Pages Menu
Categories Menu

Posted by on Apr 1, 2016 in Bioethics, Patient privacy | 0 comments

For April Fool’s Day & often true (01.04.2016)

For April Fool’s Day & often true (01.04.2016)

As I was preparing to post this comic (1) for April Fool’s Day, I realized that this type of situation occurs all too frequently, even within healthcare and medicine.
How often do we read about this type of thing happening with medical records, with PHI*?

comic showing patient's medical information being dumped into garbage cans outside a building

Comic: Office of the Privacy Commissioner of Canada;

* In privacy and biomedical ethics, the acronym “PHI” has two common definitions in North America:

In Canada, PHI is an umbrella term for personal health information (2) which is defined in more details at the Provincial and Territorial levels:

“The core activities of public hospitals or publicly funded long-term care facilities are not subject to PIPEDA. However, health care providers in private practice such as doctors, dentists and chiropractors are engaged in a commercial activity and thus subject to the Act, unless substantially similar provincial legislation applies…
Alberta, Saskatchewan, Manitoba, Ontario, New Brunswick and Newfoundland and Labrador have enacted personal health information legislation that applies to the health care sector, including hospitals. Quebec’s Act respecting health services and social services also contains important provisions regarding personal health information”

In the United States, under the Health Insurance Portability and Accountability Act of 1996 Privacy Rule (HIPAA), PHI is protected health information (3):

“The HIPAA Privacy Rule protects most “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or medium, whether electronic, on paper, or oral. The Privacy Rule calls this information protected health information (PHI). Protected health information is information, including demographic information, which relates to:
– the individual’s past, present, or future physical or mental health or condition,
– the provision of health care to the individual, or
– the past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual.”

No matter the definition, a patient’s medical information should be protected. Unfortunately – whether it’s faxing laboratory results to the wrong number, or failing to secure (i.e. lock up) medical records, or leaving a computer open without password protection – this is an area where there seems to still be knowledge gaps among healthcare providers and teams…

So enjoy the comic, and consider it to be a good reminder about dealing with patients’ information!   ‘-)

(1) The Office of the Privacy Commissioner of Canada; Government of Canada. “Did you see some boxes of confidential personal information? I left them on the floor right beside my desk!”. 2016. Accessed 01 Apr 2016. Web:

(2) The Office of the Privacy Commissioner of Canada; Government of Canada. “PIPEDA Self-Assessment Tool”. Jul 2008, modified 12 Dec 2012. Accessed 01 Apr 2016. Web:

(3) “Health Information Privacy”. 06 Nov 2015. Accessed 01 Apr 2016. Web:


Post a Reply

Your email address will not be published. Required fields are marked *