Personal_Health_Information_Protection_Act
Personal Health Information Protection Act
Ontario legislation established in 2004
The Personal Health Information Protection Act, also known as PHIPA, is Ontario legislation established in November 2004. PHIPA is one of two components of the Health Information Protection Act 2004.[1]
The Health Information Protection Act, also established in 2004, comprises two schedules: PHIPA (Schedule A) and the Quality of Care Information Protection Act (Schedule B).[1] The PHIPA replaced the Health Cards and Numbers Control Act (SO 1991, c 1).[2]
PHIPA provides a set of rules for the collection, use and disclosure of personal health information by a "Health Information Custodian" (HIC), and includes the following provisions:[1]
- Consent is required for the collection, use and disclosure of personal health information, with few exceptions
- HICs are required to treat all personal health information as confidential and maintain its security
- Individuals have a right to access their personal health information, as well as the right to correct errors
- Individuals have the right to instruct HICs not to share their personal health information with others
- Rules are provided for the use of personal health information for fundraising or marketing purposes
- Guidelines are set for the use and disclosure of personal health information as a secondary use such as research, quality improvement or education
- Accountability is ensured by granting an individual the right to complain if they have identified an error in their personal health information
- Remedies are established for breaches of the legislation