Dialogue Volume 13 Issue 4 2017 | Page 58

PRACTICE PARTNER
The new amendments to PHIPA also require health information
custodians to track privacy breach statistics
Mandatory Reporting to Regulatory
Colleges
Physicians acting as HICs, who employ, ex-
tend privileges to, or are otherwise affiliated
with physicians or other regulated health
professionals 1 are now required to report to
colleges when:
 ction has been taken against a health-care
A
professional because of a privacy breach
(e.g., where a health-care professional has
been terminated, suspended, disciplined or if
privileges have been restricted because of a
breach);
They have reason to believe the health-care
professional has resigned or given up their
privileges because of an investigation (or
other action) into a privacy breach.
Mandatory Reporting to the IPC
HICs are required to notify the IPC about
a privacy breach in certain circumstances.
These circumstances are:
Use or disclosure without authority
Stolen information
Further use or disclosure without authority
after a breach
Pattern of similar breaches
Disciplinary action HICs have taken against
a college member
 isciplinary action against a non-college
D
member
Significant breach (i.e., where the
information is sensitive, the breach involves
a large volume of information, the breach
involves any individuals’ information, and/
or more than one custodian or agent was
responsible for the breach).
We will provide more detailed examples of
the circumstances that mandate a report to
the IPC in the next issue of Dialogue.
Reporting to Affected Individuals
HICs are required to take reasonable precau-
tions to safeguard personal health informa-
tion.
In the event of a breach (theft or loss or
unauthorized use or disclosure of personal
health information) HICs are required to
notify affected individuals at the first reason-
able opportunity. HICs are now required
to also inform the individual that they are
entitled to make a complaint to the IPC.
The new amendments to PHIPA also
require health information custodians to
track privacy breach statistics as of Janu-
ary 1, 2018, and provide the IPC with an
annual report of the previous calendar year’s
statistics, starting in March 2019. Further
guidance on these statistical reporting require-
ments are expected to be released shortly.
MD
1
58
The obligations also arise if the employee is a member of the Ontario College of Social Workers and Social Service Workers.
DIALOGUE ISSUE 4, 2017