Dialogue Volume 13 Issue 3 2017 - Page 47

PRACTICE PARTNER OFFICE CONSULT The purpose of this column is to answer questions about issues that we either hear about frequently, or that have a wide applicability across the profession. If you have any questions or topic suggestions for this column, please email them to feedback@cpso.on.ca, or contact the Physician Advisory Service. Ensure Your Staff Members Understand Privacy Laws W e have written before about the consequences for physicians when it is dis- covered that they have ac- cessed the medical information of patients not in their care. But it is also critical that physicians understand that their responsi- bility for preserving patient privacy extends to the actions of their staff. Under Ontario’s health privacy laws, a health information custodian is responsible for the personal health information in its custody or control. As such, a doctor is re- sponsible for the actions of an “agent” such as a receptionist or other employee, if they misuse health information. Furthermore, the custodian may only authorize an agent to handle personal health information if it is necessary in the course of the agent’s du- ties. Staff members are only allowed to deal with personal health information to the ex- tent that their health information custodian (i.e., doctor or hospital) has authorized them to do so and only for the custodian’s purposes, not their own. “It is of significant concern to the Col- lege when physicians or their staff members access health information about patients in a manner that is not authorized,” said Dr. David Rouselle, College President, noting that several physicians have recently been before the before the College’s Discipline Committee for privacy breaches. Patients, he said, expect that their health information will be maintained in confi- dence and that access to that information is either through consent or mandated by legislation or judicial process. The Personal Health Information Protection Act (PHIPA,) makes it mandatory to report privacy breaches to the privacy commis- sioner, doubles fines for snooping and other wilful privacy breaches from $50,000 to $100,000 for individuals and $250,000 to ISSUE 3, 2017 DIALOGUE 47