- Bill 78: Proposed New Requirements in Relation to Certain Shared Electronic Records of Personal Health Information
- August 5, 2013 | Authors: Bonnie Freedman; Patrick Hawkins; Barbara McIsaac
- Law Firms: Borden Ladner Gervais LLP - Toronto Office ; Borden Ladner Gervais LLP - Ottawa Office
Ontario Bill 78, the Electronic Personal Health Information Protection Act 2013, if passed, will amend the Personal Health Information Protection Act, 2004 so as to establish recordkeeping, security and privacy requirements for shared electronic health records created or maintained by a “prescribed organization” (“EHRs”). The goal of this legislation is to facilitate the sharing of electronic personal health information (“PHI”) for health care and better integration and coordination of health care.
The Bill establishes the custodianship of personal information in EHRs, defines the obligations of prescribed organizations, health information custodians that submit PHI to an EHR and those that access PHI in an EHR.
The Bill establishes a governance structure, including an advisory committee that is to make recommendations to the Minister of Health and Long-Term Care in relation to EHRs, new powers of the Information and Privacy Commissioner (“IPC”) in relation to prescribed organizations, and authority for the Ministry to require custodians and classes of custodians to submit PHI to prescribed organizations for the purposes of an EHR.
Patients would continue to be able to block PHI from being accessed by a specific healthcare provider, subject to rights to override that decision in defined circumstances including for the purpose of medication interaction warnings and eliminating or reducing a significant risk of serious bodily harm to the patient or another person. With respect to medical interaction, the Bill states that PHI “may be utilized...to provide alerts to health information custodians about potentially harmful medication interactions”.
Breaches of privacy would require notification by the prescribed entity to the health information custodian that submitted the affected PHI to the EHR and the IPC. Liability on conviction of an offense would double under the Bill to up to $100,000 for an individual and up to $500,000 for an organization.
The Bill passed first reading on May 29, 2013 and a date has not yet been set for second reading. We will continue to monitor the development of this legislation and will provide further bulletins as it progresses.
For a copy of Bill 78, please click on the following link: