Practice Standards set out requirements related to specific aspects of nurses' practice. They link with other standards, policies and bylaws of the College of Registered Nurses of British Columbia and all legislation relevant to nursing practice.
Federal and provincial legislation legally protects a person's right to privacy and confidentiality of personal and health information. Health care bodies and professionals are required to exercise care in the collection, use and disclosure of personal and health information. The specific legislation that applies to a nurse's1 practice depends on the work setting and the nature of the nurse's work. Relevant legislation may include: the Freedom of Information and Protection of Privacy Act; the Personal Information Protection Act; the Access to Information Act; the Privacy Act; the Personal Information Protection and Electronic Documents Act; and the e-Health Act. CRNBC's Professional Standards require nurses to function within all relevant legislation. CRNBC registrants also take direction from the College's Bylaws, Part 7 — Registrant Records.
Nurses have an ethical responsibility to safeguard information obtained in the context of the nurse-client relationship. When clients entrust their health care and health information to a nurse, they expect and rely on it being kept confidential.
Employers are responsible for providing necessary systems and supports to meet legislated requirements for the collection, use and disclosure of personal and health information.
Nurses know what specific legislation applies to their practice and follow legislated requirements.
Nurses collect personal and health information on a need-to-know basis.
Nurses ensure that clients are aware of their rights concerning their personal and health information and have consented to the collection, use and disclosure of this information.
Nurses share relevant personal and health information with the health care team. Nurses explain to clients that this information will be shared and identify to them who is on the health care team (e.g., physicians, social workers).
Nurses respect clients' rights to access their own health records and to request correction of the information.
Nurses safeguard personal and health information learned in the context of the nurse-client relationship and disclose this information (outside of the health care team) only with client consent or when there is a specific ethical or legal obligation to do so.
Nurses have an ethical obligation to disclose in situations that involve a substantial risk of significant harm to the health or safety of the client or others. In these situations, nurses use a process of ethical decision-making before disclosing confidential information. Whenever possible, this process involves consulting with knowledgeable colleagues.
Nurses comply with any legal obligation to disclose confidential information that is imposed by legislation or required under a warrant, court order or subpoena.
In all cases where disclosure of confidential information is necessary, nurses restrict the amount of information disclosed and the number of people informed to the minimum necessary to fulfill the legal and ethical obligations.
Nurses access personal and health information only for purposes that are consistent with their professional responsibilities.
Nurses take action if others inappropriately access or disclose a client's personal or health information.
Privacy Legislation, Organization Policy and You
Identify which privacy legislation applies to you or your organization. Review the CRNBC Bylaws, Part 7.
Review your organization's privacy policies. Policies address topics such as:
When the privacy policies are inadequate or inappropriate, participate in refining and strengthening them.
Know the policies in your organization regarding collection of personal information. Are there guidelines outlining appropriate collection of information from families or other third parties? Are there guidelines to use when explaining to clients the reason for gathering information? Are there guidelines for the use of photo and audio technology to collect information? Who is the contact person if clients have further questions about collecting personal information?
Inform clients, preferably at the outset of care, about the limits of confidentiality (e.g., explain that other members of the health care team will have access to information required for the provision of care and explain who is on the team).
Know when, how and what client information to share with health care providers outside your organization to enable continuity of care (e.g., prior to discharge). Consider what information will be required for the delivery of safe and ethical care to the client. Know what your organization policies state.
Know which legislation and policies apply to the consent for and use of personal or health information for purposes such as quality improvement or research.
Know who in your organization is responsible for making decisions about the release of information (e.g., privacy officer).
Know what to do if clients ask to look at their records or request a correction to their records. Organization policy should provide clear direction. If you are self-employed, follow the Personal Information Protection Act and Sections 7.18 and 7.07 of the CRNBC Bylaws.
Know your organization's policies for protecting against unauthorized access to records and retaining and disposing of client documentation.
Respecting Client Confidentiality
Be aware of other people in your work environment and make sure that confidential conversations cannot be overheard. Withholding the client's name is often not sufficient to maintain confidentiality.
Do not discuss clients or care-related events on a social networking website. Descriptions of client care situations that contain information about time, place and client characteristics may breach client confidentiality even if a client's name is not mentioned.
Cell phones with cameras and audio recorders make it easy to capture a client's image and voice. They also make it easy to show to others or post online. However, collecting information without consent or for an inappropriate purpose and then disclosing it are serious breaches of client privacy and confidentiality.
