I’m Kate Dewhirst.

I’m a lawyer who writes about legal issues affecting healthcare in Canada

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

What’s new in health privacy – March 2017

Posted by

Trying to keep up with all that is happening in health privacy these days?  It’s busy! Here are five updates Ontario health care organizations should know:

1. IPC just notified the public about a new snooping prosecution.  A student at a family health team was fined $25,000 for a privacy breach involving 139 patients (she pled guilty to accessing records for 5 of those individuals).  It is the highest fine to date in Ontario. Read the story here.

2. IPC just released its new Code of Procedures guidelines on dealing with its office.  Nothing really you have to do.  But know that when you are dealing with the IPC – they are now following these guidelines.

3. CMPA just released three new guidance documents on important privacy issues for physicians:

4. IPC just released 4 more decisions (now up to 42).

  • Decisions 39, 40, 41deal with correction requests.  And the main take away message is that you don’t have to correct a record if the patient cannot prove it was inaccurate or incomplete (so long as the message reflects professional opinion made in good faith).  Corrections did have to be made if the patient could prove there was an error (one record had the wrong date of birth on it – but other discharge notes didn’t have to be corrected).
  • Decision 42 deals with a physician who has ceased to practice medicine and she has been ignoring requests for access to records from former patients.  The IPC says that if physicians who are custodians do not make arrangements to have their records held by someone else – they remain the custodian and HAVE TO respond to requests for access.  If a physician retires without making arrangements for their records – they are still the custodian.  If a physician dies – the estate trustee has to deal with the records.

5. We have been waiting  since June 2016 for the regulation under PHIPA to be introduced to explain what exactly has to be reported to the IPC about privacy breaches.  A proposed change to those regulations was introduced on March 10th. See here. The change to the regulations is not yet law. The draft regulation says it will come into force on July 1, 2017. The mandatory reporting rules follow what I have been advising my clients to voluntarily report to the IPC. If and when these rules become law – I will explain them in greater detail.


If you enjoyed this article please share it:


Previous and next posts from Kate:

Some of Kate’s recent and upcoming events

Team Privacy Training Events
October 16, October 24 and November 21

For Primary Care clinics, Children’s Aid and FHTs

Kate trains health professionals from many more primary care organizations how being privacy-respectful can improve therapeutic relationships. More details...

Speaking event October 23, 2019

Osgoode Professional Development – Mental health Certificate

Kate joins the faculty for this training event. More details...

Primary care webinars: Managing Incapacity & Consent to Treatment

Part of Kate’s monthly webinar series.

Our October webinar is about managing incapacity, and the November title is Consent to Treatment.
Full details of the 2020 webinar series and registration here.

Advanced Privacy Officer training
December 10, 2019

For experienced Privacy Officers within healthcare organisations.

This one day training course focuses on how to handle difficult privacy situations using real-life (but anonymized) case studies and role-play. Full details and registration here...

Privacy Officer training
January 20 & 27 and February 3,10 & 18, 2020

Kate is the program chair for the Osgoode Certificate in Privacy in Healthcare.

This program explores the range of privacy interests that must be protected in the day-to-day treatment of patients, the development of information systems and the creation of institutional policies. More details...

Free healthcare privacy webinar - ask me anything!
October 2, November 6 and December 4

Free webinars - advance registration needed

Whether you're an experienced privacy officer or new in the field, pick Kate’s brain for free for an hour, in this live webinar. No charge, but you’ll need to register in advance.

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets

Webinar recording available! Topics covered: - Health privacy law update - When do children make their own informat… https://t.co/VSlNzPyXiy

about 22 hours ago

The main message: A doctor (or any other health information custodian) should never ignore a patient’s access reque… https://t.co/HW8mrFymnC

08:01 AM Oct 13th

What happens when someone asks for access to recordings? It depends. Here’s a story about what might happen.… https://t.co/kRnDh5IOo2

08:01 AM Oct 12th

contact details

901 King Street West Suite 400 East Tower
Toronto Ontario M5V 3H5

(416) 855 9557

.