eBulletin July 2019 v10 n3
June 12, 2019 – Ottawa, Ontario
Online attendees of the June 2019 Barbara Wand Seminar posed several questions we were unable to address during the presentations. We are pleased to provide a summary of those questions, as well as the answers to them, below.
As always, practice advice from the College is intended as general information to guide members in making their own independent decisions. Members are encouraged to seek qualified legal advice if unsure about how to proceed appropriately in any specific situation.
Release of Information: Fees for Photocopying
May members charge clients for time spent reviewing a file to get it ready to copy?
The Personal Health Information Protection Act, 2004 (PHIPA) specifically permits such fees, so long as the fees represent “reasonable cost recovery”:
Fee for access
54 (10) A health information custodian that makes a record of personal health information or a part of it available to an individual under this Part or provides a copy of it to an individual under clause (1) (a) may charge the individual a fee for that purpose if the custodian first gives the individual an estimate of the fee.
Amount of fee
(11) The amount of the fee shall not exceed the prescribed amount or the amount of reasonable cost recovery, if no amount is prescribed.
In 2015 the Information and Privacy Commissioner of Ontario released a Decision which provided specific guidelines with respect to the fees that may be considered reasonable charges for copying records. The full Decision and Reasons may be found at: https://decisions.ipc.on.ca/ipc-cipvp/phipa/en/item/134659/index.do.
Beginning at section 59, the document contains specific details regarding the various tasks involved in providing a file copy, along with what were deemed to be reasonable expenses when the Decision was released.
Release of Information: Proprietary Test Materials
Members of the College often provide clients or collateral sources of information with assessment tools be completed off site. These are often purchased, unused copyrighted materials. Is this problematic from the College’s point of view?
So long as this would not contravene the purchase agreement with a vendor, members may use their clinical judgment to determine whether they can obtain valid and reliable information by asking or allowing respondents to complete such instruments off-site.
If the copyright of a psychological measure has expired, is the test now considered to be in the ‘public domain’ and is it permissible to photocopy and distribute the material?
Whether the test is in the ‘public domain’ is a question that would be best answered by either the test publisher or a legal professional.
If a member has confirmed that copying or distributing the material is no longer prohibited and there are no other apparent reasons to protect the material, they are free to decide whether to copy and/or distribute it.
In making such a decision, one should consider the risk of making a possibly outdated instrument available. If the test is norm-based and the norms have changed, or for any other reason the validity of the test is questionable, it may be wise to limit instrument’s circulation. Additionally, one should consider whether making the material available could compromise the integrity of a test that is still in use, a later version of it, or a similar instrument.
Release of Information: Deceased Clients
If an immediate relative or the executor of a deceased client’s estate requests personal health information about a client, may this be provided?
The answer to this question depends upon the provisions of the privacy legislation governing disclosure of that information. In many situations, the relevant statute is the Personal Health Information Protection Act, 2004 (PHIPA).
Section 23 of PHIPA states that, if the individual about whom the information relates is deceased, the deceased’s estate trustee may give, withhold or withdraw consent for the collection, use or disclosure by a health information custodian of personal health information about that person. If the estate does not have an estate trustee, the person who has assumed responsibility for the administration of the deceased’s estate may do so.
Release of Information: Online Access
What is the College’s position with respect to client access to online health records?
The College’s position on allowing access to records is the same with respect to online records as it is with respect to records kept in any other format. The Standards of Professional Conduct, 2017 require that members ensure that access to a person’s personal or personal health information is provided to an individual and/or his/her authorized representative unless prohibited by law or the member is otherwise permitted to refuse access (section 8.2).
To ensure the security of personal information maintained in electronic form, members must maintain current knowledge of the risks, and associated risk mitigation strategies, with respect to the technology used, and to apply this knowledge (section 9.1.3). Members must also make best efforts to ensure that the disclosure or transmission of information protects the privacy of the client record (section 9.6.2).
Are there any special considerations when requests for disclosure of personal health information are made from another province or country?
A health information custodian that has custody or control of personal health information in Ontario is required to comply with Ontario legislation with respect to the collection, use and disclosure of the information. Additionally, members must adhere to the Standards of Professional Conduct, 2017 in handling client information, regardless of location. If one would be required to provide the information to the client or another authorized individual in Ontario, they would also be required to provide that information to the person wherever the person is located, in as safe and secure a manner as possible.
If there is reason to believe that significant security risks exist in a jurisdiction to, or through, which the information will be transmitted, this should be taken into consideration. As discussed during the presentation, issues of security risk in cross-jurisdictional electronic transmission of information remain unresolved and this is the subject of current government consultation. We will endeavor to keep members up to date about this. In the meantime, when obtaining client consent to transmit information through, or to, another jurisdiction it is recommended that apparent risks to the security of information be discussed with the person to whom the information relates, when obtaining consent for the disclosure.