The Personal Health Information Protection Act (PHIPA) was amended earlier this year. The College updated its guide and overview documents on PHIPA to reflect these changes.
Some of the key changes are as follows:
- Health Information Custodians (HICs) will be required to establish and monitor an audit log for any electronic health records. The purpose of the log is to keep track of who accesses which parts of a patient’s/client’s records and when, so as to prevent snooping or other privacy breaches.
- HICs using electronic health records will have to provide patients/clients access to an electronic version of their records to allow for portability of those records for patients/clients.
- There are a number of rules for consumer electronic service providers (e.g., apps and online portals where patients/clients can access and store personal information about themselves). Even practitioners who do not use those apps/portals will need to become familiar with the rules about sharing, or managing requests to disclose, information with the consumer electronic service providers.
- The Information and Privacy Commissioner (IPC) has been given significant additional powers, including increased access to information from HICs (e.g., access to the electronic health record audit log), the ability to impose administrative monetary penalties for non-compliance with PHIPA and a doubling of the fines for offences under PHIPA.
The updated guide also addresses some of the regulations made since the 2016 amendments to PHIPA. For example, it addresses the requirement to notify the IPC immediately of significant privacy breaches and to file an annual report with the IPC of all privacy breaches.
The guide is intended for educational purposes only. Kinesiologists should discuss the specific changes to their policies and procedures with their own legal counsel.