Ontario to Introduce New Measures to Protect Patient Privacy
Strengthening Privacy and Accountability in the Health Care System
Ontario is improving privacy and accountability in the health care system with new measures to protect the personal health information of patients.
The province intends to introduce amendments to the Personal Health Information Protection Act (PHIPA) that, if passed, would strengthen privacy rules, make it easier to prosecute offences and increase fines.
These amendments would include:
- Increasing accountability and transparency by making it mandatory to report privacy breaches to the Information and Privacy Commissioner and, in certain cases, to relevant regulatory colleges
- Strengthening the process to prosecute offences under PHIPA by removing the requirement that prosecutions must be commenced within six months of the alleged privacy breach
- Further discouraging "snooping" into patient records by doubling the fines for offences under PHIPA from $50,000 to $100,000 for individuals and from $250,000 to $500,000 for the organization
- Clarifying the authority under which health care providers may collect, use and disclose personal health information in electronic health records
The legislation would also re-introduce protections to electronic and other personal health information, as presented in 2013. These protections have been endorsed by the Information and Privacy Commissioner.
Protecting the personal health information of patients is part of the government's plan to build a better Ontario through its Patients First: Action Plan for Health Care, which is providing patients with faster access to the right care, better home and community care, the information they need to stay healthy and a health care system that's sustainable for generations to come.
- The Personal Health Information Protection Act sets out rules around personal health information to ensure patient privacy is protected.
- Ontario first introduced Bill 78, the Electronic Personal Health Information Protection Act in May 2013 to protect the privacy of personal health information that is collected, used or disclosed by health care providers. The bill reached second reading before it died on the Order Paper when the legislature was dissolved on May 2, 2014.
- The Information and Privacy Commissioner has the authority to review complaints related to personal health information and can order changes to practices or procedures to ensure compliance with PHIPA.
“No matter where people receive care, they deserve to know that they are protected by a health care system that is accountable and keeps their personal health information private. By increasing fines and requiring that privacy breaches are reported to the Information and Privacy Commissioner, we can help strengthen patient privacy and improve our health care system. If passed, these changes will strengthen Ontario’s position as the nation-wide leader in protecting patient privacy.”
“The proposed amendments to Ontario’s health privacy law will go a long way to protecting the privacy of patients as the health sector transitions to shared electronic systems. I am pleased that the ministry consulted with my office in developing these measures and that it is moving forward to introduce them, as called for in my most recent annual report. Mandatory reporting of privacy breaches and enhancing the ability of the Attorney General to prosecute are two of many significant improvements that should give the public more confidence in the health system.”