There are two components to the Protection of the Health Information act (established in in the year 2004) and PHIPA forms one of these two components.
There are certain set of rules that PHIPA enforces regarding the collection, use and disclosure of personal health information.
Purpose of PHIPA
- PHIPA establishes regulation regarding the collection, use and disclosure of information related to personal health. This regulation is enforced to ensure that the confidentiality, along with the privacy of the concerned individual, is protected.
- PHIPA provides individuals with the right to access information related to their personal health and amend or correct any such information.
- PHIPA provides a review that is independent and enables resolution of complaints related to personal health information complaints
Personal health information included in PHIPA
- Health records related to physical or mental health of the individual
- Health history of the family
- Identification of the individual as a health care provider
- Service plan
- Eligibility for health care plan or payments
- Donation of body parts or bodily substances
- Individual’s health number
- Identification of a substitute decision-maker for the individual
Health information custodians who need to adhere to the law
The primary purpose of PHIPA is to safeguard information which is under the responsibility of health information custodian. Under PHIPHA, a health care custodian has the following definition:
- A health care practitioner who, as an individual or as a group, practises medicine. This could include a physician, dentist, nurse or social worker. This primarily applies to any individual whose function is to provide health care in return for payment
- Organisations or individuals who provide a community health service
- Community care access centres
- Hospitals (both public and private)
- Facilities that provide psychiatric treatment
- Long-term care facilities
- Laboratory or specimen collection centre
- Services related to ambulance
- Board of health
- Ministry of Health and Long-Term Care
Agents of Health information custodians are individuals who have been given authority by the custodian to fulfil functions that is related to personal health care information. These agents might include:
- Employees working under the health care custodian
- Contractors engaged independently by the custodian
As per PHIPA compliance, the responsibility of protecting health care information rests with the health care custodians. The health care custodian or their agent can only collect, use, disclose, retain or dispose of personal health information as permitted under the PHIPA compliance.
For health information custodians who are not individuals, like hospitals, community centers and pharmacies, a designation of a contact person is important who will be responsible for PHIPA compliance. The individual’s responsibility would include proper oversight and will be accountable for policy and practices related to health information.
The idea behind PHIPA is to protect the privacy as well as confidentiality of personal health information of individuals. The compliance puts in strict limits on the custodians of the information and establishes stringent rules in order to keep this information safe.
Need help with PHIPA compliance? Book an appointment with Prowse Chowne today!