Dialogue Volume 13 Issue 4 2017 - Page 58

PRACTICE PARTNER The new amendments to PHIPA also require health information custodians to track privacy breach statistics Mandatory Reporting to Regulatory Colleges Physicians acting as HICs, who employ, ex- tend privileges to, or are otherwise affiliated with physicians or other regulated health professionals 1 are now required to report to colleges when:  ction has been taken against a health-care A professional because of a privacy breach (e.g., where a health-care professional has been terminated, suspended, disciplined or if privileges have been restricted because of a breach); They have reason to believe the health-care professional has resigned or given up their privileges because of an investigation (or other action) into a privacy breach. Mandatory Reporting to the IPC HICs are required to notify the IPC about a privacy breach in certain circumstances. These circumstances are: Use or disclosure without authority Stolen information Further use or disclosure without authority after a breach Pattern of similar breaches Disciplinary action HICs have taken against a college member  isciplinary action against a non-college D member Significant breach (i.e., where the information is sensitive, the breach involves a large volume of information, the breach involves any individuals’ information, and/ or more than one custodian or agent was responsible for the breach). We will provide more detailed examples of the circumstances that mandate a report to the IPC in the next issue of Dialogue. Reporting to Affected Individuals HICs are required to take reasonable precau- tions to safeguard personal health informa- tion. In the event of a breach (theft or loss or unauthorized use or disclosure of personal health information) HICs are required to notify affected individuals at the first reason- able opportunity. HICs are now required to also inform the individual that they are entitled to make a complaint to the IPC. The new amendments to PHIPA also require health information custodians to track privacy breach statistics as of Janu- ary 1, 2018, and provide the IPC with an annual report of the previous calendar year’s statistics, starting in March 2019. Further guidance on these statistical reporting require- ments are expected to be released shortly. MD 1 58 The obligations also arise if the employee is a member of the Ontario College of Social Workers and Social Service Workers. DIALOGUE ISSUE 4, 2017