June 10, 2015 – Ministry of Health and Long-Term Care: Ontario is improving privacy and accountability in the health care system with new measures to protect the personal health information of patients.
The province intends to introduce amendments to the Personal Health Information Protection Act (PHIPA) that, if passed, would strengthen privacy rules, make it easier to prosecute offences and increase fines.
These amendments would include:
- Increasing accountability and transparency by making it mandatory to report privacy breaches to the Information and Privacy Commissioner and, in certain cases, to relevant regulatory colleges
- Strengthening the process to prosecute offences under PHIPA by removing the requirement that prosecutions must be commenced within six months of the alleged privacy breach
- Further discouraging “snooping” into patient records by doubling the fines for offences under PHIPA from $50,000 to $100,000 for individuals and from $250,000 to $500,000 for the organization
- Clarifying the authority under which health care providers may collect, use and disclose personal health information in electronic health records
The legislation would also re-introduce protections to electronic and other personal health information, as presented in 2013. These protections have been endorsed by the Information and Privacy Commissioner.
Protecting the personal health information of patients is part of the government’s plan to build a better Ontario through its Patients First: Action Plan for Health Care, which is providing patients with faster access to the right care, better home and community care, the information they need to stay healthy and a health care system that’s sustainable for generations to come.
- The Personal Health Information Protection Act sets out rules around personal health information to ensure patient privacy is protected.
- Ontario first introduced Bill 78, the Electronic Personal Health Information Protection Act in May 2013 to protect the privacy of personal health information that is collected, used or disclosed by health care providers. The bill reached second reading before it died on the Order Paper when the legislature was dissolved on May 2, 2014.
- The Information and Privacy Commissioner has the authority to review complaints related to personal health information and can order changes to practices or procedures to ensure compliance with PHIPA.