Confidentiality Awareness Week, organized by the Association des gestionnaires de l'information de santé du Québec (AGISQ), will be observed in all Quebec healthcare institutions until Saturday, November 26. Confidentiality is defined by the International 
Organization for Standardization (ISO) as "ensuring that information is accessible only to those with authorized access", which is why it is a cornerstone of information security. In some jurisdictions where the law officially recognizes confidentiality, violations are usually penalized.
It should also be noted that health information managers are medical archivists in each CISSS and CIUSSS. They make us aware of the need for confidentiality and for respect for our users’ privacy. This is their right and our obligation.
Information capsules about confidentiality and the protection of personal information will be published throughout the week in The Bulletin and in the Employees' Corner.
Politique de gestion et confidentialité du dossier médical de l’usager
This document (French only) deals with our CIUSSS’s obligation with respect to confidentiality. Medical archivists are allies who are available to assist you in any of your processes that involve handling the personal data of our patients and other users.
Quick reference guide about the confidentiality of health information
Every person has the right to privacy—a fundamental right guaranteed by the Charter of Human Rights and Freedoms and by the Civil Code. The user's right to the confidentiality of his or her medical record and personal information also translates into small daily gestures that can make a big difference.
Conference on confidentiality of personal information
The Medical Records team is inviting you to a conference on Tuesday, November 22, from 11:00 a.m. to 12:30 p.m., entitled Confidentialité et la Sécurité des renseignements personnels dans Teams et Sharepoint.
The speaker is Jeanne Darche, Archivist in Document Management, at the Institut national de la recherche scientifique. She will address issues such as confidentiality, security, sharing, retention of clinical information, and the impact of Bill 25 in the use of Teams and Sharepoint.
- For more information about Jeanne Darche,
see this Word document (French only). 
Presentation by Jeanne Darche - November 22 (French only)
The Loi modernisant des dispositions législatives en matière de protection des renseignements personnels, in force since September 22, clarifies and reinforces the obligation to ensure the confidentiality of health information. Section 8 of this bill requires each healthcare institution to appoint someone responsible for protecting personal information and someone responsible for access to documents. In our CIUSSS, they are:
- Protection of personal information: Chantal Desmarais
- Access to documents: Chantal Desmarais (users’ files) and Beverly Kravitz (administrative documents)
Each CIUSSS is required to inform the Commission d'accès à l'information du Québec (CAI) about these appointments. Our CIUSSS also had to confirm the existence of a confidentiality incident log. Each incident that has a serious impact on the confidentiality of a patient or other user must now be reported to the CAI. Finally, a new framework is now in place for any type of research, study or statistical production project that requires personal information to be communicated without the consent of the person concerned.
- Bill 25 – the protection of personal information (French only)
- Commission d’accès à l’information du Québec (French only)
Protecting health information means protecting the data and content of patients’, residents' and clients' records. It also means ensuring that data is available only to those who have the right to access it in the course of their duties and roles in caring for or serving consumers. It means taking reasonable steps to ensure that the content of a record is not lost, stolen, altered or damaged. In our CIUSSS, the medical record of patients, clients and residents consists of various types of data, grouped in a variety of documents. This information is highly confidential and of crucial importance to those who entrust it to us.
Quebec’s law regulates the collection, retention, use and communication of data. It recognizes the right of citizens to access and correct any data that involves them. It also entrusts an independent tribunal, the Commission d'accès à l'information, with the responsibility of deciding disputes.
Every day, it’s our responsibility to ensure that we act in a confidential manner and question the way we handle the information we process. Poor information management can, indeed, lead to risks.
Although protecting passwords is necessary, this becomes useless if a computer screen is not protected or is easily accessible. Furthermore, we accomplish nothing simply by saying that access to a database is restricted, if the provider has not set any limits and offers no guarantee as to the security, integrity or use of the data. Nor is it sufficient to say that you need permission to access a great deal of data, and then let that data be accessed or used without consent.
We need to be careful and make sure we question every instance of access, as if it were the key to our home. Are we confident about being able to put this information in the hands of someone else, as well as when and how we do so? Does any information need to be verified or validated?
When in doubt, refrain. Contact a medical archivist who will be happy to assist you.
Whenever a third party (or someone identified as a third party) transmits information in the absence of a patient, resident or client, the care that the user receives can be improved, even though the user does not know about or have access to the information. However, healthcare professionals must be cautious about handling and protecting sensitive information that has been collected in order to treat the consumer. At all times, healthcare professionals must avoid breaching the confidentiality of users or their records, so as not to destroy the bond of trust with the third party who is involved.