Breach An infraction or violation of the law, which is either intentional (an act of commission) or unintentional (an omission).
Type of Breach Observed
Once all the templates were collected, the recorded breaches of confidentiality were classified into three categories according to their description as follows:
1. Confidentiality breaches related to the custody of clinical histories and records (admission forms, clinical and nursing report sheets, laboratory tests and other complementary examinations, and any other type of record containing patient data), as well as computer access to such records.
2. Confidentiality breaches related to the consultation and/or disclosure of clinical and/or personal data to medical personnel not involved in the patient’s clinical care, as well as people external to the hospital.
3. Situations in which the improper disclosure of the patient’s clinical data resulted from inadequate infrastructure, equipment, or poor organization of the hospital.
Breach severity
In addition, we ranked the severity of the breaches described above from low to high severity as follows:
1. Minor confidentiality breaches are defined as those in which sensitive patient data is not properly safeguarded or handled (excluding the following categories), but which do not result in observable consequences. This includes the custody of clinical histories and records or breaches due to inadequate hospital infrastructure.
2. Minor confidentiality breaches committed repeatedly: more than once.
3. Severe confidentiality breaches are defined as the disclosure of sensitive data, as well as incidents that result in some kind of observable consequence. These breaches correspond to situations where clinical patient data are disclosed to third parties or to medical personnel not involved in the patient’s care, as well as those that are committed intentionally, or related to the patient’s sexual life, mental or other stigmatizing illnesses, and racial or ethnic background. Such breaches are considered to be particularly severe as these data are of a highly private nature.
4. Serious confidentiality breaches that occur repeatedly: more than once.
Area where the breach was observed
In order to reduce the number of areas where the observations were recorded, we grouped the areas into categories based on their similarity as follows:
1. Meeting areas (offices, classrooms, etc.) and specific areas where healthcare is provided (exam rooms, treatment rooms, operating rooms, etc.).
2. Nursing stations on hospital wards.
3. Patient rooms, which are usually occupied by two patients and their respective companions.
4. Other public areas: corridors, elevators, hospital entrances, stairs, and locker rooms.
Personnel involved in the breaches
The observers were required to record the staff member who committed the breach of confidentiality. Once all the data were collected, it was found that two or more staff were often responsible for the confidentiality breach. The personnel were classified as follows:
1. Physicians
2. Residents
3. Nursing staff
4. Nursing assistants
5. Orderlies
6. Administrative personnel
7. Students
Comments