Volume II

Issue : 1: January 8, 2004

• Canadian Doctors May Lose Insurance Coverage for Lawsuits Related to Internet Drug Sales
• China Issues Internet Publishing Licenses for the First Time
• Draft Regulations to Ontario
• U.S. Court of Appeals Overturns Rulings of District Court in File Sharing Cases
• European Court Allows Ban on Sale of Prescription Drugs over the Internet
• Ontario Introduces Health Information Protection Act
• Blending Barbie: U.S. Copyright, Trademark and Trade Dress Law and the Net
• Nova Scotia Introduces New Regulations to Protect Online Shoppers

Home > Volume II > Issue 1: January 8, 2004 > Ontario Introduces Health Information Protection Act

Ontario Introduces Health Information Protection Act

On December 18, 2003, the Government of Ontario introduced Bill 31, the Health Information Protection Act, 2003. The Bill enacts two new Acts with respect to the protection of health information and proposes to make complementary amendments to other Acts.

As described in the Explanatory Note, Part I of the Personal Health Information Protection Act, 2003 defines health information custodians as listed persons, such as "a health care practitioner, the operator of a hospital, nursing home, pharmacy or ambulance service or the Minister of Health and Long-Term Care, who have custody or control of personal health information as a result of the work that they do or in connection with the powers or duties they perform." It is important to note that the regulations made under the Act may identify other custodians of health care information.

The Act "establishes rules concerning the collection, use and disclosure of personal health information by health information custodians and other persons." Of particular interest to such custodians of health information and regulators alike is section 12(2). This section contemplates the introduction of an original provision with respect to a custodian's breach of security involving personal health information:

2) A health information custodian that has custody or control of personal health information about an individual shall notify the individual at the first reasonable opportunity if the information is stolen, lost, or accessed by unauthorized persons.

 

Furthermore and somewhat akin to the federal Personal Information Protection and Electronic Documents Act (PIPEDA), "A health information custodian must make available to the public a statement that describes its information practices, how to contact its contact person, how an individual can obtain access to or request correction of a record of personal health information about the individual and how to make a complaint to the custodian and the Commissioner under the Act. A custodian must notify individuals of its uses and disclosures of personal health information that fall outside the scope of the custodian's description of its information practices."

On a related note, the Canadian IT Law Association (IT.CAN) recently released a guide to assist Canadian organizations in complying with the recent coming into force of PIPEDA in jurisdictions such as Ontario.

For a copy of Ontario's Bill 31, visit:
http://www.ontla.on.ca/documents/Bills/38_Parliament/Session1/b031.pdf
For a copy of the IT.CAN guide, visit:
http://www.it-can.ca/pdf/PreparingYourOrg.pdf