Skip to main content

Privacy & Security

Protecting patient privacy is a top priority. Security measures and privacy policies and procedures are designed to ensure only authorized healthcare professionals have access to clinical information.

CareConnect is designed to ensure personal information about patients is protected from unauthorized access or use, with the following security features:

Enrollment and registration processes confirm:

  • User identities.
  • Permission has been obtained before an access account is created.
  • All user activity in CareConnect is recorded on a permanent audit trail that records logon, individual patient records accessed, printed information and log off.
  • All internal and external network access attempts are monitored and recorded.
  • All CareConnect users must successfully complete an online privacy tutorial before a CareConnect account is activated.
  • Users must agree to an online confidentiality acknowledgement the first time they log on to CareConnect and periodically reaffirm this acknowledgement.
  • All CareConnect users are required to change their password every 90 days. 
  • A password standard has been established that ensures passwords are not easy to guess.

Role-based access in CareConnect

  • CareConnect uses a role‐based access model to ensure that each user can access the clinical information they need to do their job, but cannot access the information they do not need.
  • Every CareConnect user is assigned a business role which determines the user's specific access permissions.

Each CareConnect business role is made up of two components:

  1. Role context – The type of service / clinical setting in which the user works (e.g. Emergency Services, Community Services)
  2. Functional description – The functional role of the user, i.e., what the user does (e.g. prescriber, clinical support staff)
  • ‎No, the purpose of CareConnect is to support patient care delivery and access by healthcare professionals is on a "needs to know/least privileged basis."
  • Accessing this information relates to the care duties or support functions associated with care for a patient by a healthcare professional. If you want to access your own personal medical record, you must go through Health Records of the health authority or use the BC Health Gateway website. 

  • ‎Do not share your username and password with anyone.
  • Do not allow anyone to access any information in CareConnect under your username.

  • Always close your browser when you are finished your session. There is no log out button. 

  • Do not discuss confidential patient information in public areas.

  • Ensure personal information printed from CareConnect is properly protected, by placing it in the patient's record or shredding it after use.

  • Before accessing a patient's personal information, ask yourself, "Do I need this information in order to do my job?"


  • ‎Your username and password are equivalent to a legal signature, making you accountable for all activity performed under your username, even if someone else used it to access CareConnect.
  • Treat your username and password with the same care as your personal identification number (PIN) for banking.

  • Anyone with reason to believe a username and password have been compromised should immediately reset the password and notify your supervisor, manager or director.

‎An audit trail is a security tool that tracks:


  • User access and activity.

  • Any creation, modification or deletion of data in an electronic information system.

 


CareConnect has an audit trail function that collects information such as username, date and time, patient record(s) accessed, and print requests.


An audit trail can be used to establish the legality of personal information in an EHR. An audit trail can also provide valuable information when unsuccessful attempts have been made to access a record, a privacy breach has occurred, or a complaint about a breach has been filed.

 
  • ‎A privacy breach occurs when someone's privacy and confidentiality have been compromised. 
  • Breaches include intentional and unauthorized access to, use, and/or disclosure of personal information. 
  • An example would be accessing personal information via CareConnect that you do not need to know to do your job, such as information on your family, friends or colleagues.
  • Confirmed breaches of confidentiality will result in disciplinary action, up to and including removal of access permissions and termination.
 

Find out more about privacy & security

Contact your health authority privacy office or the PHSA eHealth Privacy Office - ehealthprivacy@phsa.ca

Physicians may refer to the Doctors Technology Office website for additional resources.

SOURCE: Privacy & Security ( )
Page printed: . Unofficial document if printed. Please refer to SOURCE for latest information.

Copyright © Provincial Health Services Authority. All Rights Reserved.

    Copyright © 2022 Provincial Health Services Authority