Five Principles for Protecting Patient Information

In practical terms, there are five principles to be considered: accuracy and completeness of the record, access to the record, security of the record, disclosure of information in the record, and consent.

1. Accuracy/completeness: physicians have a duty to ensure that the information that they collect is accurate and complete. Legislation confirms the patient’s right to review the information in his/her record and to request amendment if information is inaccurate or incomplete. (Amendments to clinical notes should be dated, and should add or correct information without altering the original dated entry.)

2. Access: patients have the right of access to information in their personal health records.

3. Security: physicians have a duty to keep records secure against unauthorized use or disclosure, and to maintain and retain records for an appropriate length of time.

4. Disclosure: physicians have a duty to control disclosure of information in the record and to ensure that disclosure is either for a legitimate purpose to which the person has consented, or that disclosure without the person’s consent is authorized by HIPA.

5. Consent: patients have the right to control what information is collected about them and to whom and for what purposes it is disclosed. Legislation governs situations where explicit consent must be given and where consent may be deemed to have been given. Legislation also governs specific situations in which non-consensual disclosure can occur.

Back To Background Materials