Protecting patient
privacy is a top priority. Security measures and privacy policies and
procedures are designed to ensure only authorized healthcare professionals have
access to clinical information.
CareConnect is designed to ensure personal information about patients is protected from unauthorized access or use, with the following security features:
Enrollment and registration processes confirm:
- User identities.
- Permission has been obtained before an access account is created.
- All user activity in CareConnect is recorded on a permanent audit trail that records logon, individual patient records accessed, printed information and log off.
- All internal and external network access attempts are monitored and recorded.
- All CareConnect users must successfully complete an online privacy tutorial before a CareConnect account is activated.
- Users must agree to an online confidentiality acknowledgement the first time they log on to CareConnect and periodically reaffirm this acknowledgement.
- All CareConnect users are required to change their password every 90 days.
- A password standard has been established that ensures passwords are not easy to guess.
- CareConnect uses a role‐based access model to ensure that each user can access the clinical information they need to do their job, but cannot access the information they do not need.
- Every CareConnect user is assigned a business role which determines the user's specific access permissions.
Each CareConnect business role is made up of two components:
- Role context – The type of service / clinical setting in which the user works (e.g. Emergency Services, Community Services)
- Functional description – The functional role of the user, i.e., what the user does (e.g. prescriber, clinical support staff)
- Do not share your username and password with anyone.
Do not allow anyone to access any information in CareConnect under your username.
Always close your browser when you are finished your session. There is no log out button.
Do not discuss confidential patient information in public areas.
Ensure personal information printed from CareConnect is properly protected, by placing it in the patient's record or shredding it after use.
Before accessing a patient's personal information, ask yourself, "Do I need this information in order to do my job?"
- Your username and password are equivalent to a legal signature, making you accountable for all activity performed under your username, even if someone else used it to access CareConnect.
Treat your username and password with the same care as your personal identification number (PIN) for banking.
Anyone with reason to believe a username and password have been compromised should immediately reset the password and notify your supervisor, manager or director.
An audit trail is a security tool that tracks:
User access and activity.
Any creation, modification or deletion of data in an electronic information system.
CareConnect has an audit trail function that collects information such as username, date and time, patient record(s) accessed, and print requests.
An audit trail can be used to establish the legality of personal information in an EHR. An audit trail can also provide valuable information when unsuccessful attempts have been made to access a record, a privacy breach has occurred, or a complaint about a breach has been filed.
- A privacy breach occurs when someone's privacy and confidentiality have been compromised.
- Breaches include intentional and unauthorized access to, use, and/or disclosure of personal information.
- An example would be accessing personal information via CareConnect that you do not need to know to do your job, such as information on your family, friends or colleagues.
- Confirmed breaches of confidentiality will result in disciplinary action, up to and including removal of access permissions and termination.
Contact your health authority privacy office or the PHSA eHealth Privacy Office - ehealthprivacy@phsa.ca
Physicians may refer to the Doctors Technology Office website for additional resources.
