This module focuses on Privacy, Confidentiality, and Security of Personal Health Information. Move this to online module slides 11-56 Privacy, Confidentiality, and Security of Information: Annual Training 2018 – Part 4

SMGH Social Media Policy at a Glance St. Mary’s General Hospital (SMGH) understands the importance and value that social media has for community engagement, professional development and interaction with others. Staff members, physicians and volunteers who use social media are asked to use it appropriately. Read slide

SMGH Social Media Policy St. Mary’s has policies and procedures that protect the privacy of others, and inform its employees, volunteers, and physicians about the appropriate ways to conduct themselves both on and offline. St. Mary’s encourages staff to use social media on their own time, but please be aware of our policies and be respectful of patient, staff and visitor privacy at all times when engaging in social media. Click here to view: Social Media Policy Read slide

What is Appropriate and Inappropriate to Share Online? Twitter example: Appropriate: “It’s always nice to see a patient being discharged and feeling great with a smile on their face. I am proud to help make a difference!” Inappropriate: “J.P was a challenging patient, whose addictions sadly got the best of her; may she rest in peace.”   Use the same level of professionalism in your online interactions as you do face to face. Do not refer to a patient or patient group in a degrading or disparaging manner. The are appropriate and inappropriate ways of sharing your experience at St. Mary’s online.

What is Appropriate and Inappropriate to Share Online? Facebook example: Appropriate: Liking the official page of St. Mary’s or other health care organizations. Commenting on photos on the pages, or official page posts, with support, appreciation, or positive comments. Inappropriate: Participating in any group that discusses St. Mary’s patients, staff, physicians, volunteers or confidential organization policies or procedures. Despite privacy restrictions, it is still on the Internet. Read slide Understand that “liking” someone’s disrespectful comments is not much different than making them yourself.

Social Media Do’s Honour your professional obligations and personal reputation. As a health care professional, you must always respect the privacy of patients, visitors and other staff members. Be accountable in your use of social media and aware that it can positively or negatively reflect your personal and professional reputation. Respect St. Mary’s brand, reputation and values. Consider yourself a representative of St. Mary’s at all times. What you say online and offline reflects on you and the hospital. Read slide

Social Media Don’ts Don’t post anything that creates or contributes to a negative or abusive environment. Harassing, intimidating or threatening an employee, volunteer, patient or St. Mary’s as an organization in any way is unacceptable. Cyberbullying is not tolerated. Don’t breach confidentiality. Don’t reveal confidential information or anything that identifies or discloses personal health information or sensitive details of a St. Mary’s patient, visitor, volunteer or staff member without their permission. If in doubt, leave it out. Read slide

Know your Responsibilities Ask yourself the following three questions before you share ANY information Read slide

Do I Have to Know this Information to Do my Job? Access hospital information only when it directly relates to your job responsibilities and is necessary to perform your job. Read slide

Do I Have to Share this Information to Do My Job? Share hospital information with individuals only when it is necessary to do your job. Read slide

Does Anyone Else Have Access to Information Which is Not Necessary to Do Their Job? Keep hospital information secure and actively protect information from unauthorized examination or casual observation. “Hospital information” includes any information you learned while at the hospital, either verbal or written, paper or electronic. Read slide

Know your Responsibilities When using or sharing patient (or staff) personal information staff are expected to: Be familiar with the Privacy Policy and its accompanying procedures Ensure the ‘need-to-know’ principle is being met. Keep information sharing about a patient’s health information or care within the ‘circle of care’ Avoid speaking about private information in a public area Read slide

Know your Responsibilities Continued Consider whether you require express consent from an individual prior to collecting, using or sharing any personal information Know which existing legislation overrides the privacy policy and permits information to be shared without consent (e.g. Child & Family Services Act or the Substitute Decisions Act). Respond to all privacy enquiries from patients. If you need help, contact your manager or the Chief Privacy Officer Read slide

Freedom of Information and Protection of Privacy Act (FIPPA) FIPPA allows the public to request any hospital record, except personal information/personal health information of patients and staff (e.g. employment info). Be aware that all documents you create in your role at the hospital may be requested including handwritten notes on documents, voicemails and emails, minutes of meetings, incident reports. Read slide

Resources Chief Privacy Officer – Nicole Johnson njohnson@smgh.ca Ext. 1209 Risk and Privacy Coordinator – Douglas Brunton dbrunton@smgh.ca Ext. 1214 Hospital Policy & Procedures/approved forms – Intranet Information & Privacy Commissioner of Ontario www.ipc.on.ca If you have any questions or would like further information here are some resources.

Everyone is Responsible for Information Privacy, Confidentiality and Security! Make it a part of your daily work life Read slide