PHIPA 101
This term refers to any identifying information about a person’s health, care, or hospital visit — even confirming they are admitted.
What is personal health information (PHI)?
Under PHIPA, opening a chart “just to look” without needing the information for care is called this.
What is unauthorized access (snooping)?
This type of consent is required before speaking to the media about any patient information.
What is express consent?
These patients — often celebrities or public figures — are more vulnerable to unauthorized access due to staff curiosity.
What are high-profile patients?
This regulatory body can discipline nurses for privacy violations.
What is the College of Nurses of Ontario (CNO)?
Under PHIPA, this type of consent applies only when healthcare providers share information with one another to provide care.
What is implied consent?
Even if you never repeat what you saw, simply doing this still counts as a PHIPA violation.
What is viewing a chart without authorization?
This is the appropriate PHIPA-compliant response to all media requests for confirmation that a patient is admitted.
What is “I cannot confirm or deny that information”?
Hospitals may apply this type of EMR restriction to protect high-risk patients from snooping.
What is a chart lock or privacy flag?
Organizations can be fined up to this amount for a PHIPA breach.
What is $250,000?
This PHIPA rule requires nurses to disclose only the smallest amount of information necessary to fulfill a legal purpose.
What is the minimum necessary rule?
This behaviour can lead to suspension, termination, regulatory discipline, and even personal fines.
What is unauthorized access — also known as snooping?
Police can only receive PHI without consent when there is this type of risk.
What is imminent danger of serious bodily harm?
Hospitals increase the use of audit logs, privacy flags, and tighter monitoring when a patient fits this description.
What is a high-profile or celebrity patient?
When PHI is accessed without authorization, the patient must receive this from the organization.
What is a breach notification?
Details such as a patient’s diagnosis, mental status, hospital location, and even the names of their care providers are all examples of this type of protected information.
What is personal health information (PHI)?
Individuals who commit a PHIPA breach can be fined up to this amount.
What is $50,000?
Mental status, diagnosis, treatment details, and Form 1 information fall under this category of PHI that cannot be shared with police.
What is confidential clinical information?
Staff gossip and media attention increase this type of risk for celebrity patients.
What is privacy breach risk?
Investigations, EMR audits, and potential staff discipline are all required actions following this event.
What is a privacy breach?
This PHIPA principle means that if you are unsure whether you can disclose information, the safest decision is not to disclose.
What is “no disclosure without legal authority/consent”?
When a nurse suspects that someone has accessed a chart without authorization, these two actions must happen right away.
What are reporting it to the charge/manager and notifying the privacy office?
When police call requesting a mental status update, this is the first action a nurse must take before anything else can happen.
What is decline disclosure and cite PHIPA limits?
According to privacy best practices, nurses who feel pressured by media or police must rely on this legal framework to set limits.
What is PHIPA?
When refusing to disclose PHI to media or police, nurses must always do this afterward.
What is document the request and the nurse’s response?