Are you in compliance?
The Personal Health Information Protection Act (PHIPA) 2004 governs the manner in which personal health information may be collected, used and disclosed within the health care system in Ontario. It also regulates individuals and organizations that receive personal information from health care professionals.
The Purpose of PHIPA:
- To require consent for the collection, use and disclosure of personal health information.
- To require that health information custodians treat all personal health information as confidential and keep it secure.
- Give a patient the right to instruct health information custodians not to share any part of his/her personal health information with other health care providers.
- Set guidelines for the use and disclosure of personal health information for research purposes.
- Ensure accountability by granting an individual the right to complain to the IPC (Information and Privacy Commissioner) about the practices of a health information custodian.
- Establish remedies for breaches of the legislation.
PHIPA noncompliance can have devastating consequences. It opens you up not only to severe fines and penalties, but also to litigation and negative publicity. Noncompliance can result in the following:
- Fine up to $50,000 for the individual
- Fine up to $250,000 for a corporation
Examples of items to shred due to PHIPA:
- Patient Medical Records
- Billing Records
- Insurance Records
- Computer Disks
- Sign-In/Registration Forms