Privacy in Saskatchewan Health Care: An Overview
Health information is one of the most sensitive forms of personal
information. Health information is collected primarily for reasons
connected with patient care. Health information may be used for a number
of other reasons including financial reimbursement, medical education,
research, social services, quality assurance, risk management, public
health regulation, litigation, and commercial purposes.
Privacy is a major concern for physicians. The increased availability
of patient records in electronic format has led to concerns about the
potential misuse of personal information for purposes other than direct
patient care. Without confidence that their privacy will be maintained,
patients may refrain from disclosing critical information, may refuse to
provide their consent to use personal health information for research
purposes, or may simply not seek treatment.
A 1999 Canadian Medical Association (CMA) survey found that 11% of
the public held back information from a health-care provider due to
concerns about whom it would be shared with or what purposes it would be
used for. Wrongful release of information to third parties also may
result in harm to the patient. The Supreme Court of Canada has
recognized that Section 7 of the Canadian Charter of Rights and Freedoms
includes the right to be free of the psychological stress resulting
from the unauthorized disclosure of one’s personal health information.
The Health Information Protection Act (HIPA) and the Personal Information Protection and Electronic Documents Act (PIPEDA)
HIPA was proclaimed in September 2003 and is legislation that governs
the collection, use and disclosure of personal health information in
the province of Saskatchewan. The Act defines and places obligations on
health information “trustees,” which include government, regional health
authorities, health professionals including physicians, and
professional regulatory bodies. HIPA applies to personal health
information in any form, including both paper and electronic records.
At the federal level, PIPEDA was enacted in its entirety on January
1, 2004 to protect personal information, which includes personal health
information, for organizations in the private sector that engage in
“commercial activities”. Physicians in private practice would be seen as
engaging in “commercial activities”. HIPA has not however been
considered to be “substantially similar” legislation and therefore does
not supersede the requirements of PIPEDA.
Both HIPA and PIPEDA apply to physicians in their private practice.
Saskatchewan Medical Association (SMA) / College of Physicians and Surgeons of Saskatchewan Position on Privacy Legislation
Maintaining confidentiality is a professional responsibility of
physicians, and is a central part of the doctor-patient relationship.
The patient, with few exceptions, has a right of access to, and to
request an amendment of, his or her personal health information, but the
physician owns the medical record. Physicians designated as trustees
are accountable for the personal health information they collect, use
and disclose through appropriate consent and safeguards. In addition,
they are accountable to take reasonable measures to protect the personal
health information that is in their custody or control.
The information on this website focuses on the requirements of HIPA
which, in the opinion of the SMA and the College, is more appropriate
legislation for the health sector. Again, it should be noted that
physicians are guided by both statutes in their private practice.
Current legislation imposes some external controls to ensure that
personal health information is managed appropriately. The SMA and the
CPSS recommend that all physicians familiarize themselves and their
staff with their responsibilities to maintain medical records in
compliance with HIPA and PIPEDA.
A Guide to Compliance with Privacy Legislation
Physicians traditionally have been cognizant of the duty to maintain
patient confidentiality and to create complete and accurate medical
records. New legislation imposes some external controls to ensure that
personal information is managed appropriately. The College recommends
that all physicians familiarize themselves and their staff with their
responsibilities to maintain medical records in compliance with emerging
legislation governing personal privacy and freedom of information.
The College urges all physicians to avail themselves of the excellent resources found on the Saskatchewan Medical Association website related to the physician’s role in protecting the privacy of health information.