it is apparent that maintaining privacy standards can be more challenging in the informal workplace of the family home. Healthcare professionals have been removed from their normal routines and safeguards that they rely on to protect against privacy breaches. For example, family members at home may distract and alter our ability to focus on work tasks and follow all privacy protocols. Also, the change to a home workspace may not be as private or secure , and therefore subject to unintentional data breaches. Additionally, healthcare professionals are taking home laptops and accessing private patient files outside their “usual” work environment, leaving increased opportunities for privacy concerns. These are just three small ways in which privacy can be compromised and organisations vulnerable to the consequences.
Best practices remind us to return to basics when our routines are dramatically disrupted. For medical professionals, this means updating training on privacy awareness and reinforcing these issues to the forefront of our work habits. Corridor has the solutions with the most current policy information and best practices to quickly ensure your staff are compliant with their privacy obligations and educated on their importance. Corridor’s Privacy Awareness in Health Care training can help ensure your healthcare staff – doctors, nurses, assistants and support staff – are all clear on how to protect a patient’s personal health information in any work setting, and when and how the information may be accessed. In addition to Ontario, Alberta and cross-Canada privacy training programs, Corridor also offers a version specifically for dentists and dental clinic staff.
Contact us for more information and how we can help.
