Law & Governance

Law & Governance November -0001 : 0-0

Bill 31, Health Information Protection Act, 2003

Michael Watts, Kathy O'Brien, Patricia North and Megan Evans

Abstract

On December 17, 2003, Minister of Health and Long-Term Care George Smitherman introduced Bill 31 to the Legislature. The Bill passed First Reading, the order for Second Reading was discharged, and the Bill was referred to the Standing Committee on General Government on December 18, 2003. Public hearings on the Bill will be held in Toronto the week of January 26, 2004, and in Sault Ste. Marie, Kingston and London during the week of February 2, 2004.
If passed, Bill 31 will enact two new Acts, the Personal Health Information Protection Act (Schedule A) and the Quality of Care Information Protection Act(Schedule B), and will make complementary amendments to other Acts. The Bill requires that a "health information custodian", which includes health care practitioners, long-term care service providers, the operator of a hospital, nursing home, pharmacy, ambulance service and the Minister of Health, among others, keep personal health information confidential and secure, and establishes rules for its collection, use, disclosure, retention and disposal.

"Personal health information" refers to identifying information, whether in oral or recorded form, that relates to the individual's physical or mental health, the provision of health care to the individual, payments or eligibility for health care, the donation of a body part or bodily substance, and the individual's health care number, health care provider or substitute decision maker. Other significant features of the Bill are:

  • Health information custodians must have information practices in place that are in compliance with the requirements for dealing with personal health information;
  • It provides a right of access to one's personal health information and the ability to require corrections, subject to certain limitations and exceptions;
  • Individual consent for the collection, use or disclosure of personal information may be either express or implied, with limitations on when consent may be implied. Consent may also be withdrawn, with notice;
  • It establishes who may act on behalf of another with respect to personal health information, and under what circumstances;
  • Accountability is dealt with by the establishment of a process of appeal to the provincial Information and Privacy Commissioner. Mechanisms for investigating and settling complaints and reviewing information practices are provided, as are penalties for violations; and
  • Quality of care information is dealt with separately from personal health information. Disclosure of information collected or prepared for the purpose of assisting a quality of care committee of a hospital, or other entity, is limited to certain prescribed circumstances.

Schedule B of the Bill, the Quality of Care Information Protection Act, finally brings Ontario in line with all other Canadian provinces and territories and the 50 U.S. states, all of which have similar legislation protecting quality of care information from being disclosed or used as evidence in legal proceedings. Hospitals should note in particular:

  • The Bill protects from disclosure only "quality of care information", which is information prepared or collected by the hospital's Quality of Care Committee or relating solely or primarily to that Committee's activities. All hospitals should review the terms of reference of their Quality of Care Committee (or equivalent) to ensure that it will qualify as a Quality of Care Committee under the Bill. "Quality of care information" does not include information contained in a medical record.
  • Quality of care information is not admissible as evidence in a legal proceeding, nor can a witness be asked about it.
  • The Bill contains immunity sections protecting specific persons from liability. These persons include those (i) who disclose information to the Quality of Care Committee and (ii) members of the Committee who disclose quality of care information to reduce a quality of care risk or to improve healthcare within the hospital.
  • The Bill requires that the Minister hold public consultations before making regulations under this Act.

The Bill contains a number of provisions which may be of particular concern to hospitals, including:
  • Restrictions on collection, use and disclosure of personal health information for fundraising purposes without the individual's express consent, which is substantially different from the current requirements under PIPEDA;
  • Requirement that health information custodians using an electronic format for personal health information comply with prescribed requirements (to be provided in regulation), which could be costly to implement;
  • Requirement that health information custodians using or disclosing personal health information take steps to ensure that the information is as accurate, complete and as up-to-date as necessary for the purposes of the use or disclosure (or, in disclosure situations only, that any limitations on the accuracy etc. of the information are set out). Assuring accuracy etc. could potentially be a very onerous task in the hospital setting, given that information is collected by a number of health professionals, over extended periods of time;
  • The penalties for offences are significant (maximum $50,000 for individuals, $250,000 for corporations); and
  • Directors, officers, employees etc. of a corporation, including a public hospital, can be held personally liable for an offence, whether or not the corporation is prosecuted or convicted, and responsible for the penalty amounts upon conviction. However, a due diligence defence is available.

Although there are a number of significant differences, Bill 31 is substantially similar to Bill 159 (Personal Information Privacy Act), which was introduced by the Conservative government and passed first reading in December, 2000, but was never enacted. All indications suggest that the government intends to move this Bill forward very quickly. The commencement date for the legislation is identified in the Bill as July 1, 2004. If you are interested in making oral or written submissions on the Bill to the Standing Committee, you can refer to the Legislative Assembly of Ontario website for more information at

Acknowledgment

© 2004 Cassels Brock & Blackwell LLP. Cassels Brock is a trade-mark of Cassels Brock & Blackwell LLP. All rights reserved.

Comments

Be the first to comment on this!

Note: Please enter a display name. Your email address will not be publically displayed