Data Protection Report - Norton Rose Fulbright

The Government of Ontario announced that it intends to introduce amendments to the Province’s Personal Health Information Protection Act (PHIPA) that, if passed, would strengthen privacy rules with respect to health records, make it easier to prosecute offences, and increase fines for privacy breaches.

Speaking at a press conference at Queen’s Park on Wednesday, Health Minister Dr. Eric Hoskins said the proposed changes would also include mandatory reporting of all health-related privacy breaches to Ontario’s Information and Privacy Commissioner.

The amendments would include:

  • Clarifying the authority under which health care providers may collect, use and disclose personal health information in electronic health records;
  • Increasing accountability and transparency by making it mandatory to report privacy breaches to the Information and Privacy Commissioner and, in certain cases, to relevant regulatory colleges;
  • Strengthening the process to prosecute offences under PHIPA by removing the requirement that prosecutions must be commenced within six months of the alleged privacy breach; and
  • Further discouraging “snooping” into patient records by doubling the fines for offences under PHIPA from $50,000 to $100,000 for individuals, and from $250,000 to $500,000 for organizations.

Hoskins also announced the re-introduction of the Electronic Personal Health Information Protection Act (EPHIPA), which will establish privacy and security requirements for shared electronic health records.  This legislation had died on the order paper when the provincial election was called in 2014. It is expected that the legislation will be introduced in the fall of 2015.