Your Privacy & Confidentiality

Electronic Communications

If you are communicating with Island Health using electronic communications (e.g. email, text message, video conferencing applications, please read more about potential risks and how you can protect your information.


What is Information Privacy?

Information Privacy refers to the right of an individual or data subject to determine with whom their personal information is shared, under what circumstances and to know of and exercise control over the use and disclosure of, and access to, that information.

In addition to it being our legal right, privacy is an ethical and personal value that has different interpretations for each individual based on our age, gender and societal norms.  In other words, what’s private to one person may not be to another person. While one person may share personal details of his or her health history in 5 minutes, another may not wish to disclose anything.

What is Confidentiality?

Confidentiality refers to the responsibility or obligation of an individual or organization to ensure that personal and confidential information is kept secure and is collected, accessed, used and disclosed appropriately.

It is a human process involving sharing of private information and the appropriate management of that which is entrusted to us.

What is Information Security?

Information Security refers to the three principles that Island Health, as data custodians, apply to the information in our custody & control whether in hard copy or electronic format: confidentiality, integrity - ensuring the information is correct, and availability of the information.

Computer Security is based on three concepts: identification (who are you?), authentication (prove it!), and authorization (we know who you are, what privileges do you have?).

Does Island Health have a policy about privacy and confidentiality?

Yes, Island Health is legally responsible to protect the privacy of personal information under our custody and control. We have several policies that provide a framework for the consistent management of personal and confidential business information collected, used, disclosed and protected by the Island Health in accordance with the principles and requirements of various legislative Acts, including but not limited to the Freedom of Information and Protection of Privacy Act (FIPPA), professional bylaws, privacy codes and standards of practice.

Key information management policies include:

Why does Island Health collect personal information about me?

We collect your personal information to assist us in providing you with care and services. We also require your information to determine your eligibility for various benefits and services.

Caring for Your Information - Patient Notification Sign

Under FIPPA, Island Health is obligated to notify you about the reasons for the collection and use of your personal information. Island Health meets this requirement through its Notification Sign (see above link) posted at all facilities detailing the authority under which we can collect information. Upon admission, it is important to ensure you review the sign and have the opportunity to ask questions about our management of your personal information.

Why does Island Health collect personal information about its employees? 

We collect and handle the personal information of our prospective, current, and former employees and medical staff (the Employee) to manage the employment or service relationship with the Employee and for other purposes authorized or required by Canadian law.  

We notify Employees of these purposes through our “Employee and Medical Staff Notification” sign which is publicly posted here, internally accessible to Employees on the intranet and posted in Human Resources departments. 

Island Health takes the privacy and security of Employee personal information very seriously and handles it in a confidential, sensitive and secure manner in compliance with law.

The “Employee and Medical Staff Notice” applies to all staff and medical staff as defined in the Island Health Policy Framework including all employees (including management, leadership), health care professionals, volunteers, students, contractors, service providers, physicians, dentist, midwives and nurse practitioners.

Please ensure you take a moment to familiarize yourself with Island Health’s “Employee and Medical Staff Notice” and the mechanism noted in it to ask questions about our management of your personal information.

Is my personal information kept private in Island Health?

We take the privacy of your personal information very seriously and have employed measures to ensure your personal information is treated in a confidential manner according to FIPPA.

Our Notification Sign (see above link) about the collection, use and disclosure of your personal information highlight the reasons under which we may share your information.

What education is provided at Island Health to ensure employees understand how they should be handling personal and confidential information?

Island Health offers a variety of education to employees regarding handling personal and confidential information, which includes mandatory privacy education upon hire through New Employee Orientation training, targeted educational initiatives such as the annual Privacy and Security Awareness Week, in-service education and training, and specialized educational tools based on role and specific privacy-related topics.

In addition to this, as of June 2016, all Island Health staff, physicians and agents are required to take a new foundational privacy education course, called the Confidential Information Management (CIM) education module and sign its Terms of Use Commitment.

The CIM education module is based on Island Health’s foundational privacy policy 16.6.2 (Confidential Information Management Code of Practice) and sets out basic practice behaviours and decision supports to enable staff to confidently handle personal and confidential information, in both a paper and digital environment. The module increases information handling literacy by helping staff apply the law, various information handling standards and practice principles to their day-to-day work activities.

There is a requirement that the CIM education module be refreshed annually, including re-signing its ‘Terms of Use Commitment’ each year.

What is consent?

Consent means voluntary agreement by a person in the possession and exercise of sufficient mental capacity to make an intelligent choice to do something proposed by another; it supposes a physical power to act, a moral power of acting and a serious, determined and free use of these powers [Black’s].

For example, consent is given when a mentally sound individual chooses to allow another individual to receive information and/or records pertaining to them and understands the implications of that decision.

For more information about consent as it relates to information sharing, contact the Information Stewardship, Access and Privacy Office. For more information about consent in general, contact the Risk Management Office.

What is authorization?

Authorization is the act of officially approving or sanctioning an individual(s) to complete an act on behalf of an individual or agency. For example, a lawyer may provide written authorization from a client to act on his/her behalf or a client may provide a family member with the authority to act on his/her behalf should the client become mentally incapable of making decisions.

Authorization can also be in the form of a statutory authority, outlined in legislation, of an outside agency (e.g., MCFD, Police, WCB, Coroner) to access and obtain information about a specific individual. Typical forms of legal authorization to act on behalf of another individual include: Committee of Person; Committee of Estate; Will and/or a Representation Agreement.

I think that my health record or personal information wasn’t kept private while I was receiving care or services from Island Health. What can I do?

Please contact the Information Stewardship, Access and Privacy Office to discuss your concerns.

Electronic Health Records

What is the electronic health record?

An electronic health record is a computerized version of the paper health record that is used to document your care over time in the same way as the paper record.

A major advantage of an electronic health record is that it allows authorized health care providers to access necessary information about you in a timely fashion to support safe and effective health care.

Island Health currently uses both paper and electronic mediums to document your personal health information.

How does Island Health ensure that patient, client, and resident information contained in electronic or paper records is kept confidential?

Strict physical and electronic security protections are in place to ensure only those individuals with the proper authority are accessing your record. Our staff are trained in confidentiality and security procedures during their orientation to Island Health and have ongoing educational opportunities in confidentiality, privacy and security responsibilities.

All staff members are required to sign a confidentiality acknowledgement form and adhere to Island Health confidentiality policies. As well, random audits are done to ensure ongoing appropriate access to patient, resident and client health records.