Effective October 1, 2020, Part V.1 of the Personal Health Information and Protection Act, 2004 (PHIPA) is now legally binding on all organizations and persons governed by PHIPA. For those less familiar with this legislation, Part V.1 sets out a framework for regulating the provincial electronic health record (EHR) including the functions, duties and responsibilities of health information custodians who, collect, use and disclose personal health information through the EHR. Patients/clients also have the right to control how their health information will be shared for health care purposes through “consent directives.” These allow people to block access to some or all parts of their record.
To understand if Part V.1 of PHIPA applies to your practice as an occupational therapist, consider these questions:
If you answered yes to all three questions, then Part V.1. only allows you to collect personal health information from a patient’s/client’s EHR if it is for the purpose of providing or assisting in the provision of health care to the individual to whom the information relates. You are also allowed to access the EHR if you believe that the collection of personal health information from it is necessary to eliminate or reduce harm to a person or group of persons. If you collect information from the EHR for any other purpose, this will be considered an unauthorized access, meaning a privacy breach will have occurred.
Learn more about PHIPA and your obligations under it.