I’m Kate Dewhirst.

I’m a lawyer who writes about legal issues affecting healthcare in Canada

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

What’s new in health privacy – March 2017

Posted by

Trying to keep up with all that is happening in health privacy these days?  It’s busy! Here are five updates Ontario health care organizations should know:

1. IPC just notified the public about a new snooping prosecution.  A student at a family health team was fined $25,000 for a privacy breach involving 139 patients (she pled guilty to accessing records for 5 of those individuals).  It is the highest fine to date in Ontario. Read the story here.

2. IPC just released its new Code of Procedures guidelines on dealing with its office.  Nothing really you have to do.  But know that when you are dealing with the IPC – they are now following these guidelines.

3. CMPA just released three new guidance documents on important privacy issues for physicians:

4. IPC just released 4 more decisions (now up to 42).

  • Decisions 39, 40, 41deal with correction requests.  And the main take away message is that you don’t have to correct a record if the patient cannot prove it was inaccurate or incomplete (so long as the message reflects professional opinion made in good faith).  Corrections did have to be made if the patient could prove there was an error (one record had the wrong date of birth on it – but other discharge notes didn’t have to be corrected).
  • Decision 42 deals with a physician who has ceased to practice medicine and she has been ignoring requests for access to records from former patients.  The IPC says that if physicians who are custodians do not make arrangements to have their records held by someone else – they remain the custodian and HAVE TO respond to requests for access.  If a physician retires without making arrangements for their records – they are still the custodian.  If a physician dies – the estate trustee has to deal with the records.

5. We have been waiting  since June 2016 for the regulation under PHIPA to be introduced to explain what exactly has to be reported to the IPC about privacy breaches.  A proposed change to those regulations was introduced on March 10th. See here. The change to the regulations is not yet law. The draft regulation says it will come into force on July 1, 2017. The mandatory reporting rules follow what I have been advising my clients to voluntarily report to the IPC. If and when these rules become law – I will explain them in greater detail.


If you enjoyed this article please share it:


Previous and next posts from Kate:

Some of Kate’s recent and upcoming events

Team Privacy Training Events

September 17, September 24, October 16, October 24 and November 21

For Primary Care clinics, Children’s Aid and FHTs

Kate trains health professionals from many more primary care organizations how being privacy-respectful can improve therapeutic relationships. more details...

Speaking event

October 23, 2019

Osgoode Professional Development – Mental health Certificate

Kate joins the faculty for this training event. More details...

Primary care webinars: Contracts & Communications

September 5 and October 3, 2019, 12 noon

Part of Kate’s monthly webinar series.

Our September webinar is about understanding contracts you may be asked to sign, and in Octber our title is Managing incapacity in the workplace.

Full details of the 2019 webinar series and registration here.

Privacy Officer training

November 5, 11, 18, 25 & December 2, 2019

Kate is the program chair for the Osgoode Certificate in Privacy in Healthcare.

This program explores the range of privacy interests that must be protected in the day-to-day treatment of patients, the development of information systems and the creation of institutional policies.More details ...

Advanced Privacy Officer training

December 10, 2019

For experienced Privacy Officers within healthcare organisations.

This one day training course focuses on how to handle difficult privacy situations using real-life (but anonymized) case studies and role-play. Full details and registration here...

Free healthcare privacy webinar - ask me anything!

August 7 and September 4, 2019, 10-11am EST

Free webinars - advance registration needed

Whether you're an experience privacy officer or new in the field, pick Kate’s brain for free for an hour, in this live webinar. No charge, but you’ll need to register in advance.

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets

Webinar recording now available! Topics covered: - Health privacy law update - When do children make their own info… https://t.co/IN3OPtYePb

about 15 hours ago

Have you witnessed a bad situation where the organization’s response or lack of response made things worse?… https://t.co/m887F6v81U

12:00 PM Jul 15th

One of the key privacy messages every healthcare organization needs to know is a patient has a right to access thei… https://t.co/ogGXOVTf5A

12:01 PM Jul 14th

contact details

901 King Street West Suite 400 East Tower
Toronto Ontario M5V 3H5

(416) 855 9557

.