Ontario to beef up laws to protect patient privacy

TORONTO – Ontario’s government has announced a plan to improve privacy and accountability in the healthcare system with new measures to protect the personal health information of patients. The province intends to introduce amendments to the Personal Health Information Protection Act (PHIPA) to strengthen privacy rules, make it easier to prosecute offenders and increase fines.

Despite numerous breaches of patient privacy, Ontario has yet to successfully prosecute any offenders since the privacy act came into force more than a decade ago. The government has now vowed to roll out the legislation needed to enforce PHIPA.

“The proposed amendments to Ontario’s health privacy law will go a long way to protecting the privacy of patients as the health sector transitions to shared electronic systems,” said Brian Beamish (pictured), the Information and Privacy Commissioner of Ontario.

“I am pleased that the ministry consulted with my office in developing these measures and that it is moving forward to introduce them, as called for in my most recent annual report.”

The amendments include:

• Increasing accountability and transparency by making it mandatory to report privacy breaches to the Information and Privacy Commissioner and, in certain cases, to relevant regulatory colleges.
• Strengthening the process to prosecute offences under PHIPA by removing the requirement that prosecutions must be commenced within six months of the alleged privacy breach.
• Further discouraging “snooping” into patient records by doubling the fines for offences under PHIPA from $50,000 to $100,000 for individuals and from $250,000 to $500,000 for the organization.
• Clarifying the authority under which healthcare providers may collect, use and disclose personal health information in electronic health records.

The legislation would also re-introduce protections to electronic and other personal health information, as presented in 2013. These protections have been endorsed by the Information and Privacy Commissioner.

“No matter where people receive care, they deserve to know that they are protected by a healthcare system that is accountable and keeps their personal health information private,” said Dr. Eric Hoskins, Minister of Health and Long-Term Care.

“By increasing fines and requiring that privacy breaches are reported to the Information and Privacy Commissioner, we can help strengthen patient privacy and improve our healthcare system. If passed, these changes will strengthen Ontario’s position as the nation-wide leader in protecting patient privacy.”