Department of Medicine
School of Medicine Queen's University

News, Innovations and Discoveries Blog

Patient Privacy: A call for a cultural and architectural revolution in healthcare

The Oxford English Dictionary defines privacy as: A state in which one is not observed or disturbed by other people: she returned to the privacy of her own home or The state of being free from public attention:a law to restrict newspapers’ freedom to invade people’s privacy

This blog is written to remind doctors, doctors in training, secretaries and others who have access to health care records about the risks of inappropriately accessing health care records. This reminder is not reflective of any belief that providers had malicious intent; rather it is inspired by my observation that there is a dangerous disconnect between privacy rules and practitioner attitudes and understanding. To be clear, privacy legislation, the Personal Health Information Protection Act (PHIPA) is strict and is increasingly being enforced; in contrast, practitioner attitudes are often nonchalant and ill-informed.  Many well intentioned healthcare professionals do not fully understand what constitutes a privacy breach and the seriousness of privacy violations. As a result, there are increasingly stories of relatively innocent or even well-intention violations of privacy leading to harsh punishments. The ease of intentionally or inadvertently violating health care privacy rules is increasing at a time when the ability to detect such violations is becoming easier, the punishments stiffer. At the same time, the public tolerance for breaches has greatly diminished.

As physicians and health care workers we may feel nervous about the tone and unintended consequences of privacy regulations. However, make no mistake, snooping breaches are devastating for patients. Intruding on an individual’s expectation of privacy is not trivial; it undermines their trust both in their health care provider and in the health care system. Trust is an essential part of the healing process. If the patient cannot rely on the practitioner and the health care system to guard their most private information it is unlikely that they will engage in the disclosures required to allow a fulsome understanding of their condition.

Evidence of the societal mores and legal statutes that are meant to protect patient privacy can be found in the headlines. The first high profile case involved two health workers who were convicted of snooping into the files of Toronto’s late mayor, Rob Ford. They were convicted under the province’s health privacy law and fined $2505 each, per an article in the Star by May Warren.


Since then the stakes have risen. A $3 million lawsuit was recently filed by Katie Mallinson claiming that her sister inappropriately accessed her health care record.



If you snoop, don’t expect much sympathy from hospitals, the privacy commissioner or the College of Physicians and Surgeons of Ontario (CPSO). The zeitgeist in Ontario is strongly pro-privacy. The hospitals have little tolerance for privacy violation for several reasons, not the least that they are often named in privacy violation suits and may be held responsible for damages. For example, in the Mallinson suit both Trillium Health and the doctor for whom the alleged snooper worked are also named. Trillium Health acknowledges that 6 patient files, including Ms Mallinson’s,  were inappropriately accessed. While the disposition of this case is unknown, it is concerning that the activities on a single alleged snooper are involving her physician and hospital system in a painful and expensive legal exercise.

In a recent Toronto Star article one can read the views of Mr. Beamish, Ontario’s Privacy Commissioner. The message is clear, he wants a cultural change in terms of patient privacy and is approaching this through a legal mechanism. Mr. Beamish has placed an emphasis on stiffer punishments for violators and has referred a number of cases to the Ontario Attorney General.

privacy guru

Alex Bignall, a reporter for the Star noted on July 4th 2016 that the CPSO disciplined a physician for inappropriately accessing the electronic medical records of two non-patients. The physician reportedly had his college certification suspended for five months, was required to participate in medical ethics training, and was ordered to pay $5,000. The same article reports that the College of Nurses of Ontario punished a nurse for unprofessional conduct after finding that she improperly accessed the health records of 6,000 patients. A nurse at the Peterborough Regional Health Centre (PRHC) was recently found guilty of professional misconduct for accessing 285 patient files without consent or authorization. She received a four-month suspension and a formal reprimand from a disciplinary panel at the College of Nurses of Ontario.

The Privacy Office is also the place to go if you (or your patients) want information about our policy at  Kingston General Hospital.

Privacy and Freedom of Information Office

Kingston General Hospital

76 Stuart Street

Kingston, ON K7L 2V7

Phone: (613) 549-6666 ext 2567

Fax: (613) 548-2445


Our Privacy Officer is Ms. Karen Hanewich. Privacy offices in hospitals are guided by The Freedom of Information and Protection of Privacy Act (FIPPA). FIPPA provides individuals with the right to:

  • access their (non-health) personal information held by the hospital;
  • access general records about the management and operation of the hospital;
  • correct their personal information.

It also protects them for inappropriate access to their records. Note the word being access-the standard is not whether any action or dissemination of inappropriately acquired information occurred; simply inappropriately accessing information is a violation of the privacy standards!


