Amendments in the Personal Health Information Protection Act (PHIPA)

The sudden global pandemic shredded many major economies of the world and all the individuals focused on their physical as well as their mental health. 

When all human activities stopped completely and whether it is Charles Darwin’s theory – Survival of the fittest or the proverb that Health is Wealth appears perfect in such epidemic. 

March was the month in which every country announced lockdowns in their respective countries. 

Ontario, the fourth largest province of Canada made some amendments after looking at the pandemic situations in its Personal Health Information Protection Act (PHIPA). 

The addition which helps in creating more robust enforcement mechanisms and the regulations of using the electronic health records has been increased. 

The amendments which took an immediate effect upon its enactment and there are several other amendments which need to be proclaimed by the Governor. 

The amendments with an immediate enactment is  included and are as follows: 

  • A new enforcement regime 
  • Allowances for making the use of health information for identification and even the record linkage purposes.
  • The accurate access of personal health information records electronically. 
PHIPA-personal health information protection act

New Enforcement Regime

As per the new enforcement regime, the Information and Privacy Commissioner of Ontario may even make orders which can encourage compliance and appoints administrative penalties for its contraventions of PHIPA or its regulations. 

The amendments deliver the best possibility for around one year of imprisonment and it even doubles the maximum administrative penalty for all the offences counting around $ 200,000 for an individual and $10,00,000 for the firm at large. 

The limitation period of two years came into consideration by the commissioner which further applies to the new enforcement regime. 

Use of Health Information for Identification and Record-linkage 

Health information custodians and all the other individuals as prescribed in the regulations can even collect, use and disclose, proper consent and an individual’s Ontario Health Insurance Plan number for identification and making record-linkage purposes and even when no provincially funded healthcare gets provided.  

Right to Access Personal Health Information Records Electronically

Individuals are allowed to access their record of their personal health information in an electronic manner as has been cited in the regulation with all the described additional requirements, restrictions and even all the exceptions. 

All the major changes to PHIPA which will come into effect one day are been affirmed by the Governor includes: 

The new definition of de-identify and even the limits while making proper use of de-identified information.

It is broadly applicable to encircle consumer electronic service providers. 

The overall requirement for an audit log for accessing its personal health information which has been held electronically. 

The amendments consider all the future regulations for setting out the requirements and all the supplementary accountability with much of the practical details of all such amendments which remains unclear. 

De- Identification Standards and Limits on the Use of De-Identified Information

The definition of De-Identify will even elaborate de-identification requirements as mandated in its regulations. 

All the new limits which have been used of de-identified information will decrease the use of de-identified information to analyse an individual to health information curators and all the other narrow classes of prescribed persons. 

Consumer Electronic Service Providers

Upon the notifications, Consumer Electronic service providers help in processing the personal health information whether it is developing an app and even other consumer facing health technology companies will become directly subjective to PHIPA and with all its new amendments. 

Electronic Audit Log

Health information curators are making the use of electronic devices to collect, take into proper use, even disclose it if deemed unnecessary and even make some changes, retain the same information and even disclose the personal health information which must be maintained and monitored in an electronic audit log.  

The log must be made and must capture every instance that an electronic health record is viewed, handled, modified and even dealt in a different way. The audit must contain:

  • All the types of personal health information which is been deal in 
  • The time and date of the personal health information which is dealt
  • All the identity of the persons dealing with this information 
  • All the identity of the individuals with whom the information completely relates
  • Any of the additional information which are required to be used in all the regulations 

If the health information curators keeps into account an electronic service provider then they require the service provider to manage the electronic audit log.  

The copy of the electronic audit log must be rendered to all the commissioners upon the request. 

Concluding lines 

Change is the only constant – the proverb appears true when we observe and analyse the needs for new amendments and how they will get amended and what needs to be taken into consideration. 

All such laws will mandate and further evaluate whether all the healthcare companies in the Ontario province will ensure that they strictly mandate such rules and regulations which are for the betterment of the inhabitants.

Parth Patel

Parth Patel is a serial entrepreneur and CEO of SyS Creations which is a top PHIPA compliance consulting provider. Operating the IT Infrastructure of SMEs and startups keeps him on his toes and his passion for helping others keeps him motivated.

Leave a Reply

Your email address will not be published. Required fields are marked *