Skip to main content

CareConnect Privacy and Education Resources

Education resources

The following videos are intended for illustrative purposes only. Enhancements are regularly implemented in CareConnect including additional clinical data and fuctionality. Watch on YouTube: 


If you have an active Health Authority network account (ex. Vch\vrhb\infosys\phsabc\) and would like to reset your password please visit

If you have an HxBC account please visit

If you have any questions, please contact

How to Reset Your Password

CareConnect Privacy and Security

Protecting patient privacy is a top priority. Security measures and privacy policies and procedures are designed to ensure only authorized providers have access to clinical information.

CareConnect is designed to ensure personal information about patients is protected from unauthorized access or use, with the following security features:

  • Enrollment and registration processes confirm:

    • User identities.

    • Permission has been obtained before an access account is created.

  • All user activity in CareConnect is recorded on a permanent audit trail that records logon, individual patient records accessed, printed information and log off.

  • All internal and external network access attempts are monitored and recorded.

  • All CareConnect users must successfully complete an online privacy tutorial before a CareConnect account is activated.

  • Users must agree to an online Confidentiality Acknowledgement the first time you log on to CareConnect and periodically reaffirm this acknowledgement.

  • All CareConnect users are required to change their password every 90 days. A password standard has been established that ensures passwords are not easy to guess.

CareConnect uses a Role-Based Access Model to ensure that each user can access the clinical information they need to do their job, but cannot access the information they do not need.

Every CareConnect user is assigned a Business Role which determines the user's specific access permissions.

Each CareConnect Business Role is made up of two components:

  1. Role context  – The type of service / clinical setting in which the user works (e.g., Emergency Services, Community Services)

  2. Functional description  – The functional role of the user, i.e., what the user does (e.g., Prescriber, clinical support staff)

An audit trail is a security tool that tracks:

  • User access and activity

  • Any creation, modification or deletion of data in an electronic information system

CareConnect has an audit trail function that collects information such as username, date and time, patient record(s) accessed, and print requests.

An audit trail can be used to establish the legality of personal information in an EHR. An audit trail can also provide valuable information when unsuccessful attempts have been made to access a record, a privacy breach has occurred, or a complaint about a breach has been filed.

  • Do not share your username and password with anyone.

  • Do not allow anyone to access any information in CareConnect under your username.

  • Always log off when you are finished using a workstation.

  • Do not discuss confidential patient information in public areas.

  • Ensure personal information printed from CareConnect is properly protected, by placing it in the patient's record or shredding it after use.

  • Before accessing a patient's personal information, ask yourself, "Do I need this information in order to do my job?"

Your username and password are equivalent to a legal signature, making you accountable for all activity performed under your username, even if someone else used it to access CareConnect. Treat your username and password with the same care as your Personal Identification Number (PIN) for banking.

Anyone with reason to believe a username and password have been compromised should immediately reset the password and notify your supervisor, manager or director.

The primary purpose for accessing a clinical system like CareConnect is to provide care. Consequently, you should only access information you need to know to perform your job caring for patients, clients and residents. If you want to access your own personal medical record, you must go through Health Records.


A privacy breach occurs when someone's privacy and confidentiality have been compromised. Breaches include intentional and unauthorized access to, use, and/or disclosure of personal information. An example would be accessing personal information via CareConnect that you do not need to know to do your job, such as information on your family, friends or colleagues. Confirmed breaches of confidentiality will result in disciplinary action, up to and including removal of access permissions and termination.


Contact the VCH Information Privacy Hotline at (604) 875-5568, or email

Refer to the Doctors Technology Office website for more resources.

Doctors Technology Office Security Course

"I continue to find CareConnect a very valuable resource for patient care and use it daily. I often need to find specific lab results on patients who have had hundreds of test results recorded so the filters make that search much more efficient."

- Physician

SOURCE: CareConnect Privacy and Education Resources ( )
Page printed:

Copyright © Vancouver Coastal Health. All Rights Reserved.