KGH and HDH have an integrated privacy office and their policies can be found on line. They tell the public that their health care data can be used for the following purposes indicated in the KGH information page below. Their information can also be used for IRB approved research(for which they have consented).  Patients can also have their record locked, which limits access (although this option is rarely exercised, perhaps out of fear it may make access by practitioners who are trying to help the patient more cumbersome and onerous).

bloh kghng

Our privacy office (like all such offices in the province) now perform routine audits of health care records looking for snooping and other privacy violations. Some audits are routine (i.e. every x/cases are audited) and some are targeted (i.e. files related to deaths or illnesses of prominent community members or celebrities). If a celebrity (loosely defined) is admitted to hospital audits will be performed proactively looking for privacy violations. The consequences for being found to have “snooped” (examined a chart when one is not in the circle of care without appropriate consent) are serious and so it is important to be aware that it is not only wrong to look-it is dangerous. Employees are often summarily dismissed and the individuals whose files was accessed are notified of the privacy breach by the hospital. This opens up the potential of civil litigation by the individual whose file was accessed against the health care worker who did the snooping. Moreover, new legislation has raised the stakes. It is now mandatory to report privacy breaches to the privacy commissioner, and fines for snooping have increased ($100,000 for individuals and $500,000 for organizations). The new legislation also removed the requirement for PHIPA charges to be laid within six months of an alleged snooping incident. PHIPA refers to Personal Health Information Protection Act, 2004, an Ontario law that governs the collection, use and disclosure of personal health information within the health sector. The object of PHIPA is, “To keep personal health information confidential and secure, while allowing for the effective delivery of health care.” Some would argue it focuses more on the former than the latter.

The CPSO and hospitals have strict rules supporting a patient’s right to privacy and it is important for all of us to recognize this expectation. The CPSO policy states “A physician can only disclose his or her patient’s personal health information:

  •  when he or she has the patient’s or substitute decision-maker’s consent and it is necessary for a lawful purpose;
  •  where it is permitted under legislation, without the patient’s or substitute decision-maker’s consent; or
  • where it is required by law.”

The CPSO does acknowledge that in emergencies, such as when the access is required to protect the patient’s health or the health of others (if the patient is putting others at risk) exceptions can be made.

While no one condones overt or intentional violation of privacy rules, health care is sometimes messy on the front lines. The new emphasis on privacy has engendered fear of inadvertently violating the evolving rules. This has created frustration and concern by well-meaning physicians (and others) who are trying to deal with communication in a complex health care system. Legislators do not understand the complex means by which providers are contacted and while no one defends snooping, physicians worry well intentioned provision of opinions or advice on patients who are not their own could be risky.

 You can access records to:

 Find a referred patient: It is understood the brief chart access of the wrong patient may occur as one attempts to find a referred patient. This commonly occurs for patients with a common name

 Provide advice for a colleague: Curbside consultation is an important means of improving care.

 To conduct an approved research protocol

KGH notifies patients that their records may be used for the following purposes:


To protect our patients and address the dangerous disconnect between the rules (which are strict) and the angst of providers (which is growing) I offer some simple guidelines:

Don’t access records of:

  1. Patients whose care you are not involved with (even when requested by the family).
  2. Friends and family members.
  3. Your own records (although you are entitled to receive them if you request this form the practice/hospital) in advance.
  4.  Celebrities.

Don’t access records for the purpose of: Looking up personal information on colleagues (such as their address, birth dates etc.) even if the motivation for doing so is meant to be positive.

Form and function of a hospital in the new privacy era: Finally, there are many ways in which we might inadvertently violate patient privacy and-not all of them relate to snooping in the electronic health record. As physicians we need to be mindful of where sensitive conversations are occurring and avoid holding sensitive conversations in public space, elevators and hallways outside patient rooms. Likewise we need to close the door of the room when dictatating patient notes. There is however a disconnect between the system’s tolerance for electronic privacy vs a passivity and tolerance for the loss of privacy which occurs because we continue to house patients in multioccupant hospital rooms and are increasingly housing health care staff in common workspaces where conversations and data cannot be deemed private. Unlike the electronic snooping, which is the responsibility of the individual practitioner, these structural deficiencies are the responsibilities of hospitals and the funders of health care. Such problems of hospital design and architecture should be tackled by the privacy commissioner and hospital privacy committees with the same rigour as is applied to policing individual practitioner.

