Practice Standards set out requirements related to specific aspects of nurses’ practice. They link with other standards, policies and bylaws of the BC College of Nurses and Midwives and all legislation relevant to nursing practice.
Nurses1 have ethical and legal responsibilities to protect clients’ privacy and the confidentiality of clients’ personal and health information. When clients entrust their information to a nurse, they expect and rely on it being kept confidential.
Federal and provincial legislation protects a person’s right to privacy and confidentiality of personal and health information. The specific legislation that applies to a nurse’s practice depends on the work setting and the nature of the work. The BCCNM Bylaws (specifically Part 6, Division 5) provide additional direction.
Employers and self-employed nurses are responsible for providing the necessary supports and systems to meet the legislated requirements for the collection, storage, use, and disclosure of personal and health information.
Nurses know which specific legislation applies to their practice and follow legislated requirements.
Nurses collect, use, and disclose personal and health information only as required to meet their professional responsibilities and/or legislated requirements, or as authorized under the bylaws.
Nurses access personal and health information only for purposes that are consistent with their professional responsibilities.
Nurses ensure that clients (or substitute decision-makers) are aware of their rights concerning their personal and health information.
Nurses ensure clients (or substitute decision-makers) have consented to the collection, use, and disclosure of their personal and health information, unless collection, use, or disclosure without consent is authorized by legislation or under the bylaws.
Nurses share relevant personal and health information with the health care team. They explain to clients how this information is shared with other members of the health care team.
When disclosure of personal and health information is required, nurses restrict the information disclosed and the number of people informed to the minimum necessary to fulfill legal, professional, and ethical obligations.
Nurses disclose a client’s personal and health information to the appropriate authority if there is a substantial risk of significant harm to the health or safety of the client or others.
Nurses comply with any legal obligation to disclose confidential information imposed by legislation or required under a warrant, court order, or subpoena.
Nurses safeguard personal and health information learned in the context of the nurse-client relationship, and disclose this information outside of the health care team only with client consent or when there is an ethical or legal obligation to do so.
Nurses respect clients’ (or substitute decision-makers’) right to access their own client records and to request correction of the information if they believe there is an error or omission.
Nurses take action, including following organization policies, procedures, or restrictions, if others inappropriately access or disclose a client’s personal or health information.
Nurses ensure they do not discuss confidential information in public areas or online forums (e.g., social networking website).
Identify and familiarize yourself with the privacy legislation that applies to you or your organization. Review the BCCNM Bylaws, especially the provisions of Part 8 relating to privacy and retaining records. Seek out support from people within your organization who are designated to manage privacy issues and/or health records.
Do not access personal or health information for any purpose that is inconsistent with your professional responsibilities. This includes your own, a family member’s or any other person’s information.
Recognize that the same privacy and confidentiality principles apply whether the information is written or electronic.
Review your organization's policies, procedures, or restrictions related to:
the collection, use, and disclosure of personal information and relevant consent
access to client records
storage, retention, transportation, and disposal of client records
how to contact the privacy officer
Collect only information that is necessary and appropriate for your client and recognize that confidentiality does not cease once the client is discharged or dies, but is indefinite.
Inform clients, preferably at the beginning of their care, about the limits of confidentiality, and to whom they can speak if they have questions.
Ensure that you have consent from the client (or substitute decision-maker) before sharing information about the client with another health care professional, when there is any uncertainty about whether they are a part of the client’s health care team. Follow your organizational policies, procedures, or restrictions on documenting consent and when determining with whom information can be shared.
Be aware that information gained about a client in one setting is not always transferable to a different setting without the client’s consent, unless there is specific legal authority to do so.
Know when, how, and what client information to share with health care professionals inside and outside your organization to enable continuity of care. Consider what information will be required for the delivery of safe and ethical care to the client.
When making decisions about disclosing confidential information without the client’s consent, consider the following:
Does a law require me to disclose this information?
Is disclosure without the client’s consent authorized by the BCCNM Bylaws (see section 183)?
Should I encourage and support the client to disclose the information before I do? What reason do I have for not doing so?
If I am concerned about the risk of harm to clients or others, can I justify the weight I have attached to both the magnitude and the probability of harm?
With whom am I permitted to discuss this issue?
If I believe compelling circumstances exist that affect anyone’s health or safety, who is the most appropriate person to receive this information? Do I have the authority to disclose this information or do I need to involve the designated individual in my organization?
Do I have enough information and the appropriate skills to act on my decision or do I need further advice or consultation?
Know who your client is and who has authority to consent on the client’s behalf (e.g., if they are a minor, or if there is a substitute decision-maker).
When a child who is deemed capable of making health care decisions has consented to health care, do not release health care information to others (including the parents) without the child’s consent, unless there is a legal obligation or compelling circumstances that affect the child’s health or safety. These issues can be complex and may require consultation with knowledgeable colleagues and, if applicable, your employer or privacy officer.
If you are concerned that a client poses a risk of harm to themselves or others, report it immediately to an appropriate person and follow any relevant organizational policies, procedures, or restrictions.
Know what to do if clients ask to look at their records or request a correction to their records. Organizational policies, procedures, or restrictions should provide clear direction. If they do not, speak to the privacy officer or health records manager in your organization.
If you are required by law to disclose a client’s personal health information, you must follow that law. Inform your employer, and seek advice from your insurer or legal counsel as appropriate.
Know and follow your organization’s policies and procedures for assessing and reporting situations in which you suspect abuse or neglect of children or adults. Decisions to report may not be straightforward. Consult with knowledgeable colleagues when possible. These situations may include:
When a child is in need of protection under the Child, Family and Community Service Act.
When a vulnerable adult is in need of support and assistance under the Adult Guardianship Act.
If you are engaged in research, understand and follow legislated requirements and use guidelines that address the ethical conduct of research to inform your practice.
In the event of a security breach, take appropriate measures to address the issue as soon as possible after the breach is discovered. Know what your organization’s policies, procedures, or restrictions state.
Intervene if others fail to maintain client confidentiality. Consider if the most appropriate action is for you to discuss your concerns directly with the person or to report it to someone senior in your organization. If your concerns are not addressed or if you decide it is not prudent to discuss your observations and concerns directly, use the reporting mechanisms in your workplace so others can take action.
Be aware of where you are and who is around when discussing confidential client information. Withholding the client’s name is often not enough to maintain confidentiality. Do not discuss client information in public areas.
Do not discuss clients or care-related events in online forums (e.g., social networking websites). Talking about care situations online may breach client confidentiality, even if the client’s name is not mentioned.
Be aware of your organization’s policies, procedures, or restrictions on the use of digital devices to collect or access personal information about a client. Doing so without consent or other legal authority may be a serious breach of privacy.
If you are documenting on a computer, always log off or lock the computer when you are finished to ensure that account access and confidential information remain secure.
“Nurse” refers to all BCCNM nursing registrants, including: licensed practical nurses, nurse practitioners, registered nurses, registered psychiatric nurses, licensed graduate nurses, employed student nurses, and employed student psychiatric nurses.
back to top
For more information on this or any other practice issue, contact BCCNM’s Practice Support Services by e-mail at email@example.com or call 604.742.6200 or toll-free (Canada only) 1.866.880.7101.
back to top