 | |
 |
 |
|
 |
 |
 |
 |
 | |
|
Public Information
Health Care Providers
News Media
Text Only Version
| ||||||
 |
|
 What is the Health Information Protection Act, 2004?
The Health Information Protection Act, 2004 creates a comprehensive approach to protecting health information across the health care system. The Act has two parts : the Personal Health Information Protection Act, 2004 (Schedule A) and the Quality of Care Information Protection Act, 2004 (Schedule B). This legislation received Royal Assent on May 20, 2004 and came into force on November 1, 2004.
Who does the Personal Health Information Protection Act, 2004 apply to?
The legislation applies to defined "health information custodians" where they collect, use or disclose personal health information. A health information custodian includes doctors, other health care practitioners, hospitals, and long-term care facilities. It also includes health care clinics, laboratories, pharmacies, the Ministry of Health and Long-Term Care, and other health-related organizations. The legislation also applies to individuals and organizations outside the health system that receive personal health information from the health care system, such as insurance companies and employers. The legislation applies to everyone regarding the collection, use or disclosure of the OHIP numbers.
What is personal health information?
Personal health information is identifiable information relating to your health and health care history. This includes information that may be contained in your health record such as diagnostic, treatment and care information, your OHIP number, and genetic information if it is part of your health record. Personal health information also includes any other identifying information included in a record of personal health information.
What is the difference between the Personal Health Information Protection Act, 2004 and how your health information was treated before?
Privacy protections for personal health information were set out in several statutes and in professional standards. In some cases, the rules were unclear or inconsistent, or there were gaps. The Personal Health Information Protection Act, 2004 creates consistent rules to safeguard personal health information across the health sector in Ontario as of November 1, 2004. This legislation means you have a legislated right to request access to and correction of incorrect or incomplete information in your records of personal health information held by health information custodians. This legislation also provides an independent body to oversee it and to ensure accountability. The Information and Privacy Commissioner of Ontario investigates complaints, and makes binding orders to ensure compliance with the legislation.
With whom can your doctor share your personal health information?
Your doctor can share your personal health information in the health system when it's necessary to provide care to you. For example, your doctor can share your personal health information with a specialist that you have been referred to for care. Your consent to this disclosure may be implied. However, the legislation allows you to tell your doctor if you don't want part of your personal health information shared with others providing you health care. Health information custodians are also responsible for the actions of those who work for him or her, and must make sure they handle information confidentially and appropriately. Health information custodians, in general, must get your consent to share your health information outside the health care system, or to share your information for any purpose other than one related to providing health care. For example, a doctor or any other health care provider would have to obtain your express consent before providing your personal health information to an employer. However, the Act authorizes a health information to disclose information without consent in some instances, such for the purpose of reporting a public health matter.
Can hospitals or other health care providers use your personal health information for fundraising purposes?
The legislation allows a health information custodian to use a patient's name and mailing address for fundraising purposes with the patient's implied consent. Thepatient is notified of his/her right to opt-out of future fundraising solicitations. Fundraisers would not have access to any information about a person's treatment or state of health. This allows for an appropriate balance between the good work undertaken by hospital foundations, for example, in raising much-needed funds and the individual's right to control his or her information.
Can the Minister of Health see your personal health information?
The Minister does not have the authority to direct disclosures of patient health records under the legislation except for the purpose of monitoring or verifying claims for payment for Ministry-funded health care and related goods. If the Minister requires certain types of information for health care planning and management purposes, disclosures would be made to a secure health data institute, which in turn would generally release anonymous information to the Ministry of Health and Long-Term Care.
How can you find out how your personal health information is protected?
Your doctor, or any other health information custodian, is required to make available to the public a written statement that decribes the custodian's policy on personal health information collection, use and disclosure. Their patients must be notified of any collection, use or disclosure outside of this policy. They must also designate someone responsible to answer questions from the public.
Is a health care provider able to report someone they think is at risk of spreading a communicable disease?
Under Ontario's public health legislation, the Health Protection and Promotion Act, doctors and other health care providers are required to report anyone to their local Medical Officer of Health who they believe may have a reportable or communicable disease. This is to control and contain specific diseases. The Personal Health Information Protection Act, 2004 does not interfere with this requirement.
Who can you complain to if you feel the rules have been broken?
Individuals can make a complaint to the Information and Privacy Commissioner. The legislation is not retroactive, so actions taken before November 1, 2004 could not be the subject of a complaint to the Commissioner. The IPC website is www.ipc.on.ca for further information.
What are the penalties for committing an offence under the Personal Health Information Protection Act, 2004?
There are strict penalties of up to $50,000 for an individual and $250,000 for a corporation. These are the toughest penalties in Canada for breaches of health privacy legislation. The Act also allows for an award of damages in appropriate cases.
Why is it necessary to protect quality of care information?
The Quality of Care Information Protection Act, 2004 is an important piece of Ontario's efforts to reduce medical errors and ensure patient safety in hospitals. When a medical error occurs, an open discussion about the incident is important. Without this, the institution cannot properly analyze what led to the incident. It cannot identify and make changes to avoid similar incidents in the future. Most other provinces - including Saskatchewan, New Brunswick, Nova Scotia, Alberta, and British Columbia - already provide legislative provisions encouraging such discussions by shielding the disclosure of quality of care information in legal proceedings. The protections available under this Act cannot be used to shield the facts of a medical incident unless the facts are also contained in the patient's health record and therefore available to the patient. |
 | |
|
| |
|
Call the ministry INFOline at 1-866-532-3161 (Toll-free in Ontario only) TTY 1-800-387-5559 Hours of operation : 8:30am - 5:00pm |
|
|
| |
 | |
|
| home
| central site
| contact us
| site map
| français |
|
