Reminder: Professional Obligation to Protect Client Privacy
On February 18, 2026, the Office of the Information and Privacy Commissioner for British Columbia (OIPC) released an investigation report into privacy breaches that occurred following the 2025 Lapu Lapu Day Festival tragedy. The report found 71 incidents of unauthorized access to client records by 36 healthcare workers across three health authorities, impacting 16 individuals who had been transported to medical facilities after the tragedy.
The report focuses on how these incidents constituted breaches of the Freedom of Information and Protection of Privacy Act (FIPPA), which prohibits the unauthorized collection, use, or disclosure of personal information by employees or associates of public bodies or service providers.
Pharmacy professionals have legal, ethical, and professional obligations to protect their clients’ right to privacy and confidentiality.
Having access to health information systems or databases does not constitute authority to view all records within them. Accessing client records out of curiosity, personal interest, or for any other purpose unrelated to your professional responsibilities or authorized duties is both illegal and unethical. This includes accessing the records of individuals who are not your clients.
Ethical Responsibility to Protect Clients’ Right to Confidentiality
Standard 4 of CPBC’s Code of Ethics outlines the following guidelines regarding patient/client confidentiality:
|
Data Collection, Transmission of and Access to PharmaNet Data
The Pharmacy Operations and Drug Scheduling Act, Bylaws, s. 35, sets out the following rules regarding Data Collection, Transmission of and Access to PharmaNet Data:
|
(2) A registrant may collect and record patient information in PharmaNet, or access, use and disclose a patient’s PharmaNet record only for the purposes of:
|