Jump to content

Personal Health Information Protection Act

From Wikipedia, the free encyclopedia

Personal Health Information Protection Act
Legislative Assembly of Ontario
  • An Ontario Act to establish consistent rules governing the collection, use and disclosure of personal health information in the hands of ’health information custodians‘, such as doctors, hospitals or other health care providers.
CitationS.O. 2004, Chapter 3 Schedule A
Enacted byLegislative Assembly of Ontario
Assented to20 May 2004
Commenced1 November 2004
Legislative history
Bill titleBill 31, Schedule A
Introduced byMinistry of Consumer and Business Services and the Ministry of Health and Long Term Care

The Personal Health Information Protection Act, also known as PHIPA, is Ontario legislation established in November 2004. PHIPA is one of two components of the Health Information Protection Act 2004.[1]

The Health Information Protection Act, also established in 2004, comprises two schedules: PHIPA (Schedule A) and the Quality of Care Information Protection Act (Schedule B).[1] The PHIPA replaced the Health Cards and Numbers Control Act (SO 1991, c 1).[2]

PHIPA provides a set of rules for the collection, use and disclosure of personal health information by a "Health Information Custodian" (HIC), and includes the following provisions:[1]

  • Consent is required for the collection, use and disclosure of personal health information, with few exceptions
  • HICs are required to treat all personal health information as confidential and maintain its security
  • Individuals have a right to access their personal health information, as well as the right to correct errors
  • Individuals have the right to instruct HICs not to share their personal health information with others
  • Rules are provided for the use of personal health information for fundraising or marketing purposes
  • Guidelines are set for the use and disclosure of personal health information as a secondary use such as research, quality improvement or education
  • Accountability is ensured by granting an individual the right to complain if they have identified an error in their personal health information
  • Remedies are established for breaches of the legislation

History

[edit]
  • December 17, 2003: The Health Information Protection Act (Bill 31) was introduced by the first McGuinty government
  • January 26, 2004: Public hearing at Standing Committee on General Government held in Toronto
  • February 2, 2004: Public hearing at Standing Committee on General Government held in Sault Ste. Marie, Kingston and London
  • February 9, 2004: and April 28, 2004 Clause-by-clause consideration of the Bill resulting in various amendments
  • May 17, 2004: Bill 31 passed third and final reading with unanimous support in the legislature
  • May 20, 2004: Bill 31 received Royal Assent
  • July 3 - September 3, 2004: Public consultation on regulations
  • November 1, 2004: Schedules A and B of the Health Information Protection Act come into force[3]
  • May 18, 2016: passage by the first Wynne government of the Health Information Protection Act 2016, S.O. 2016, c. 6 - Bill 119, to amend the Personal Health Information Protection Act, 2004, to make related amendments, to introduce the idea of an "ELECTRONIC HEALTH RECORD", to repeal and replace the Quality of Care Information Protection Act 2004 with the Quality of Care Information Protection Act 2016, and to amend the Regulated Health Professions Act, 1991

Application

[edit]

PHIPA applies to individuals and organizations involved in the delivery of healthcare services. Under the Act, they are referred to as HICs, "prescribed organizations", or "agencies", each with various function.

Health information custodians

[edit]

A HIC can be any number of individuals or organizations who have custody or control of personal health information.[4] To elaborate, some examples of an HIC include:

  • Healthcare providers such as doctors, nurses, social workers, dentists, psychologists, paramedics, optometrists, physiotherapists, occupational therapists, chiropractors, massage therapists, dieticians, naturopaths and acupuncturists
  • Hospitals
  • Long-term care homes and homes for special care
  • Community Care Access Centres
  • Pharmacies
  • Medical laboratories
  • Local medical officers of health
  • Ambulance services
  • Community mental health programs
  • Ministry of Health and Long-Term Care[4][5]

Agents of health information custodians

[edit]

An “agent” of an HIC includes anyone who is authorized by the HIC to do anything on behalf of the HIC with respect to personal health information. These actions are for the purposes of the HIC and not the agent.[4]

Examples include:

  • Employees of the HIC
  • Clinician researchers conducting research under the jurisdiction of the HIC
  • Persons contracted to provide services to the HIC where the person has access to personal health information (e.g. copying or shredding service, records management service)
  • Volunteers or students who have any access to personal health information[6]

Role of the Information and Privacy Commissioner

[edit]

The Information and Privacy Commissioner of Ontario (IPC) is appointed by the Legislative Assembly of Ontario and is independent of the government.[7] The IPC is responsible for ensuring that HICs comply with the Act.[8] Under PHIPA, the IPC has the power to review and make rulings about complaints.

Complaint Time to File the Complaint
Personal health information has been collected, used or shared contrary to PHIPA Within 1 year
A request to see personal health information has been denied Within 6 months
A request to have personal health information corrected has been denied Within 6 months

When the commissioner receives a complaint, a mediator may be appointed to try to solve the problem. The IPC has various powers to resolve complaints, including the power to order an HIC to:

  • Change or stop the way information is collected, used or shared
  • Provide access to the record of personal health information
  • Correct the record of personal health information[8]

Content

[edit]

The Act covers the following subjects relating to personal health information in the province of Ontario:

References

[edit]
  1. ^ a b c Cavoukian, Ann (February 2005). "Frequently Asked Questions: Personal Health Information Protection Act" (PDF). Information and Privacy Commissioner of Ontario. Archived from the original (PDF) on 26 February 2007.
  2. ^ "Personal Health Information Protection Act, 2004, SO 2004, c 3, Sch A". CanLII. Retrieved 21 January 2024.
  3. ^ "Personal Health Personal Health Information Protection Information Protection Act, 2004: Act, 2004: An Overview An Overview" (PDF). Ministry of Health and Long-Term Care. Retrieved 11 December 2012.
  4. ^ a b c Bearwood, John P.; Kerr, J. Alexis (2004). "Coming soon to a health sector near you: Advance look at the Ontario Personal Health Information Protection Act (PHIPA)". Healthcare Quarterly. 7 (4): 62–67. doi:10.12927/hcq..16817. PMID 15540406.
  5. ^ "Your Health Information: Your Rights" (PDF). Information and Privacy Commissioner of Ontario. Archived from the original (PDF) on 3 November 2012. Retrieved 10 December 2012.
  6. ^ "Personal Health Information Protection Act, 2004". Service Ontario. Retrieved 11 December 2012.
  7. ^ "The role of the Information and Privacy Commissioner". IPC. Retrieved 2020-11-15.
  8. ^ a b "A Guide to the Personal Health Information Protection Act" (PDF). Archived from the original (PDF) on 22 February 2007. Retrieved 11 December 2012.