I’m Kate Dewhirst.

I’m a lawyer who writes about legal issues affecting healthcare in Canada

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

Health Privacy Update #2 – October 2017 – 2 new decisions of the IPC

Posted by

Last week the IPC issued two new decisions for health care organizations in Ontario. The first one has practical impact on group practices like family health teams.

  1. Group practices should proactively clarify who is the health information custodian 

Decision 50 – This one will interest all family health teams and other group practices. It relates to a dispute between a physician and the other members of a group practice medical clinic.

The physician decided to leave the group practice medical clinic.  He believed he was the health information custodian over the health records of his patients and made private arrangements with the electronic medical record (eMR) service provider to extract the records of his patients from the shared eMR.  The medical clinic was taken by surprise when it discovered there were missing patient records from its eMR.  The  medical clinic believed it was the health information custodian (not the physician). This dispute went to court.  The parties entered into a “consent order” allowing the physician ongoing access to his patients’ records. The medical clinic was dissatisfied with the court process and outcome and complained to the IPC that the eMR service provider had improperly transferred some patient files to the departing physician without the clinic’s permission.

The IPC concluded it would not engage in a review and that the matter was better addressed by the courts. The IPC did comment on the fact that what most contributed to this dispute was the uncertainty over who was the health information custodian. The IPC referred to its document “How to Avoid Abandoned Records” where the IPC advised that all group practices should proactively identify the custodian for patient records in shared systems.

The IPC also recommends group practices address:

  • Arrangements for secure storage of records
  • The method of distribution of records in the event of a change in practice
  • The requirement to notify individuals in the event of a change in practice
  • Arrangements for dealing with the unforeseen departure of a custodian

With respect to the eMR service provider, the IPC stated that the agreement with the eMR service provider was vague as to who was the custodian and who should be notified of requests for patient record extraction. The take away message is that all group practices should make sure their contracts with eMR service providers clearly identify the custodian and who can authorize patient record extractions and who must be notified of such requests.

This case is not really relevant to hospitals or long-term care homes where the custodian status is never up for debate.

2. Prescribed Registry made a matching error involving two individuals with same name and date of birth

Decision 51 – An individual complained that a registry (a prescribed person under PHIPA) sent her a letter with another person’s laboratory test results.The IPC decided a review was not warranted under the circumstances.

As the back story, a mix up occurred with laboratory results relating to two individuals with the same first name and last name and date of birth. In conducting its investigation, the IPC concluded the mistake was not a labeling error by the referring physician (as first believed). Instead, it was a rare matching error (relating to computer linking logic) by the registry because one of the two individuals did not have an OHIP number that would have otherwise differentiated the two individuals. The registry sent test results to the wrong person. The IPC concluded that sending the letter to the wrong individual was an unauthorized disclosure of personal health information by the registry. But the IPC took no further action in this case. The registry was encouraged to look for opportunities to prevent this rare mistake from happening again.

Want to read all the decisions?: Here’s an updated summary of all 51 IPC PHIPA Decisions.


If you enjoyed this article please share it:


Previous and next posts from Kate:

Some of Kate’s Upcoming events

Team Privacy Training Events

April 19, May 17, June 13

For Primary Care clinics and FHTs

Kate trains health professionals from another three primary care organizations how being privacy-respectful can improve therapeutic relationships. more details...

Where immigration and health law issues collide

April 25, 2018

Presentation to invited Community Health Centre clients

In collaboration with immigration lawyer Jacqueline Swaisland.

2018 Privacy Officer Training

May 8 to June 12, 2018

16 hours live and online training

for Privacy Officers and Privacy Officers-to-be. Live sessions held in Toronto. details and booking...

De-escalation training

May 16, 2018

Training session for a Toronto Family Health Team

In conjunction with leadership coach Christine Burych.

Ask me anything (about health privacy)

12 noon, May 23, 2018

An hour webinar with Kate where you can ask Kate any privacy-related questions you have.

Open to all health Privacy Officers. Register here.

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets

A recent Canadian study published in the JAMA found that hospitals have a serious issue when it comes to throwing a… https://t.co/PVINxywro8

about 9 hours ago

What do #FamilyHealth teams need to know about #SocialMedia and the #Law? https://t.co/xRqEcF6d5Y #healthprivacy #FHTs #HealthLaw #employee

about 21 hours ago

[MAY 23] Register now for my “Ask Me Anything” webinar! Do you have privacy questions you want to ask me? This is y… https://t.co/R0bvs5h6JK

02:01 PM Apr 24th

contact details

901 King Street West Suite 400 East Tower
Toronto Ontario M5V 3H5

(416) 855 9557