Ontario’s health privacy law also applies to virtual visits: new guidelines

Patients’ consent to collect personal health information via virtual care tech should be obtained

Ontario’s health privacy law also applies to virtual visits: new guidelines

Ontario’s information and privacy commissioner has issued guidelines for health information custodians to better protect patients’ privacy and security on virtual health care visits, which may entail forms of digital communication like messaging, telephone consultation, and videoconferencing.

“The timing of these guidelines is fitting, as this month Ontarians mark the anniversary of the Covid-19 pandemic, which has accelerated the adoption of virtual health care options across the province,” wrote Clancy Catelin, a lawyer at Rosen Sunshine LLP, in a blog post dated Mar. 23.

The provincial health privacy law, the Personal Health Information Protection Act, 2004, SO 2004, c 3, Sch A, applies to virtual care the same way it does to in-person care. The commissioner’s guidelines explained the key requirements in the legislation pertaining to all custodians, including those offering virtual health care, and provides practical steps to custodians to safeguard personal health information in the virtual health care context.

Ontario’s health privacy law requires that custodians not collect, use or disclose personal health information if other information can serve the purpose of the collection, use or disclosure or if the info affected is more than is reasonably necessary to meet the objective. Custodians should also take reasonable steps to safeguard personal health information against theft, loss and unauthorized use or disclosure, and ensure that records are protected against unauthorized copying, modification, and disposal and securely retained, transferred, and disposed.

If an electronic service provider is involved, the custodians and the electronic service provider face additional obligations, which will depend on whether the provider is the custodian’s agent.

As for practical steps for health information custodians, these include determining which statutory, professional, or regulatory rules govern them and understanding their obligations. The guidelines also advise custodians to conduct privacy impact assessments and develop a virtual health care policy addressing the specifics for the provision of virtual health care, identifying any conditions or restrictions in doing so and setting out the administrative, technical and physical safeguards to be implemented. These custodians should also have a robust information security management framework and ensure that their employees and agents participate in ongoing privacy and security training.

The guidelines also direct custodians to inform patients, in plain language, of the limitations and risks of virtual health care visits and to document this discussion. Custodians should acquire patients’ consent to collect, use and disclose personal health information via virtual care technologies and services and tell patients that they may withdraw consent anytime. Custodians should then implement and ensure the compliance of technical, physical, and administrative safeguards for the protection of personal health information and additional safeguards for emails while keeping in mind that this protection is an ongoing obligation.

While virtual health care delivery has the benefit of convenience, it gives rise to new privacy and security concerns and cybersecurity risks, considering that it relies on technologies, communication infrastructures, and remote environments, said the news release.

Ontario Health has designed a standard that aims to help custodians as they select a vendor of virtual visits solutions and provides the requirements for a product or service to be verified by Ontario Health.

Free newsletter

The Canadian Legal Newswire is a FREE newsletter that keeps you up to date on news and analysis about the Canadian legal scene. A separate InHouse Edition is delivered on a regular basis, providing targeted news and information of interest to in-house counsel.

Please enter your email address below to subscribe.

Recent articles & video

A tale of two masks in court: Ontario and Quebec judges rule for and against maskless speaking

Breaking barriers with next level A.I.-powered translations

Employers remain optimistic about Canada as an immigration destination

Carve-out M&A transactions need preparation, special attention for best success: Stikeman lawyers

Last call for nominations: Top 25 Most Influential Lawyers of 2021

Investment Industry Regulatory Organization of Canada implements early resolution offers

Most Read Articles

New dating app launched to help lawyers connect with people who understand the grind

How litigation is driving the corporate focus on environmental, social and governance (ESG) matters

A tale of two masks in court: Ontario and Quebec judges rule for and against maskless speaking

Tips for female litigators from a leader in the field