You are only seeing posts authors requested be public.
Register and Login to participate in discussions with colleagues.
Don’t FIPPA your PIPA without knowing this when it comes to personal health information.
Public
Vancouver, BC – May 3, 2010
When it comes to the privacy of personal health information everyone in British Columbia needs to know how FIPPA (also known as FOIPPA) is different from PIPA, and the same may apply in other jurisdictions across Canada and elsewhere.
This is of particular importance when information is shared between your doctor's private office and a hospital or clinic operated by the Health Authority which is a public body.
In BC, three different legislative Acts govern the privacy and protection of individual personal health information. There are some very important differences in how these work and the results they have that should be known to all doctors, health providers and patients/clients.
BC Health Privacy Acts include:
- The “Freedom of Information and Privacy Protection Act” (FIPPA or FOIPPA), which came into effect in 1993, applies to public bodies. This includes Health Authorities and the hospitals and clinics they operate and other BC Government Ministries that deliver health and social services.
- The “Personal Information and Protection Act” (PIPA) that applies to the private sector including doctors offices.
- Bill 24, the “E-Health (Personal Information Access and Protection of Privacy) Act” enacted in early 2008. This law allows the Minister of Health to designate certain health care databases as "health information banks".
What is Personal Information?
“Personal information” is information about an individual who can be identified by the information itself, or in combination with other information available in the particular circumstances.
Personal information is not only information that you might expect to be private, like health information, PINs or workplace reviews. It is any information that allows you to be identified, except business contact information.
In terms of consent, there are three types – express, deemed or implied.
In the Doctors Office.
When a patient sees a doctor a record of the visit is made whether on paper or on computer and possibly consisting of different parts; the medical chart and billing records.
Patient information provided to the doctor is with the understanding of confidentiality and the doctor is responsible for assuring that confidentiality is maintained regardless of how the information is stored and formatted, whether it is paper or electronic.
The Personal Information Protection Act (PIPA) applies to private doctors office in BC and sets out how private organizations may collect, use, disclose and secure personal information.
In particular, the individual’s consent is required for the sharing of that information. A common example would be when a patient is referred to a specialist; information would be communicated between the referring and consulting physician’s offices. This may be through implied consent rather than express consent, but nonetheless consent is required.
In a Hospital or Clinic operated by the Health Authority.
What happens when your doctor shares information with a hospital or a clinic operated by the Health Authority?
The Health Authority is a public body and as such PIPA does not apply, but instead The “Freedom of Information and Privacy Protection Act” (FIPPA or FOIPPA) applies.
How is this different?
Under FIPPA, while patients need to be notified their information is collected, no consent is needed for the use or access to this information as long as it is "consistent with the initial purpose". This can be used to allow “role-based” access to personal information that hasn’t been well defined and other more broad use of the personal information all of which will be more significant with electronic health records (EHR).
This means that while information access is supposed to be somewhat restricted, it may not be. Patients and physicians need to be aware of this when working with the health authority.
This may sound reasonable, but we do not know for certain who will access the information. Everyone should be aware of this, doctors and their patients, so the patient has a full understanding of the potential access to their information under these circumstances, as the information will no longer be under direct control of the doctor.
FIPPA also permits personal information to be used or disclosed for certain additional purposes that are extremely broad and include purposes related to the payments made to a public body, licensing and regulatory purposes, law enforcement purposes or for any purpose authorized by law.
Unlike PIPA, in FIPPA there is no requirement that the collection, use and disclosure must be for purposes that are reasonable and appropriate in the circumstances.
Furthermore, because FIPPA states that personal information may be used for any purpose authorized by law, the government can do just about anything with personal information once they have collected it, simply by passing a law to give it the necessary authority.
Bill 24, the E-Health Act of BC
The BC Government enacted Bill 24, the E-Health (Personal Information Access and Protection of Privacy) Act in early 2008 allowing the Minister of Health to designate certain health care databases as "health information banks".
The information in the health information bank can be shared and used by various health care providers and administrators for purposes ranging from providing health care to managing the health care system. Individual consent is not required, and there is no requirement for individuals to be told that their health information has been put into a health information bank.
The law gives individuals limited rights to restrict who can see and use their personal health information and limited rights of access to their health information held in a health information database.
Z. Essak, MD
Web links (resources):
SGP-BC Critical Issues:
http://www.sgp.bc.ca/download.php?section=news&id=233&PHPSESSID=7dffb975...
BC Freedom of Information and Privacy Association
http://fipa.bc.ca/home/
http://fipa.bc.ca/rights/
BC Civil Liberties website
http://www.bccla.org/ehealth.html
BC Office of the Information and Privacy Commissioner
http://www.oipc.bc.ca/sector_public/public_info/privacy_rights.htm
http://www.oipc.bc.ca/sector_private/public_info/privacy_rights.htm
BC Physician Privacy Toolkit, 2nd Ed Jun 15, 2009 (97 pages)
https://www.cpsbc.ca/files/u6/BC_Physician_Privacy_Toolkit_2009_update_F...
Practice Tool for Exercising Discretion
http://www.georgebrown.ca/diversity/documents/emergFOIstudent.pdf
eHealth Information Laboratory
http://ehealthinformation.ca/
Bill 24, E-Health Act (2008)
http://www.leg.bc.ca/38th4th/1st_read/gov24-1.htm
http://www.llbc.leg.bc.ca/public/pubdocs/bcdocs/437692/f08-34731_abbott_...
http://www.canada.com/vancouversun/news/story.html?id=b16e1348-01a4-41c7...
http://www.michaelgeist.ca/content/view/2833/196/
BC Civil Liberties, selected resources:
Governments and Your Privacy Rights
http://www.bccla.org/privacy/privacy2-12.html
Federal and Provincial Privacy Protection – Private Sector
http://www.bccla.org/privacy/privacy1-2a.html
The Common Law
http://www.bccla.org/privacy/privacy1-5.html
Privacy Laws and Health Care
http://www.bccla.org/privacy/privacy8-1.html
What Are Your Personal Health Information Rights in BC?
http://www.bccla.org/privacy/privacy8-2.html
2010-03-15 BC Civil Liberties Association submission to Review of FOIPPA
http://www.bccla.org/othercontent/10Review_of_FOIPPA.pdf
See page 3. E-health and beyond.
2009 Podcast - Michael Vonn on Privacy Issues with Healthcare Databases
http://rabble.ca/podcasts/shows/redeye/2009/04/healthcare-databases-and-...
Or read “Database Nation and Health Privacy”
http://www.bccla.org/othercontent/09database_nation.pdf
Biometrics
http://www.bccla.org/privacy/privacy5-13.html
The End.