Be aware that it can be more challenging to keep information confidential when you work and live in the same community (e.g., rural and remote communities; small, discrete communities within urban centres, such as religious, gay or military communities). To address these challenges:
Store client records in your custody or control safely and securely. Take special care when transporting client records to ensure they are not lost, stolen or accessed by unauthorized persons.
Keep client information confidential when transmitting information electronically (e.g., avoid using client names if possible; check fax number and mark "Confidential" before sending).
If computerized charting is used, follow your organization's policies to ensure the privacy and security of the information (e.g., use passwords as directed; log off when leaving the computer).
Ensure that client information displayed on a computer monitor remains confidential (e.g., use a screen saver; locate the monitor in a secure area).
In the event of a security breach, take appropriate measures to address the issue as soon as possible after the breach is discovered. Know what your organization policies state. Review the CRNBC Bylaws, Part 7. If required, seek additional information from other sources (e.g., COACH Guidelines for the Protection of Health Information).
Intervene if others fail to maintain client confidentiality. Consider if the most appropriate action is for you to discuss your concerns directly with the person. If your concerns are not addressed or if you decide it is not prudent to discuss your observations and concerns directly, use the reporting mechanisms in your workplace so others can take action.
Do not access personal and health information for any purpose that is inconsistent with your professional responsibilities. This includes your own, a family member's or any other person's information.
Do not disclose information without client consent or a legal obligation to do so unless there is a substantial risk of significant harm to the health or safety of the client or others.
Use the following questions to assist you in making decisions about disclosing confidential information without the client's consent:
Be sure you know who your client is (e.g., know if there is a substitute decision-maker involved for an adult client and who that person is; know the decision-making status of a child requiring health care).
Ensure that you have consent from the client or substitute decision- maker before sharing information with family or friends of the client.
When disclosure is necessary, restrict the amount of information you disclose and the number of people you inform to the minimum necessary to fulfill the legal and ethical obligations.
Legal Obligation to Disclose
Identify which legislation is most relevant to the disclosure of confidential information in your practice setting. Legislation that may require you to disclose information includes: the Adult Guardianship Act; Child, Family and Community Service Act; Coroners Act; Health Care (Consent) and Care Facility (Admission) Act; Infants Act; Workers Compensation Act; and the Communicable Disease Regulation under the Public Health Act.
If you are subpoenaed to give evidence in court or at an inquest under the Coroners Act, restrict the amount of information disclosed to the minimum necessary to fulfill your legal obligations. The following tips for providing evidence may be helpful:
The Health Professions Act imposes a duty to report the unsafe or incompetent practice or sexual misconduct of another health professional. Formal written reports to the health professional's regulatory body should be as complete as possible, without infringing on the privacy rights of anyone else who may be involved. If concerns about sexual misconduct are based on information from a client, you must obtain the client's consent before making a report.
If you are self-employed or work on contract, be clear about which legislation applies to your practice. Make sure your practice complies with that legislation and with Part 7 of the CRNBC Bylaws. Self- employed nurses are governed by the Personal Information Protection Act. Nurses working under contract will have to refer to their contract. For example, if a nurse is under contract to a public body, the contract will state that the Freedom of Information and Protection of Privacy Act applies. If the contract is silent, the Personal Information Protection Act applies.
If you are an occupational health nurse, work with your employer to develop policies that clarify what client information is confidential and what may be disclosed under what circumstances. Inform employees of these policies at the outset of the nurse-client (employee) relationship.
If you are engaged in research, understand and follow legislated requirements and use guidelines that address the ethical conduct of research to inform your practice.
Privacy is the right of individuals to determine how, when, to whom and for what purposes any personal information will be divulged.
Confidentiality is a type of informational privacy in which one individual or organization agrees to safeguard information about another individual or organization.
CRNBC's Standards of Practice (Professional Standards, Practice Standards, Scope of Practice Standards) assist you in understanding important issues to consider in discussions about nursing practice. They are available from the Nursing Standards section of the CRNBC website www.crnbc.ca
For more information on this or any other practice issue, contact CRNBC's Practice Support Services at 604.736.7331 ext. 332, toll-free 1.800.565.6505 or email@example.com.
Information to help registered nurses and others interpret and implement privacy legislation
1 "Nurse" refers to the following CRNBC registrants: registered nurses, nurse practitioners, licensed graduate nurses.
back to top
Case Studies & More
Privacy and Confidentiality Web Module
For further information on the Standards of Practice or professional practice matters, contact us: