Healthcare Leadership Course: Patient and Family Centered Care PowerPoint
PRIVACY AND CONFIDENTIALITY
BY KEVIN BLACKMAN RN BSCN
Highlights
1. Describe the specific behaviors providers should practice to be respectful of
patients’ needs for physical privacy.
2. Describe the specific behaviors providers should practice to ensure
confidentiality of patient information.
3. Analyze a variety of clinical situations to assess how well providers are – or
are not – protecting their patients’ privacy and confidentiality.
Section 1: Introduction to Privacy and Confidentiality

Privacy is hard to come by in the health care setting.
Just think of the last time you were a patient, either in
the hospital or the doctor’s office: the first thing you
were asked to do was undress and put on a gown.
Providers need to have quick conversations with other
care team members in passing, often about the most
private details of a patient’s life. In this lesson, you’ll
learn specific skills that you should practice – with
every patient, every time – to ensure their privacy and
confidentiality.

SECTIONS 1: INTRODUCTION TO PRIVACY AND
CONFIDENTIALITY

Nurses are frequently put in the tenuous position of
being asked for patient information by patient’s
families and well-wishers. An example is another
employee checking to see how a friend is doing. On
the surface this seems harmless. But, is it really?

A key patient safety initiative is better improved labeling of
drugs and devices. IV bags and medicines are now routinely
labeled with the patient’s name, a step we take to assure we are
delivering the right care to the right patient. When they are
discarded in open trash receptacles in patient rooms, have we
compromised the patient’s confidentiality?

Busy, frequently overcrowded, hospitals are less than perfect
environments. Conversations with patients can easily be
overheard. What can we do to lessen the chances of inadvertent
disclosure?

Are we confident that we have correctly determined who "needsto-know" for every patient? How are we teaching the next
generation of caregivers to think about confidentiality? Are there
new tools we can give them?

The consumer can access almost anything on the Internet today.
Sophisticated search engines enable us to find everything ever
written about any person or topic. Equally sophisticated efforts
must be made by health care providers to prevent unauthorized
access to patient information. How much information should we
provide and what can we provide under HIPAA? What would
our patients prefer?
core concepts:
Section 1: Privacy



Privacy
Is the right individuals have, to keep information about them from
being disclosed. In other words, patients are in control of whether
others have access to them or information about themselves. Patients
decide who, when, and where to share their health information
(Erickson and Millar, 2005).
Personal Health Information Protection Act
“The Personal Health Information Protection Act, 2004 (PHIPA) governs
health care information privacy in Ontario. Information privacy is
defined as the client’s right to control how his/her personal health
information is collected used and disclosed. PHIPA sets consistent rules
for the management of personal health information and outlines the
client’s rights regarding his/her personal health information. This
legislation balances a client’s right to privacy with the need of
individuals and organizations providing health care to access and share
health information. PHIPA permits the sharing of personal health
information among health care team members to facilitate efficient and
effective care. The health care team includes all those providing care to
the client, regardless of whether they are employed by the same
organization. PHIPA requires that personal health information be kept
confidential and secure. Security refers to the processes and tools that
ensure confidentiality of information.
When using computers, nurses should refer to the Documentation,
Revised 2008 practice standard
(College of Nurses, 2009)

What is personal health information?
Personal health information is any identifying information about clients
that is in verbal, written or electronic form. This includes information
collected by nurses during the course of therapeutic nurse-client
relationships. Such information relates to the following:

Physical or mental health, including family health history

Care previously provided (including the identification of people
providing care)

A plan of service (under the Long-Term Care Act,1994)

Payments or eligibility for health care

Donation of body parts or substances (e.g., blood), or information
gained from testing these body parts or substances

A person’s health number or;

