Print

Recent Changes to the Personal Health Information and Protection Act, 2004 (PHIPA)

August 24, 2020
Earlier this year, the Personal Health Information and Protection Act, 2004 (PHIPA) was amended. The key changes impacting occupational therapists' practice, and individuals who are Health Information Custodians (HICs), include:

  • The Information and Privacy Commissioner (IPC) has been given new enforcement tools to tackle privacy breaches. The IPC can now order an administrative penalty against any individual or organization who breaches PHIPA.
  • Imposing a penalty will not prevent the IPC from being able to use any additional enforcement measures available, such as prosecution.
  • The fines for privacy offences following a successful prosecution were doubled for both individuals and organizations.
  • Persons receiving health care in Ontario now have a right to access their personal health information in an electronic format.
  • HICs and other prescribed persons providing health care to a person, can collect or use an individual’s health number, with their consent, for certain verification and linking purposes.
  • HICs must disclose requested personal health information to the Minister of Health, or other prescribed ministers, for the purpose of determining, providing, monitoring or verifying payment for health care funded wholly, or in part, by them.

Several other significant amendments were also introduced which are not yet in force (meaning, they are not legally binding or do not yet have a legal effect). The implementation date for these is unknown. The College will continue to monitor their status and report on them once in force. Examples of amendments not yet active include:

  1. HICs using electronic means to collect, use, disclose, modify, retain or dispose of personal health information will be required to maintain, audit and monitor an electronic log of which the IPC will be allowed to request.
  2. The creation of a new category of entity which will be required to comply with PHIPA - the “consumer electronic service providers.” These entities are defined as providing primarily electronic services to individuals for the purposes of allowing them to access, use, disclose, modify, maintain, or otherwise manage their personal health information records.

These amendments illustrate how PHIPA is adapting to ensure the safe and confidential collection, use and disclosure of personal health information in an era where new technologies continue to emerge.

You can learn more about PHIPA and your obligations here.

Please contact Practice with any questions at 416.214.1177/1.800.890.6570 x240 or practice@coto.org.