I’m Kate Dewhirst.

I’m a lawyer who writes about legal issues affecting healthcare in Canada

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

Health Privacy Update #2 – October 2017 – 2 new decisions of the IPC

Posted by

Last week the IPC issued two new decisions for health care organizations in Ontario. The first one has practical impact on group practices like family health teams.

  1. Group practices should proactively clarify who is the health information custodian 

Decision 50 – This one will interest all family health teams and other group practices. It relates to a dispute between a physician and the other members of a group practice medical clinic.

The physician decided to leave the group practice medical clinic.  He believed he was the health information custodian over the health records of his patients and made private arrangements with the electronic medical record (eMR) service provider to extract the records of his patients from the shared eMR.  The medical clinic was taken by surprise when it discovered there were missing patient records from its eMR.  The  medical clinic believed it was the health information custodian (not the physician). This dispute went to court.  The parties entered into a “consent order” allowing the physician ongoing access to his patients’ records. The medical clinic was dissatisfied with the court process and outcome and complained to the IPC that the eMR service provider had improperly transferred some patient files to the departing physician without the clinic’s permission.

The IPC concluded it would not engage in a review and that the matter was better addressed by the courts. The IPC did comment on the fact that what most contributed to this dispute was the uncertainty over who was the health information custodian. The IPC referred to its document “How to Avoid Abandoned Records” where the IPC advised that all group practices should proactively identify the custodian for patient records in shared systems.

The IPC also recommends group practices address:

  • Arrangements for secure storage of records
  • The method of distribution of records in the event of a change in practice
  • The requirement to notify individuals in the event of a change in practice
  • Arrangements for dealing with the unforeseen departure of a custodian

With respect to the eMR service provider, the IPC stated that the agreement with the eMR service provider was vague as to who was the custodian and who should be notified of requests for patient record extraction. The take away message is that all group practices should make sure their contracts with eMR service providers clearly identify the custodian and who can authorize patient record extractions and who must be notified of such requests.

This case is not really relevant to hospitals or long-term care homes where the custodian status is never up for debate.

2. Prescribed Registry made a matching error involving two individuals with same name and date of birth

Decision 51 – An individual complained that a registry (a prescribed person under PHIPA) sent her a letter with another person’s laboratory test results.The IPC decided a review was not warranted under the circumstances.

As the back story, a mix up occurred with laboratory results relating to two individuals with the same first name and last name and date of birth. In conducting its investigation, the IPC concluded the mistake was not a labeling error by the referring physician (as first believed). Instead, it was a rare matching error (relating to computer linking logic) by the registry because one of the two individuals did not have an OHIP number that would have otherwise differentiated the two individuals. The registry sent test results to the wrong person. The IPC concluded that sending the letter to the wrong individual was an unauthorized disclosure of personal health information by the registry. But the IPC took no further action in this case. The registry was encouraged to look for opportunities to prevent this rare mistake from happening again.

Want to read all the decisions?: Here’s an updated summary of all 51 IPC PHIPA Decisions.

If you enjoyed this article please share it:

Previous and next posts from Kate:

Some of Kate’s recent and upcoming events

Team Privacy Training Events
February 12, 19, 26, 27, Mar 2, 9, 11, 24, 27

For Primary Care clinics, Hospitals, Community Agencies and Children’s Aid

Kate trains health professionals from many more health care organizations how being privacy-respectful can improve therapeutic relationships. More details...

Speaking event March 25, 2020

Osgoode Professional Development – Health Law Certificate

Kate joins the faculty for this training event. More details...

Primary care webinars: Employment Law Update & Legal Issues for EDs and Board members

Part of Kate’s monthly webinar series.

Our March webinar is on questions to ask your insurer and the April program is on changes to pregnant employees' positions.
Full details of the 2020 webinar series and registration here.

Health Privacy Officer training
April 28, 2020

For Privacy Officers within healthcare organisations.

This course focuses on how to become a more confident privacy officer and gives you the tools to document your privacy program. Full details and registration here...

Osgoode Health Privacy training
January 20 & 27 and February 3,10 & 18, 2020

Kate is the program chair for the Osgoode Certificate in Privacy in Healthcare.

This program explores the range of privacy interests that must be protected in the day-to-day treatment of patients, the development of information systems and the creation of institutional policies. More details...

Free healthcare privacy webinar - ask me anything!
March 4 (cancelled) but back April 1

Free webinars - advance registration needed

Whether you're an experienced privacy officer or new in the field, pick Kate’s brain for free for an hour, in this live webinar. No charge, but you’ll need to register in advance.

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets

[APR 2] Case Study: Changes to pregnant employees’ positions Register now - webinars on legal topics for EDs and ma… https://t.co/Rzy73pOGTd

24 minutes ago

It is vitally important that primary health care employers follow the guidelines provided by Public Health Ontario.… https://t.co/kf8CNyxYA2

08:01 AM Mar 28th

In a pandemic, pull out your Professional Staff By-laws and look for provisions dealing with temporary appointments… https://t.co/wR1Pbm6RQu

08:01 AM Mar 27th

contact details

901 King Street West Suite 400 East Tower
Toronto Ontario M5V 3H5

(416) 855 9557