The name of a client’s substitute decision-maker. Clients do not have to
be named for information to be considered personal health information.
Information is “identifying” if a person can be recognized, or when it
can be combined with other information to identify a person. Personal
health information can also be found in a “mixed record,” which
includes personal information other than that noted above. A personnel
record containing a note from a physician or an NP supporting an
absence from work is not considered personal health information.
However, a description of the employee’s symptoms and treatment
noted by an occupational health nurse (OHN) when providing care is
considered personal health information. If the OHN’s records contain
health and non-health information, then it is a “mixed record.” For
example, the record contains a note substantiating the absence and the
employee’s symptoms and treatment. The note substantiating the
absence can be shared with the employer only if the health information
is separated from the note
(College of Nurses, 2009)
Section 1: Confidentiality
SECTIONS 2: INTRODUCTION TO CONFIDENTIALITY
Often, the words Privacy and Confidentiality are used interchangeably, but It is
important to know the difference between the two.
Confidentiality is about how we, as health professionals, use and protect
private information once it has been disclosed to us. This disclosure of
information usually results from a relationship of trust and assumes that health
information is given with the expectation that it will not be divulged except in
ways that have been previously agreed upon. Usually the agreed upon measures
include using patient information to coordinate treatment, for payment of
services, or for use in monitoring the quality of care that is being delivered.
Thus, breaching confidentiality occurs when nurses share information about
patients with people that do not have a “need to know” status covered under the
patient’s written authorization. With the increasing use of technology in
providing quality care, maintaining privacy and confidentiality can be a
challenging task, but it is the health systems’ responsibility (Erickson and Millar,
2005).
SECTION 3: THE PRIVACY AND CONFIDENTIALITY
EXPERIENCE


Hospitals and office practices are public places, often
noisy and busy. Providers are constantly in motion, yet
they are dealing with the most private aspects of their
patients’ lives. Private areas are often in short supply.
Providers need to learn and practice skills to respect
their patients’ physical privacy. And their
conversations with patients and their families should
always be treated as private and confidential.
YOUR TURN
Think about a time when you were a patient and you
felt you didn’t have enough privacy. What specific
things would you have changed about that situation?

