Personal Health Information Protection Act (PHIPA)

The Personal Health Information Protection Act (PHIPA) has been amended earlier this year (2020). As a result we have amended our Guide and Overview documents on PHIPA to reflect these changes.

Some of the key changes are as follows:

• Health Information Custodians will be required to establish and monitor an audit log for any electronic health records to record who accesses which parts of which client’s records when, so as to prevent snooping or other privacy breaches.
• Custodians using electronic health records will have to provide patients with access to an electronic version of their records to facilitate portability of those records for clients.
• There are a number of rules for consumer electronic service providers (e.g., apps and online portals in which clients can access and store personal information about themselves). Even practitioners who do not use those apps/portals will need to become familiar with the rules about sharing, or managing requests to disclose, information with the consumer electronic service providers.
• The Commissioner has been given significant additional powers including increased access to information from custodians (e.g., access to the electronic health record audit log), the ability to impose administrative monetary penalties for non-compliance with PHIPA, and a doubling of the fines for offences under PHIPA.

The Guide also addresses some of the regulations made since the 2016 amendments to PHIPA that were enacted after its previous update. For example, it addresses the requirement to notify the Commissioner immediately of significant privacy breaches and to file an annual report with the Commissioner of all privacy breaches.

The Guide is intended for educational purposes only. Members should discuss the specific changes to their policies and procedures with their own legal counsel.

• Guide to PHIPA 2020
• Overview: What You Need to Know