You are waiting test results from a diagnostic test that was performed on you last week and you are concerned. You follow up appointment is not for another 2 weeks to get the results, but you know that you can access them through your electronic health records access at work.
Do you access your own results on the electronic health record?
Melanie, an RN, has access to the electronic health records system(s) through their employer.
Melanie’s father has recently attended to his own health care provider and required diagnostic testing. Melanie’s father voiced concern to Melanie as he has yet to receive the results from the diagnostic testing and his health care provider is away on holidays.
Melanie knows she can access the results of her father’s diagnostic testing through the permissions/access granted to her by her employer. On her next shift, she decides she will access her father’s health records while he waits for his health care provider’s return.
Should Melanie access her father’s diagnostic testing record?
Denis is a RN who works in public health.
Denis, his family, and a few friends are attending a destination wedding. Having appropriate vaccines for their travel destination is recommended. He decides to access the personal health information of each person attending the trip to determine if they have the recommended vaccines
Is Denis’s access of the vaccine records of his family and friends appropriate?
Maintaining privacy and confidentiality is a fundamental expectation of an RN, RN(AP) and RN(NP)’s practice. References to these principles are found in the Entry Level Competencies, the Practice Directions: Practice Expectations for RNs and the Code of Ethics.
RNs have direct access to personal health information through a variety of platforms (in both paper and electronic versions) and software.
Personal health information is defined in the Personal Health Information Act as:
“personal health information” means recorded information about an identifiable individual that relates to
(a) the individual’s health, or health care history, including genetic information about the individual,
(b) the provision of health care to the individual, or
(c) payment for health care provided to the individual,
(d) the PHIN and any other identifying number, symbol or particular assigned to an individual, and
(e) any identifying information about the individual that is collected in the course of, and is incidental to, the provision of health care or payment for health care;
RN, RN(AP), and RN(NP)’s may find themselves in circumstances where they believe they can access their personal health information, the personal health information of family members, or even others who are not in their professional care.
Before you do: STOP!
There are serious consequences if you access the health records of individuals who are not in your care. Critical thinking is important.
Looking up your health record is not appropriate. Doing so is taking advantage of your privileged access, your knowledge of the health care system, and the position you hold as an RN, RN(AP), and RN(NP) to access information that is not readily available to the public.
Similarly, looking up Melanie’s father’s health record is not appropriate. While she may have access to that information, she does not have a legitimate need to access her father’s health record. If she wished to access it, she must follow the proper process to have access, which may include requesting information from her father’s health care provider.
Denis does not have a legitimate need to access the health record of his family and friends; his access would be inappropriate and in violation of their privacy. Even if he did have their permission to access it, he does not have a legitimate need to access this information. Instead, he might have considered speaking directly to his family and friends to determine if they have the proper vaccines prior to travel.
In all scenarios, the RNs would have violated their professional obligations and responsibility to abide by provincial legislation and comply with the College’s Practice Directions: Practice Expectations and Code of Ethics. Failure to comply with professional obligations and responsibilities may result in the College being notified and further action taken.
Privacy relates to the right of each person to have personal health information kept confidential and secure by the trustees who collect and maintain it. Maintaining the confidentiality of a client’s personal health information is an important component of a nurse’s professional, legal, and ethical obligations. If clients fear that their personal health information will be disseminated beyond those that have a legitimate “need-to-know”, they will be hesitant to disclose their personal health information.
The public and clients need to be confident that their most personal health information and basic dignity will be protected and safeguarded by the registered nurse. This includes electronic health information. RN, RN(AP), and RN(NP)’s are trustees of that information. Any breach of this trust, even inadvertent or well-intentioned, can damage the particular nurse/client relationship and the general trustworthiness of the profession of nursing.
The public requires assurance that registered nurses will protect their health information and not access information they have no legitimate need to access, regardless of motivation.
Relevant Entry Level Competencies:
Registered nurses are professionals who are committed to the health and well-being of clients. Registered nurses uphold the profession’s practice standards and ethics and are accountable to the public and the profession.
2.4 Maintains client privacy, confidentiality, and security by complying with legislation, practice standards, ethics, and organizational policies.
Relevant Practice Expectations:
Registered nurses are accountable and responsible for nursing practice that is informed by evidence and demonstrates competence. As an RN, you must:
13. Demonstrate professional responsibility in protecting personal health information.
Registered nurses recognize, promote and uphold the ethical standards of the nursing profession. As an RN, you must:
20. Distinguish digital technology/applications that enhance nursing practice from those that breach practice expectations, practice directions or the Code of Ethics in order to only appropriately use technology/ applications (e.g. social media).
Relevant Code of Ethics
E. Maintaining Privacy and Confidentiality
Nurses recognize the importance of privacy and confidentiality and safeguard personal, family, and community information obtained in the context of a professional relationship.
- Nurses respect the interests of persons receiving care in the lawful collection, use, access and disclosure of personal information
- Nurses respect policies that protect and preserve the privacy of persons receiving care, including security safeguards in information technology
- Nurses do not abuse their access to information by accessing the health records, including those of a family member of any person, for purposes inconsistent with their professional obligations.