PRACTICE PARTNER
OFFICE CONSULT
The purpose of this column is to answer questions about issues that we either hear about frequently, or
that have a wide applicability across the profession. If you have any questions or topic suggestions for
this column, please email them to [email protected], or contact the Physician Advisory Service.
Ensure Your
Staff Members
Understand
Privacy Laws
W
e have written before
about the consequences for
physicians when it is dis-
covered that they have ac-
cessed the medical information of patients
not in their care. But it is also critical that
physicians understand that their responsi-
bility for preserving patient privacy extends
to the actions of their staff.
Under Ontario’s health privacy laws, a
health information custodian is responsible
for the personal health information in its
custody or control. As such, a doctor is re-
sponsible for the actions of an “agent” such
as a receptionist or other employee, if they
misuse health information. Furthermore,
the custodian may only authorize an agent
to handle personal health information if it
is necessary in the course of the agent’s du-
ties. Staff members are only allowed to deal
with personal health information to the ex-
tent that their health information custodian
(i.e., doctor or hospital) has authorized
them to do so and only for the custodian’s
purposes, not their own.
“It is of significant concern to the Col-
lege when physicians or their staff members
access health information about patients in
a manner that is not authorized,” said Dr.
David Rouselle, College President, noting
that several physicians have recently been
before the before the College’s Discipline
Committee for privacy breaches.
Patients, he said, expect that their health
information will be maintained in confi-
dence and that access to that information
is either through consent or mandated by
legislation or judicial process.
The Personal Health Information Protection
Act (PHIPA,) makes it mandatory to report
privacy breaches to the privacy commis-
sioner, doubles fines for snooping and other
wilful privacy breaches from $50,000 to
$100,000 for individuals and $250,000 to
ISSUE 3, 2017 DIALOGUE
47