CBC reports:
Snooping into someone’s medical data is a breach of privacy rules, but secretly conducting urine tests is not, Saskatchewan’s privacy and information commissioner says.
A Saskatchewan man complained to the privacy commissioner last year that his ex-wife poked into health information and performed urine tests at a hospital in the Prince Albert area when it wasn’t her job.
It was alleged that the ex-wife — a combined laboratory and x-ray technologist in the Prince Albert Parkland Health Region — snooped into the records of the ex-husband and their daughter and also tested the daughter’s urine.
However, with respect to the urine, there were no records created, nor data entered into the health region’s computer system, so it’s not a privacy issue, commissioner Ron Kruzeniski ruled April 5.
For that reason, Kruzeniski said the urine case is a worker conduct or misconduct issue.
Read more on CBC.ca.
Does the mother have physical and legal custody of the child? The privacy issue should not rest solely on whether any records were created or entered into the health computer system, but whether the mother had the right to test her daughter’s urine at all or if the father’s consent was required, too, etc.
Update: Okay, I found the Commissioner’s report on the complaint, which explains that the mother ran a (disposable) chem strip on the urine sample. This paragraph explains why it was not a privacy breach under HIPA:
Based on what has been provided by PAPRHA, it does not appear that PAPRHA has custody or control of any personal health information involving the Complainant’s daughter as it relates to the urine samples or the results of testing them. Therefore, HIPA would not apply. The collection and testing of the daughter’s urine samples without a physician’s order is a matter of professional conduct (or misconduct) and not a privacy matter under HIPA. My office has no jurisdiction over matters of professional conduct. Therefore, this Investigation Report will only address the first issue.