A privacy breach is any handling of personal health information that is not authorized under PHIA.
A physician who is a custodian is required to report a breach of an individual’s personal health information to that individual if, in the physician’s opinion, the breach is likely to cause the individual harm or embarrassment.
If the physician does not report the breach to the individual, the physician is required to report it to the Review Officer.
Review Officer contact information:
Four key steps
There are four key steps to be followed after every privacy breach. Those steps are:
Step 1: Contain the breach
Step 2: Evaluate the risks
Step 3: Notification
Step 4: Prevention
For further information on the four key steps, the Nova Scotia Office of the Information and Privacy Commissioner document Key Steps to Responding to Privacy Breaches is a helpful resource.