Thus we need a revolution not only of culture, to value patient privacy, but of hospital architecture and functional planning, to facilitate patient privacy by eliminating double rooms and eliminating emergency room beds that are separated one from another only by a curtain. The Ministry of Health and hospitals also need to provide physicians with appropriate private spaces for dictation and teaching if they truly value privacy.


Revisiting the architecture of patient wards throughout the years provides us with a clear picture of where our healthcare system needs focus. Below is the “Nightingale Ward” which regularly housed 25-30 beds arranged around the periphery of a large ward. This open concept ward promoted the idea of good air flow for patient’s and good line of sight care by the nursing staff. Privacy was a non-existent entity in this ward setting. I worked in just such a ward at the old Minneapolis VA Medical centre. In this collaborative setting patients, separated only by curtains, often contributed details to each others history and vicariously experienced each others physical examinations and family conferences!


Nightingale Ward Layout


Looking to current day layouts, specifically as seen below at Brigham Women’s Hospital in Boston, MA, where the rooms are private (and even boast a separate adjacent family room), we can see a clear goal for a hospital design that puts patients and their privacy first. The private room architecture allows for patient privacy and the protection of health information. This is an obvious improvement, from a comfort and privacy perspective, over the Nightingale Ward.



Brigham Women’s Hospital Private Room


Thanks to Ms. Jill McCreary and  Ms. Karen Hanewich for their editorial input.


I look forward to your comments.





7 Responses to Patient Privacy: A call for a cultural and architectural revolution in healthcare

  1. Chris Frank says:

    I have always loved the contradiction that we are admonished about saying a patient’s name aloud but then discuss intimate details in the hall on ward rounds. If we want to improve the amount of time spent doing bedside rounds (rather than “paper rounds”) then we need to change our current approach with privacy in mind.

  2. Stephen Archer says:

    Dear Chris

    I couldn’t agree more-provide a full EHR and doctors won’t transport paper charts; provide teaching rooms and hallway conversations are decreased…hospitals need to respect Chicago architect Louis Sullivan’s adage that “form must ever follow function”!

  3. Ed Iliescu says:

    Difficult issue for hemodialysis units across the country.

  4. Richard van Wylick says:

    Thank you Stephen for a great blog. The landscape has clearly changed in Ontario privacy practice. Important, indeed. Many legitimate practices of the past may now be seen as wrong, and addressed harshly. An EHR that allowed better filtering of information and targeted searching would help too. Many now live in fear of reprisal for legitimate or inadvertent access seen otherwise.

    • Stephen Archer says:

      Dear Richard:

      Good point. Many physicians are legitimately concerned that there is a lack of understanding about the role we play and the many legitimate and often undocumented ways we have helped people with their health care. Thus they worry we may be inadvertent violators of privacy legislation. The law (and more importantly the culture around the law) needs to rapidly evolve so that there is not a pervasive presumption of guilt and that true, intentional violations of patients privacy and not conflated with legitimate efforts to advise, educate and consult. I also believe care must be taken to make the “punishment fit the crime”: in other words, that counseling and education be used rather than litigation and humiliation for people who are found to have made errors in judgement and violated privacy. In cases that a egregious punishment may be a first line approach…but for everyone of these cases I suspect there are many more examples of acting in ignorance but without malice. Any new law (or in this case new punishments and new levels of enforcement) requires education. The goal is afterall not to punish more offenders; it is to better protect patient privacy while providing health care. Thanks for your comment.

  5. Joel Parlow says:

    Stephen, your comments on architecture are really critical. But there’s more to it: despite every effort to provide somewhat private interview spaces in the preoperative areas, I virtually daily see attending and house staff questioning and even examining patients in the busy waiting areas, with other patients and their families right next to them listening and watching. The patients being interviewed awkwardly answer personal questions, in too vulnerable a situation to object. Same for examining patients in individual bays without the effort of pulling the curtain. Laziness? Arrogance? Obviously this involves a minority of staff, but our modeling these practices for our learners does little to enhance professionalism and respect for privacy. Blogs like this are a great vehicle for keeping these issues current in the minds of all hospital workers.

    • Stephen Archer says:

      Thanks Joel: A great point. It reminds me of the old saying, “If these walls and ears…” The walls of hospitals do have ears and it is shocking what they must hear. Architecture is only part of the solution-as your comment reminds me we have to actively think about privacy as part of our culture. We will then be more likely to remember to close the door when we dictate notes and will try more diligently to sequester the patient to ensure their privacy, particularly when asking sensitive questions. Taking a history is as revealing as doing physical exam…and neither should be done in a hallway!

Leave a Reply

Dr. Archer, Dept. Head
Dr. Archer, Dept. Head