From U of M Internal Medicine Wiki
Jump to navigationJump to search
Policy: PHIA
Policy Nr: Sec 13 - 04
Target Review Date: 2019-08-16
Main Stakeholder: WRHA

This article provides information about processes and training for PHIA (Personal Health Information Act). See for more info on the act itself.

This article is not intended to be a discussion of FIPPA.

PHIA Policies - WRHA

The following is a link to all the WRHA PHIA policies:

Once you go to the site noted above you will see an error code - you will then need to search PHIA policies and then the link will open to all policies.

Privacy Breaches - What You Need to Know

  • In your life you play different roles including family member, friend, healthcare consumer, co-worker and WRHA employee. As WRHA employee working within the healthcare system you may learn confidential information about people who play a part in those other roles in your life.

Privacy Breaches

  • Information you learn while at work cannot be shared with others who are not entitled to know the information. It is not appropriate to discuss a patient’s history with others if it is not relevant to the care currently being provided.
  • It is never acceptable to share personal health information with anyone who is not providing care to an individual, unless that patient has consented for you to share the information. Although you may see a family member or friend while working who may share information with you, it is not appropriate to share that information with others - this includes other family members or friends.
  • Patients may not always understand that if they share personal information with someone they know who works in a healthcare setting that the person is bound by the Personal Health Information Act and is not able to disclose that information with others.
  • Sharing information with others who do not need to know the information, or sharing too much information, is considered a privacy breach. Only provide the minimum amount of information necessary for you and others to do their job.
  • Examples:
  • If your neighbours present to hospital after being involved in a car accident, it would not be appropriate to go home and tell your family that the “Smiths” from across the street were involved in an accident, unless your neighbours specifically told you to notify your family. Without the patient telling you to share information with a specific individual, it would be considered a privacy breach.
  • If a co-worker comes to hospital to have a baby, it would not be appropriate to share that information with other co-workers. It would not be appropriate to go and visit that co-worker on the unit unless you were called at home and advised of the admission.
  • Ask yourself: “If I didn’t work here, would I know this information?” If the answer is “NO” then you should not be sharing this information with anyone unless they are providing current care to the individual.


See PHIA training

Related articles

Related articles: