Ontario’s health privacy law also applies to virtual visits: new guidelines

Patients’ consent to collect personal health information via virtual care tech should be obtained

Ontario’s health privacy law also applies to virtual visits: new guidelines

Ontario’s information and privacy commissioner has issued guidelines for health information custodians to better protect patients’ privacy and security on virtual health care visits, which may entail forms of digital communication like messaging, telephone consultation, and videoconferencing.

“The timing of these guidelines is fitting, as this month Ontarians mark the anniversary of the Covid-19 pandemic, which has accelerated the adoption of virtual health care options across the province,” wrote Clancy Catelin, a lawyer at Rosen Sunshine LLP, in a blog post dated Mar. 23.

The provincial health privacy law, the Personal Health Information Protection Act, 2004, SO 2004, c 3, Sch A, applies to virtual care the same way it does to in-person care. The commissioner’s guidelines explained the key requirements in the legislation pertaining to all custodians, including those offering virtual health care, and provides practical steps to custodians to safeguard personal health information in the virtual health care context.

Ontario’s health privacy law requires that custodians not collect, use or disclose personal health information if other information can serve the purpose of the collection, use or disclosure or if the info affected is more than is reasonably necessary to meet the objective. Custodians should also take reasonable steps to safeguard personal health information against theft, loss and unauthorized use or disclosure, and ensure that records are protected against unauthorized copying, modification, and disposal and securely retained, transferred, and disposed.

If an electronic service provider is involved, the custodians and the electronic service provider face additional obligations, which will depend on whether the provider is the custodian’s agent.

As for practical steps for health information custodians, these include determining which statutory, professional, or regulatory rules govern them and understanding their obligations. The guidelines also advise custodians to conduct privacy impact assessments and develop a virtual health care policy addressing the specifics for the provision of virtual health care, identifying any conditions or restrictions in doing so and setting out the administrative, technical and physical safeguards to be implemented. These custodians should also have a robust information security management framework and ensure that their employees and agents participate in ongoing privacy and security training.

The guidelines also direct custodians to inform patients, in plain language, of the limitations and risks of virtual health care visits and to document this discussion. Custodians should acquire patients’ consent to collect, use and disclose personal health information via virtual care technologies and services and tell patients that they may withdraw consent anytime. Custodians should then implement and ensure the compliance of technical, physical, and administrative safeguards for the protection of personal health information and additional safeguards for emails while keeping in mind that this protection is an ongoing obligation.

While virtual health care delivery has the benefit of convenience, it gives rise to new privacy and security concerns and cybersecurity risks, considering that it relies on technologies, communication infrastructures, and remote environments, said the news release.

Ontario Health has designed a standard that aims to help custodians as they select a vendor of virtual visits solutions and provides the requirements for a product or service to be verified by Ontario Health.

Free newsletter

The Canadian Legal Newswire is a FREE newsletter that keeps you up to date on news and analysis about the Canadian legal scene. A separate InHouse Edition is delivered on a regular basis, providing targeted news and information of interest to in-house counsel.

Please enter your email address below to subscribe.

Recent articles & video

Ontario law schools and Mitacs partner to provide Intellectual property strategy internships

Crown's persistent non-attendance does not warrant dismissal of serious charges: court

Labour arbitrators' exclusive jurisdiction extends to human rights disputes: SCC

B.C. judge sets $60,000 fine on Whistler resident who deliberately fed bears to highlight deterrence

Alberta law society introduces changes to trust safety rules for lawyers holding client funds

Roundup of law firm hires, promotions, departures: Oct. 25, 2021 update

Most Read Articles

Cities can be sued over 'operational' decisions resulting in tort claims: SCC

What makes for a good litigation lawyer?

New amendments to B.C. securities laws could be challenged, says lawyer with Blakes

BC Supreme Court rules against employer who laid off, then fired, worker because of pandemic impact