Privacy Legislation And what it means
Privacy principles reinforce the concept that personal health information belongs to the client, not the practitioner. The practitioner acts as a trustee, holding the information only for the benefit of the client.
Privacy includes:
-
knowing why the information is being collected from the client;
-
only collecting the amount of information needed to achieve that purpose;
-
collecting the information directly from the client, if possible, to achieve the purpose;
-
destroying the information as soon as it is no longer necessary;
-
not using the information for other purposes unless a new consent is obtained from the client (or as the law permits);
-
taking steps to ensure that the information is accurate before using it;
-
focusing on preventing inadvertent disclosure of the information through proper safeguards, as much as on deliberate disclosures;
-
advising clients and the public about your policies for collecting, using, safeguarding and disclosing personal information;
-
permitting clients to freely access their information and request corrections for any errors contained in it;
-
permitting clients to challenge an organization's privacy practices through a clearly defined and accessible internal complaints process and through an external review body.
ACCOUNTABILITY
Information and Privacy Commissioner
The Personal Health Information Protection Act, 2004 (PHIPA), provides detailed requirements for an external complaints system involving the Information and Privacy Commissioner of Ontario.
The Commissioner acts independently of government to uphold and protect access to information and privacy rights in Ontario.
privacy laws
The federal government enacted the
Personal Information Protection and Electronic Documents Act , 2004 (PIPEDA), which came into force on the provincial level on January 1, 2004. It applies to all organizations collecting, using or disclosing personal information while engaged in a commercial activity.
On November 1, 2004, Ontario passed the
Personal Health Information Protection Act, 2004 (PHIPA). This statute is most relevant to personal health information in Ontario and supplants the federal act, PIPEDA, for most purposes. PIPEDA is most relevant for non-health aspects of a dietitian's business (e.g. a dietitian who has a business conducting speaking tours).
Privancy and Access Code
Both the provincial act, PHIPA, and the federal act, PIPEDA, require practitioners or their employers to develop a privacy and access code describing how they collect, use and disclose personal information. Dietitians in Ontario may refer to the
Privacy of Personal Health Information Dietetic Practice Toolkit for guidance.
A Privacy and Access Code must adhere to the
10 principles that have been adopted internationally to describe privacy duties. There is flexibility in how to achieve the intent of the 10 principles. However, failing to reasonably achieve them will leave a practitioner open to investigation and sanction by either the Ontario or federal information and privacy commissioners.
Dietitians Working for Government
Dietitians who work for government (e.g. public health) may be covered by government privacy legislation. The
Freedom of Information and Protection of Privacy Act, 1990 and the
Municipal Freedom of Information and Protection of Privacy Act, 1990 are the most likely statutes to apply. These statutes generally follow the same 10 principles but with necessary modifications because they apply to government (e.g. some exceptions to the right of access apply in order to protect government policy development processes).