Part 6 – Your Working Environment

While working in the office, or remotely/from home, physicians and staff should remember that the documents and other information they create and use in their work are University records. ​

​You must still follow the Access to Information and Protection of Privacy Policy and its supporting Procedures as you create, use, store and manage University records at home. This applies to all University records including emails containing Personal Health Information (PHI).

Communicating by Email

  • PHIPA sets out rules for protecting the privacy of patients and the confidentiality of their PHI, while facilitating effective and timely care.
  • Any communication of PHI involves risk, but communicating PHI by email has its own set of unique risks.
  • These risks must be considered by physicians and staff in order to protect the privacy and confidentiality of patients

Email safeguards to protect PHI 

  • Use your work email account for work related emails (your_name@brocku.ca)
  • Include a notice in emails that information is confidential
  • Provide instructions for when email is received in error
  • Confirm recipient email address is current
  • Check that email address is typed correctly
  • Inform individuals of email changes
  • Acknowledge receipt of emails

Email between Custodians 

  • Emailing of PHI among custodians is to be secured by use of encryption
  • There may be exceptional circumstances where communication of PHI between custodians through encrypted email may not be practical (i.e. in urgent circumstances where the PHI is needed to minimize a significant risk of serious bodily harm)

Email Between Custodians and Patients

  • Where feasible, use encryption for communicating with your patients
  • Where not feasible, consider whether it is reasonable to communicate through unencrypted email:
    • Are there alternative methods?
    • Is the PHI urgently needed to minimize a significant risk of serious bodily harm?
    • Would the patient expect you to communicate with him/her in this manner?
    • How sensitive is the PHI to be communicated?
    • How much and how frequently will be PHI be communicated?

More about records and working from home

If you won the lottery…​

  • What records and information would your replacement and your colleagues need to continue your work? ​
    • Would they be able to access your files and information?​
    • Would they be able to find your files and information? ​
  • Best Practice: keep University Records in the electronic medical record system or an appropriate shared repository​
    • When convenient (Monthly? Weekly?), systematically transfer Records to a shared storage location​

Example 1:

You get emails to your_name@brocku.ca that have important information in them. If you won the lottery, your team wouldn’t know what is in these emails, or even that these emails existed. ​

Suggestion:​

Once a week, or month for paper records, transfer these emails to (for example) a team SharePoint site, and file them in a way that makes it easy to find them. ​

  • Name the file something that indicates what the email is about​
  • Be sure to store attachments separately​

*Alternative idea: transfer important emails to a shared email account – your_team@brocku.ca, and make folders in Outlook to sort emails​.

Example 2:

You create or receive files (pdfs, word docs, presentations, or anything else) that need to be kept. These are stored on your computer, then uploaded to OneDrive.  Your team doesn’t have access to your OneDrive, or even know that the files are there.

Suggestion:​

Set up a regular schedule to transfer your files to shared storage such as Shared drive or SharePoint.  Some departments might have a system that has document storage, or a different shared storage location that is appropriate (e.g. electronic medical record)

  • Name the file something that clearly indicates what the file is about
  • Include dates at the end of the file so the latest version can be found easily
    • Use the format YYYY MM DD (I.e. 2022 12 08) so that all files with the same name fall chronologically
  • Have a folder structure that will make it easy for someone else to find the right file.

 

Key Points

Minimize the amount of paper records you create to save having to dispose of them while working from home or remotely. Even hand-written notes concerning your work, or preliminary versions of documents which you might normally print for proof-reading, are confidential University records requiring secure storage and secure destruction when you no longer need them.​

  • Don’t use public computers to access PHI
  • Don’t leave devices unattended in public places
  • PHI stored on mobile devices must be encrypted
  • Use your work email account for work related emails
  • Have reasonable measures in place to preserve records
  • Find a quiet & secure location to limit unintended access to PHI (e.g. close door, wear earbuds)​​

Learn More

Click here for the next module: Part 7 – Records Management

License

PHIPA @ Brock University Copyright © by Marion Hansen, Manager, Privacy & Records Management. All Rights Reserved.

Share This Book