Privacy of Health Information

Privacy in Saskatchewan Health Care: An Overview

Health information is one of the most sensitive forms of personal information. Health information is collected primarily for reasons connected with patient care. Health information may be used for a number of other reasons including financial reimbursement, medical education, research, social services, quality assurance, risk management, public health regulation, litigation, and commercial purposes.

Privacy is a major concern for physicians. The increased availability of patient records in electronic format has led to concerns about the potential misuse of personal information for purposes other than direct patient care. Without confidence that their privacy will be maintained, patients may refrain from disclosing critical information, may refuse to provide their consent to use personal health information for research purposes, or may simply not seek treatment.

A 1999 Canadian Medical Association (CMA) survey found that 11% of the public held back information from a health-care provider due to concerns about whom it would be shared with or what purposes it would be used for. Wrongful release of information to third parties also may result in harm to the patient. The Supreme Court of Canada has recognized that Section 7 of the Canadian Charter of Rights and Freedoms includes the right to be free of the psychological stress resulting from the unauthorized disclosure of one’s personal health information.

The Health Information Protection Act (HIPA) and the Personal Information Protection and Electronic Documents Act (PIPEDA)

HIPA was proclaimed in September 2003 and is legislation that governs the collection, use and disclosure of personal health information in the province of Saskatchewan. The Act defines and places obligations on health information “trustees,” which include government, regional health authorities, health professionals including physicians, and professional regulatory bodies. HIPA applies to personal health information in any form, including both paper and electronic records.

At the federal level, PIPEDA was enacted in its entirety on January 1, 2004 to protect personal information, which includes personal health information, for organizations in the private sector that engage in “commercial activities”. Physicians in private practice would be seen as engaging in “commercial activities”. HIPA has not however been considered to be “substantially similar” legislation and therefore does not supersede the requirements of PIPEDA.

Both HIPA and PIPEDA apply to physicians in their private practice.

Saskatchewan Medical Association (SMA) / College of Physicians and Surgeons of Saskatchewan Position on Privacy Legislation

Maintaining confidentiality is a professional responsibility of physicians, and is a central part of the doctor-patient relationship. The patient, with few exceptions, has a right of access to, and to request an amendment of, his or her personal health information, but the physician owns the medical record. Physicians designated as trustees are accountable for the personal health information they collect, use and disclose through appropriate consent and safeguards. In addition, they are accountable to take reasonable measures to protect the personal health information that is in their custody or control.

The information on this website focuses on the requirements of HIPA which, in the opinion of the SMA and the College, is more appropriate legislation for the health sector. Again, it should be noted that physicians are guided by both statutes in their private practice.

Current legislation imposes some external controls to ensure that personal health information is managed appropriately. The SMA and the CPSS recommend that all physicians familiarize themselves and their staff with their responsibilities to maintain medical records in compliance with HIPA and PIPEDA.

A Guide to Compliance with Privacy Legislation

Physicians traditionally have been cognizant of the duty to maintain patient confidentiality and to create complete and accurate medical records. New legislation imposes some external controls to ensure that personal information is managed appropriately. The College recommends that all physicians familiarize themselves and their staff with their responsibilities to maintain medical records in compliance with emerging legislation governing personal privacy and freedom of information.

The College urges all physicians to avail themselves of the excellent resources found on the Saskatchewan Medical Association website related to the physician’s role in protecting the privacy of health information.

No content found

No content found