Breach of privacy

Breach of privacy

All breaches of privacy must be reported.

A privacy breach is any handling of personal health information that is not authorized under PHIA. 

Mandatory reporting

A physician who is a custodian is required to report a breach of an individual’s personal health information to that individual if, in the physician’s opinion, the breach is likely to cause the individual harm or embarrassment. 

If the physician does not report the breach to the individual, the physician is required to report it to the Review Officer.

Review Officer contact information:
Phone: 902-424-4684 
Toll-free: 1-866-243-1564 
Fax: 902-424-8303

Four key steps

There are four key steps to be followed after every privacy breach. Those steps are:

Step 1: Contain the breach
Step 2: Evaluate the risks
Step 3: Notification
Step 4: Prevention

For further information on the four key steps, the Nova Scotia Office of the Information and Privacy Commissioner document Key Steps to Responding to Privacy Breaches is a helpful resource.