Last month, the Ontario provincial government introduced new legislation aimed at protecting patient privacy. The Health Information Protection Act will amend the existing legislation that governs the protection of the personal health information of patients in Ontario.
According to the official Ontario Government website, the new legislation will include: mandatory reporting of privacy breaches to the Information and Privacy Commissioner, reporting to any and all relevant regulatory colleges, fortifying the current prosecutory process by removing the six month statute of limitations that is currently in place, and doubling the maximum fines for offences from $50,000 to $100,000 for individuals and from $250,000 to $500,000 for organizations.
The recent high profile security breach of former mayor and current city councilor Rob Ford brought the issue of patient privacy breaches to the mainstream. Fordâ€™s medical records were accessed four times illegally and without his consent while he was hospitalized at three different health centers in Toronto during a cancer diagnosis and subsequent treatments. The persistent breaches forced the Ontario Privacy Commissioner to demand the prosecution of those involved. In July, three hospital workers were charged with accessing Fordâ€™s records without permission.
If these workers are found guilty and convicted, it will be the first conviction of a patient privacy breach in Ontario history. Because they were charged before the new legislation could be implemented, each defendant faces a maximum fine of $50,000 dollars for their actions.
Earlier this year, the Toronto Star launched an investigative series into the Personal Health Information Protection Act (PHIPA).Â Their findings were startling. â€œWillful, intentional and disturbing breaches of patient information have been noticeably increasing over the last few years, with privacy commissioners from across the country raising red flags and calling for legislation changes to tighten health privacy laws,â€ wrote Toronto Starâ€™s Olivia Carville.
Former Ontario Privacy Commissioner Ann Cavoukian praised officials for prosecuting the Ford breach suspects and complimented the provinceâ€™s shift toward transparency.
â€œThe fact that this happened on more than one occasion to the former mayor means it absolutely should result in prosecution,â€Cavoukian said to the Star.Â â€œI applaud the commissioner in bringing forward this recommendation for prosecution.â€
Torontoâ€™s Andrew Matthews, a health and security tech entrepreneur, says the new legislation introduced by the province in September is an important step forward. â€œPatient information is the holy grail of sensitive information. It is critical that it is protected to the full extent of the law,â€ Andrew Matthews said. â€œThis legislation is a step in the right direction.â€
Matthews points out that with the rise of healthcare apps and mobile medical services, it is important to get the right safeguards in place. â€œWe are moving into a hyper digital age, where more and more sensitive data will be shared over the internet via cloud technology,â€ Andrew Matthews explained. â€œIf we donâ€™t have the right laws and governance in place, that data is highly susceptible to theft and breaches.â€
While the new legislation is a great measure, it can only work if it is enforced. â€œI hope we see more prosecution of data breaches,â€ Andrew Matthews of Toronto said. â€œSeeing people getting hit with $100,000 dollar fines will be a deterrent to others who think stealing data is profitable.â€
When you are in the midst of a medical crisis, you arenâ€™t thinking about privacy breaches – nor should you be.Â The new legislation aims to offer peace of mind when you visit the doctor. â€œOntarians need to know when checking into a hospital or visiting their local physician that their information and medical records will remain private,â€ said Sault Ste. Marie MPP David Orazietti in a press release.
The new legislation is expected to pass with little to no opposition.