Question: What is Privacy?Privacy is a person's claim to determine for him/herself when, how and to what extent information about him/her is communicated. Simply put, it is the right for an individual to determine who knows what about him/her, and what they do with the knowledge.
Question: What is the Personal Health Information Protection Act?The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario's new health-specific privacy legislation which applies to health information custodians such as hospitals. PHIPA governs the manner in which personal health information may be collected, used and disclosed within the health-care system. PHIPA also confirms a patient's right to access one's own personal health information.
Question: What is Personal Health Information?Personal Health Information is "identifying information" collected about an individual. It includes information about an individual's health or health-care history in relation to:
Question: What is a health information custodian?A health information custodian is a listed individual or organization under PHIPA that, as a result of their power or duties, has custody or control of personal health information.
Examples of health information custodians include:
Question: What is the "circle of care"?The "circle of care" is not a defined term under PHIPA. It is a term of reference used to describe health information custodians and their authorized agents who are permitted to rely on an individual's implied consent when collecting, using, disclosing or handling personal health information for the purpose of providing direct health care.
In a physician's office, the circle of care includes:
In a hospital, the circle of care includes:
Question: PHIPA requires that hospitals obtain an individual's consent to collect, use and disclose his/her personal health information. How will Pembroke Regional Hospital obtain such consent?In practice, the hospital is not required to obtain an individual's written or verbal consent every time personal health information is collected, used or disclosed. PHIPA permits the hospital to assume implied consent where information is exchanged between custodians within the circle of care for the purpose of providing direct health care – unless a custodian is aware that an individual has expressly withheld or withdrawn his/her consent.
Consent may never be implied for an individual who specifies that his/her personal health information may not be collected used or disclosed.
Implied consent is also permitted if a health information custodian, such as Pembroke Regional Hospital, collects, uses or discloses names or addresses for the purposes of fundraising.
Question: What is the difference between express and implied consent?Express consent to the collection, use or disclosure of personal health information by a health information custodian is explicit and direct. It may be given verbally, in writing or by electronic means.
Implied consent permits a health-care custodian to infer from the surrounding circumstances that an individual would reasonably agree to the collection, use or disclosure of his/her personal health information.
Question: When is express consent required?In certain circumstances, express consent will always be required:
For example, a physician is not able to reasonably infer that an individual would consent to have his/her personal health information disclosed to third party, such as an insurance provider, who is considered to be outside the circle of care.
The physician would be required to obtain the express consent of the individual in order to disclose personal health information to the insurance provider.
Question: What is a breach of Privacy?Breach of privacy, confidentiality or security refers to the unauthorized access, collection, use, or disclosure of any personal information or personal health information.
Question: Are individuals permitted to access their own personal health information?With limited exceptions, PHIPA provides individuals with a general right to access their own personal health information held by a health information custodian.
Question: How long does the hospital keep my Patient Record?
Patient Records (medical record, notes, charts and other material) including slides made for microscopic examination from tissue removed from a patient on which a report has been made, other than normal blood smears, medical records and other notes, charts and other material relating to patient care are all "records of personal health information". The retention period for these records are as follows:
On completion of the retention period, these records are securely destroyed.
Question: How does an individual obtain access to his/her personal health informationAn individual may request access to his/her own personal health information by submitting a written request to the Personal Health Information Access Office 1st Floor or by calling 613-732-732-3675; Ext 6142.
Question: Can the husband/wife of a patient access their spouse's chart?No, unless he/she has been designated Substitute Decision Maker and the hospital has evidence of that.
Question: Can the hospital refuse to provide access to an individual's personal health information?The hospital is responsible to assist individuals by providing access to their health records. However, it may refuse access in limited situations only, where for example:
Question: Can an individual correct errors in his/her personal health information? How does an individual correct errors?An individual who believes that his/her personal health information is incomplete or inaccurate may request the hospital to correct his/her record. An individual seeking a correction to his/her personal health information is required to submit a written request to the hospital that must then respond within 30 days of receiving a correction request.
Question: Can the hospital refuse to correct an individual's personal health information?The hospital is obligated to correct personal health information where an individual demonstrates, to the satisfaction of the hospital, that the record is in fact inaccurate or incomplete and the individual gives the custodian the necessary information to correct the record.
However, the hospital may refuse to correct personal health information that is a professional opinion or an observation of the health-care provider.
Question: Is it a breach of privacy if physicians send Personal Health Information to OHIP for billing?No.
Question: Is it required to obtain consent from the patient to send information to the Workplace Safety & Insurance Board (WS&IB) regarding their treatment?No, under PHIPA there are disclosures that are allowed without consent, this is one of those disclosures.
Question: If I am referred to a specialist, can my health information be sent to the specialist and back to my family doctor without my consent?Your health information can be sent to the specialist, who will, in turn, send a report to your referring doctor (i.e. family doctor). It is not necessary to obtain your consent. This is good clinical practice and appropriate for optimizing continuity of care.
For access to your health record, or to request a correction, contact the Personal Health Information Access Office at:
Pembroke Regional Hospital
705 McKay Street
Pembroke Ontario
K8A 1G8
Fax: (613) 732-6343
Telephone: (613) 732-3675, extension 6142