WATCH AND ANSWER
Here are several scenarios dealing with privacy and
confidentiality. As you watch each video clip, be on the
lookout for which behaviors the caregiver does well –
and which ones he or she does poorly, or not at all.
 Privacy Example:
Waiting in the hallway https://www.youtube.com/watch?v
=rUXWWUb74Jc
 Confidentiality Example:
Pharmacy Window 2 https://www.youtube.com/watch?v
=pJx_TzK6tLg
How to Maintain Confidentiality and Privacy
Providing PFCC is a journey, and your organization may just be starting that journey. Still, any caregiver can find lots of
opportunities to practice behaviors that support patients’ privacy and confidentiality. Here are the essential behaviors
providers need to practice to respect their patients’ privacy and confidentiality:
When communicating with family members, always keep the patient’s best interest in mind. This may translate into
adequately informing long-distance family members so they are able to properly respond and support their vulnerable
loved ones.
Never assume you have the right to look at any type of health information unless you need it in order to do your job. For
example, co-workers’ phone numbers for personal reasons may be looked up by the interested party on the Internet or
the phone book. Phone numbers needed for work-related reasons may be obtained from the supervisor or the employee
database if you have been authorized for access. Always ask yourself, "Do I need-to-know this information?" Need-toKnow is defined as that which is necessary for one to adequately perform one's specific job responsibilities.
Hold your colleagues as accountable as you hold yourself when it comes to respecting patient privacy. When you see a
nurse or physician carrying progress notes on their tray in the cafeteria for others to see, gently and politely remind them
to turn them over in the name of confidentiality. When you are hearing a conversation between two care providers in the
elevator or the hospital shuttle, politely ask them to please continue their discussion in a private area.
Be a privacy mentor to nursing students just starting out in the profession. For example, keep medical records closed on
desktops, close out results on computer screens, send out text paging with minimum necessary information (last name
first initial), restrict excessive printing of health information from computers, restrict the removal of all copies of health
information from the hospital, even if reports have been de-identified.
Stand up to peer pressure when friends or neighbors ask you to do a favor by obtaining for them copies of their records or
copies of a family member’s records. Always get written authorization and follow proper procedure. In many
organizations, failure to follow proper procedures regarding release of information may result in disciplinary action, up
to and including termination of employment or suspension of privileges.
(Erickson and Millar, 2005)
Other Strategies That Should Be Considered (Privacy)
1) Use a hushed voice when speaking with patients and families or when
sharing information in public areas.
2) When possible, find a private area for talking with patients and families.
3) Consider patients’ needs for physical privacy. Before touching a patient or
conducting a physical exam, tell the patient and family what you are going to
do and ask the patient’s permission.
4) Use the environment to your advantage to convey privacy. Examples include
knocking before entering, asking the patient if it’s okay to move a curtain,
closing doors during an exam or meeting, and using a sheet to cover the
patient’s body before and after a physical exam.
(Institute of Healthcare Improvement, 2014)
Other Strategies That Should Be Considered
(Confidentiality)
Never discuss patient information in public areas – elevators, hallways, cafeterias, parking areas, or on the phone in a
patient registration area.
Only discuss patient information in appropriate staff areas, and only with staff members who need the information to
provide care.
Ask patients for permission to discuss their care with family members present. Some patients may prefer to speak with
you one-on-one about sensitive matters.
Make sure systems and staff keep patient information confidential. Angle computer screens away from public areas and
store patient printouts, lab results, insurance information, and other private paperwork out of public view.
Keep confidential all patient information including (but not limited to): patient's name, physical or psychological
condition, emotional status, financial situation, and demographic information.
Share patient information on a "need- to-know" basis according to medical necessity.
Keep confidential papers, reports, computer disks, and data in a secure place.
Retrieve confidential papers from fax machines, copiers, mailboxes, conference rooms, and other publicly accessible
locations as quickly as possible.
Use technology such as fax machines and e-mail only to support patient care activities. Do not fax information to
attorneys, employers, or patients.
Always tear or shred paper copies of documents containing patient information.
(Institute of Healthcare Improvement, 2014).
(Institute of Healthcare Improvement, 2014)
References
1)
American Nurses Association (1999). Privacy and Confidentiality. Retrieved From:
http://www.nursingworld.org/MainMenuCategories/Policy-Advocacy/Positions-andResolutions/ANAPositionStatements/Position-Statements-Alphabetically/PrivacyandConfidentiality.html
2)
College of Nurses (2009). Practice Standard: Privacy and Confidentiality. Retrieved From:
http://www.cno.org/Global/docs/prac/41069_privacy.pdf
3)
Erickson and Millar (2005). “Caring for Patients While Respecting Their Privacy: Renewing Our Commitment". The
Online Journal of Issues in Nursing. Vol. 10 No. 2, Retrieved From:
http://www.nursingworld.org/MainMenuCategories/EthicsStandards/Ethics-PositionStatements/PrivacyandConfidentiality.html
4)
Fadiman A. The Spirit Catches You and You Fall Down: A Hmong Child, Her American Doctors, and the Collision
of Two Cultures. New York: Farrar, Straus, and Giroux; 1997.
Institute of Healthcare Improvement. (2014). Retrieved From:
http://app.ihi.org/lms/lessondetailview.aspx?LessonGUID=47cbe6c7-2a70-46ed-9630b2a5bf1663b3&CourseGUID=8eb52137-21d7-4b30-afcd-fd781de6d6d5&CatalogGUID=4cc435f0d43b-4381-84b8-899b35082938
5) Merriam-Webster Learning Dictionary. (2014). Culture. Retrieved from http://
http://www.websterdictionary.org/definition/culture)
6) Mehnke A. (2009). Managing a breach in patient confidentiality. OR Nurse. Retrieved from:
http://journals.lww.com/nursingcriticalcare/Fulltext/2010/07000/Managing_a_breach_in_patient_confidentiality.12.
aspx