TORONTO – Ontario is on its way to a new healthcare privacy protection act – in early May, the Health Information Protection Act (HIPA) passed third reading in the Ontario legislature. The Act introduces new measures to improve privacy, accountability and transparency in the healthcare system.

The Act will amend existing legislation to protect the personal health information of patients, including:

• Making it mandatory to report privacy breaches, as defined in regulation, to the Information and Privacy Commissioner and, in certain circumstances, to relevant regulatory colleges
• Strengthening the process to prosecute offences under the Personal Health Information Protection Act by removing the requirement that prosecutions must be commenced within six months of when the alleged offence occurred
• Doubling the maximum fines for privacy offences from $50,000 to $100,000 for individuals and from $250,000 to $500,000 for organizations.

“This legislation gives our healthcare system the necessary tools to protect the private health information of patients in Ontario,” said Dr. Eric Hoskins (pictured), Minister of Health and Long-Term Care. “Patients deserve to know that their most sensitive information is not being accessed inappropriately and that their privacy is being protected.”

He added that, “Our legislation also ensures that patients and their families are kept informed when a critical incident occurs and as it is investigated.”

The Health Information Protection Act will, once proclaimed, also update the Quality of Care Information Protection Act (QCIPA) to increase transparency and maintain quality in Ontario’s healthcare system by:

• Affirming the rights of patients to access information about their own healthcare
• Clarifying that facts about critical incidents cannot be withheld from affected patients and their families
• Requiring the Minister of Health and Long-Term Care to review QCIPA every five years.

Ontario is working to implement all recommendations made by the expert committee that reviewed the Quality of Care Information Protection Act to improve transparency in critical incidents. These include bringing forward a proposal to ensure patients or their representatives are interviewed as part of a critical incident investigation, and are informed of the cause of the incident, if known.

Protecting patient privacy and strengthening transparency is part of the government’s plan to build a better Ontario through its Patients First: Action Plan for Health Care, which is providing patients with faster access to the right care, better home and community care, the information they need to stay healthy and a healthcare system that’s sustainable for generations to come.

The expert committee that reviewed QCIPA interviewed more than 60 healthcare professionals, patients and their family members who had experience with critical incidents or service quality issues in hospitals.

QCIPA currently applies to public and private hospitals, independent health facilities, long-term care homes, medical labs, specimen collection centers and psychiatric facilities.

The purpose of QCIPA is to enable healthcare providers to have protected quality improvement discussions, including discussions about critical incidents, in order to help improve patient safety and ensure such incidents are not repeated in the future, while still ensuring that patients and their authorized representatives have access to the facts about the incident.

“I am pleased that these important amendments to the Personal Health Information Protection Act have passed third reading,” said Brian Beamish, the Information and Privacy Commissioner of Ontario. “Personal health information is among the most sensitive of personal information. As new technologies emerge and health records are increasingly shared electronically among health professionals, it is crucial that mechanisms are in place to ensure this information continues to be protected.”