Dialogue Volume 13 Issue 4 2017 | 页面 58

PRACTICE PARTNER The new amendments to PHIPA also require health information custodians to track privacy breach statistics Mandatory Reporting to Regulatory Colleges Physicians acting as HICs, who employ, ex- tend privileges to, or are otherwise affiliated with physicians or other regulated health professionals 1 are now required to report to colleges when:  ction has been taken against a health-care A professional because of a privacy breach (e.g., where a health-care professional has been terminated, suspended, disciplined or if privileges have been restricted because of a breach); They have reason to believe the health-care professional has resigned or given up their privileges because of an investigation (or other action) into a privacy breach. Mandatory Reporting to the IPC HICs are required to notify the IPC about a privacy breach in certain circumstances. These circumstances are: Use or disclosure without authority Stolen information Further use or disclosure without authority after a breach Pattern of similar breaches Disciplinary action HICs have taken against a college member  isciplinary action against a non-college D member Significant breach (i.e., where the information is sensitive, the breach involves a large volume of information, the breach involves any individuals’ information, and/ or more than one custodian or agent was responsible for the breach). We will provide more detailed examples of the circumstances that mandate a report to the IPC in the next issue of Dialogue. Reporting to Affected Individuals HICs are required to take reasonable precau- tions to safeguard personal health informa- tion. In the event of a breach (theft or loss or unauthorized use or disclosure of personal health information) HICs are required to notify affected individuals at the first reason- able opportunity. HICs are now required to also inform the individual that they are entitled to make a complaint to the IPC. The new amendments to PHIPA also require health information custodians to track privacy breach statistics as of Janu- ary 1, 2018, and provide the IPC with an annual report of the previous calendar year’s statistics, starting in March 2019. Further guidance on these statistical reporting require- ments are expected to be released shortly. MD 1 58 The obligations also arise if the employee is a member of the Ontario College of Social Workers and Social Service Workers. DIALOGUE ISSUE 4, 2017