I’m Kate Dewhirst.

My team and I write about legal issues affecting healthcare in Canada.

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

Whose record is it anyway?

Posted by

The right of an individual to access his or her records is essential to the exercise of other statutory and common law rights, including the right of an individual to determine for himself or herself what shall or shall not be done with his or her own body, the right of an individual to “informational self-determination” and the right of an individual to require the correction or amendment of personal health information about themselves. It is also vital in ensuring continuity of care, for example, where an individual has decided to seek health care from another health care provider.”

Order HO-009, (then) Assistant Commissioner Brian Beamish

One of the key privacy messages every healthcare organization needs to know is a patient has a right to access their own information. In Ontario, the Personal Health Information Protection Act, 2004 gives individuals the right to access their records. The law reflects the rights established in a court case back in 1992. So this is not new! McInerney v. McDonald – Supreme Court of Canada The right of access has a long and rich history.  The most important case on the topic is the case of McInerney v. McDonald which was decided in 1992 by the Supreme Court of Canada. A patient made a request to her doctor for copies of the contents of her complete medical file. The doctor delivered copies of all notes, memoranda and reports she had prepared herself but refused to produce copies of consultants’ reports and records she had received from other physicians who had previously treated the patient, stating that they were the property of those physicians and that it would be unethical for her to release them. The doctor suggested to her patient that she contact the other physicians for release of their records. But the court said …

  • In the absence of legislation, a patient is entitled, upon request, to examine and copy all information in her medical records which the physician considered in administering advice or treatment, including records prepared by other doctors that the physician may have received.
  • Access does not extend to information arising outside the doctor?patient relationship. The patient is not entitled to the records themselves.  The physical medical records of the patient belong to the physician.
  • Information about oneself revealed to a doctor acting in a professional capacity remains, in a fundamental sense, one’s own.
  • While the doctor is the owner of the actual record, the information is held in a fashion somewhat akin to a trust and is to be used by the physician for the benefit of the patient.
  • The physician?patient relationship is fiduciary in nature and certain duties arise from that special relationship of trust and confidence.
  • These include the duties of the doctor to act with utmost good faith and loyalty, to hold information received from or about a patient in confidence, and to make proper disclosure of information to the patient.
  • The doctor has an obligation to grant access to the information used in administering treatment.
  • This fiduciary duty is ultimately grounded in the nature of the patient’s interest in the medical records.
  • The confiding of the information to the physician for medical purposes gives rise to an expectation that the patient’s interest in and control of the information will continue.
  • The trust?like “beneficial interest” of the patient in the information indicates that, as a general rule, she should have a right of access to the information and that the physician should have a corresponding obligation to provide it.
  • The patient’s interest being in the information, it follows that the interest continues when that information is conveyed to another doctor who then becomes subject to the duty to afford the patient access to that information.
  • Further, since the doctor has a duty to act with utmost good faith and loyalty, it is also important that the patient have access to the records to ensure the proper functioning of the doctor?patient relationship and to protect the well?being of the patient.
  • Disclosure to the patient serves to reinforce the patient’s faith in her treatment and to enhance the trust inherent in the doctor-patient relationship.  As well, the duty of confidentiality that arises from the doctor?patient relationship is meant to encourage disclosure of information and communication between doctor and patient.  The trust reposed in the physician by the patient mandates that the flow of information operate both ways.
  • The patient’s general right of access to medical records is not absolute.  If the physician reasonably believes it is not in the patient’s best interests to inspect the medical records, the physician may consider it necessary to deny access to the information.
  • Considering the equitable base of the patient’s entitlement, when a physician refuses a request for access, the patient may apply to the court for protection against an improper exercise of the physician’s discretion.
  • The court will then exercise its superintending jurisdiction and may order access to the records in whole or in part.
  • The onus lies on the physician to justify a denial of access. Patients should have access to their medical records in all but a small number of circumstances.
  • In the ordinary case, these records should be disclosed upon the patient’s request unless there is a significant likelihood of a substantial adverse effect on her physical, mental or emotional health or harm to a third party.

The right of access to information is a founding principle of privacy. Want to read about PHIPA privacy decisions of the IPC? Click here to get my free up-to-date Summary of all the IPC’s PHIPA Decisions.

There are 4 ways to work with me when you are ready:

  1. Attend one of my free Ask Me Anything about Health Privacy webinars – the first Wednesday of every month at 10am EDT/EST
  2. Join me for my next Health Privacy Officer training and become even more confident in your role.
  3. Join me for my next Advanced Privacy Officer training – for practicing your skills.
  4. Invite me to do your team privacy training or assist you with privacy policies or privacy breach management

If you enjoyed this article please share it:


Previous and next posts from Kate:

Some of Kate’s recent and upcoming events

Free healthcare privacy webinar - ask me anything!
the first Wednesday of every month

Free webinars - advance registration needed

Whether you're an experienced privacy officer or new in the field, pick Kate’s brain for free for an hour, in this live webinar. No charge, but you’ll need to register in advance.

Primary care webinars: Employment Law Update & Legal Issues for EDs and Board members

Part of Kate’s monthly webinar series.

Our 2025 program is now live.
Full details of the 2025 webinar series and registration here.

Mental Health webinars: Legal issues for mental health and addictions agencies and teams
Annual membership 2025

For managers and other leaders from mental health and addictions agencies, hospitals, CMHAs, CHCs, school boards, FHTs and Indigenous health services

This is an annual membership program with monthly webinars.
Full details and registration here.

Health Privacy Officer Foundations training
starts Spring 2025

For Privacy Officers within healthcare organizations.

This course focuses on how to become a more confident privacy officer and gives you the tools to document your privacy program. Full details and registration here...

Join the Shush: a collective of health privacy officers
Annual membership 2025

For Privacy Officers within healthcare organizations

This is an annual membership program that takes theory into practice and tackles real life scenarios to build Privacy Officer skills.
Full details and registration here.

Team Privacy Training Events

For Primary Care clinics, Hospitals, Community Agencies, Mental Health Teams, Public Health Units, School Boards, Police departments

Scheduled to your team's needs for comprehensive or refresher training More details...

Free summary of all PHIPA IPC decisions

Want to read privacy breach stories to learn how to improve your work? We have summarized all the Information and Privacy Commissioner's health privacy decisions for you Download here...

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets

  • Our twitter feed is unavailable right now. Follow us on Twitter
  • contact details

    P.O. Box 13024, RPO Bradford Centre
    Bradford, ON, L3Z 2Y5

    (416) 855 9557

    .