I’m Kate Dewhirst.

I’m a lawyer who writes about legal issues affecting healthcare in Canada

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

Whose record is it anyway?

Posted by

The right of an individual to access his or her records is essential to the exercise of other statutory and common law rights, including the right of an individual to determine for himself or herself what shall or shall not be done with his or her own body, the right of an individual to “informational self-determination” and the right of an individual to require the correction or amendment of personal health information about themselves. It is also vital in ensuring continuity of care, for example, where an individual has decided to seek health care from another health care provider.”

Order HO-009, (then) Assistant Commissioner Brian Beamish

One of the key privacy messages every healthcare organization needs to know is a patient has a right to access their own information. In Ontario, the Personal Health Information Protection Act, 2004 gives individuals the right to access their records. The law reflects the rights established in a court case back in 1992. So this is not new! McInerney v. McDonald – Supreme Court of Canada The right of access has a long and rich history.  The most important case on the topic is the case of McInerney v. McDonald which was decided in 1992 by the Supreme Court of Canada. A patient made a request to her doctor for copies of the contents of her complete medical file. The doctor delivered copies of all notes, memoranda and reports she had prepared herself but refused to produce copies of consultants’ reports and records she had received from other physicians who had previously treated the patient, stating that they were the property of those physicians and that it would be unethical for her to release them. The doctor suggested to her patient that she contact the other physicians for release of their records. But the court said …

  • In the absence of legislation, a patient is entitled, upon request, to examine and copy all information in her medical records which the physician considered in administering advice or treatment, including records prepared by other doctors that the physician may have received.
  • Access does not extend to information arising outside the doctor?patient relationship. The patient is not entitled to the records themselves.  The physical medical records of the patient belong to the physician.
  • Information about oneself revealed to a doctor acting in a professional capacity remains, in a fundamental sense, one’s own.
  • While the doctor is the owner of the actual record, the information is held in a fashion somewhat akin to a trust and is to be used by the physician for the benefit of the patient.
  • The physician?patient relationship is fiduciary in nature and certain duties arise from that special relationship of trust and confidence.
  • These include the duties of the doctor to act with utmost good faith and loyalty, to hold information received from or about a patient in confidence, and to make proper disclosure of information to the patient.
  • The doctor has an obligation to grant access to the information used in administering treatment.
  • This fiduciary duty is ultimately grounded in the nature of the patient’s interest in the medical records.
  • The confiding of the information to the physician for medical purposes gives rise to an expectation that the patient’s interest in and control of the information will continue.
  • The trust?like “beneficial interest” of the patient in the information indicates that, as a general rule, she should have a right of access to the information and that the physician should have a corresponding obligation to provide it.
  • The patient’s interest being in the information, it follows that the interest continues when that information is conveyed to another doctor who then becomes subject to the duty to afford the patient access to that information.
  • Further, since the doctor has a duty to act with utmost good faith and loyalty, it is also important that the patient have access to the records to ensure the proper functioning of the doctor?patient relationship and to protect the well?being of the patient.
  • Disclosure to the patient serves to reinforce the patient’s faith in her treatment and to enhance the trust inherent in the doctor-patient relationship.  As well, the duty of confidentiality that arises from the doctor?patient relationship is meant to encourage disclosure of information and communication between doctor and patient.  The trust reposed in the physician by the patient mandates that the flow of information operate both ways.
  • The patient’s general right of access to medical records is not absolute.  If the physician reasonably believes it is not in the patient’s best interests to inspect the medical records, the physician may consider it necessary to deny access to the information.
  • Considering the equitable base of the patient’s entitlement, when a physician refuses a request for access, the patient may apply to the court for protection against an improper exercise of the physician’s discretion.
  • The court will then exercise its superintending jurisdiction and may order access to the records in whole or in part.
  • The onus lies on the physician to justify a denial of access. Patients should have access to their medical records in all but a small number of circumstances.
  • In the ordinary case, these records should be disclosed upon the patient’s request unless there is a significant likelihood of a substantial adverse effect on her physical, mental or emotional health or harm to a third party.

The right of access to information is a founding principle of privacy. Want to read about PHIPA privacy decisions of the IPC? Click here to get my free up-to-date Summary of all the IPC’s PHIPA Decisions.

There are 4 ways to work with me when you are ready:

  1. Attend one of my free Ask Me Anything about Health Privacy webinars – the first Wednesday of every month at 10am EDT/EST
  2. Join me for my next Health Privacy Officer training and become even more confident in your role.
  3. Join me for my next Advanced Privacy Officer training – for practicing your skills.
  4. Invite me to do your team privacy training or assist you with privacy policies or privacy breach management

If you enjoyed this article please share it:


Previous and next posts from Kate:

Some of Kate’s recent and upcoming events

Team Privacy Training Events

September 17, September 24, October 16, October 24 and November 21

For Primary Care clinics, Children’s Aid and FHTs

Kate trains health professionals from many more primary care organizations how being privacy-respectful can improve therapeutic relationships. more details...

Speaking event

October 23, 2019

Osgoode Professional Development – Mental health Certificate

Kate joins the faculty for this training event. More details...

Primary care webinars: Contracts & Communications

September 5 and October 3, 2019, 12 noon

Part of Kate’s monthly webinar series.

Our September webinar is about understanding contracts you may be asked to sign, and in Octber our title is Managing incapacity in the workplace.

Full details of the 2019 webinar series and registration here.

Privacy Officer training

November 5, 11, 18, 25 & December 2, 2019

Kate is the program chair for the Osgoode Certificate in Privacy in Healthcare.

This program explores the range of privacy interests that must be protected in the day-to-day treatment of patients, the development of information systems and the creation of institutional policies.More details ...

Advanced Privacy Officer training

December 10, 2019

For experienced Privacy Officers within healthcare organisations.

This one day training course focuses on how to handle difficult privacy situations using real-life (but anonymized) case studies and role-play. Full details and registration here...

Free healthcare privacy webinar - ask me anything!

August 7 and September 4, 2019, 10-11am EST

Free webinars - advance registration needed

Whether you're an experience privacy officer or new in the field, pick Kate’s brain for free for an hour, in this live webinar. No charge, but you’ll need to register in advance.

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets

Webinar recording now available! Topics covered: - Health privacy law update - When do children make their own info… https://t.co/IN3OPtYePb

about 16 hours ago

Have you witnessed a bad situation where the organization’s response or lack of response made things worse?… https://t.co/m887F6v81U

12:00 PM Jul 15th

One of the key privacy messages every healthcare organization needs to know is a patient has a right to access thei… https://t.co/ogGXOVTf5A

12:01 PM Jul 14th

contact details

901 King Street West Suite 400 East Tower
Toronto Ontario M5V 3H5

(416) 855 9557

.