Since the federal Personal Information Protection and Electronic Documents Act (PIPEDA) doesn’t pertain to health information, Ontario’s Personal Health and Information Protection Act (PHIPA) was enacted in 2004 to address this issue. It governs the use and disclosure of personal health information (PHI) within the health sector.
Here, we discuss the real-world effect PHIPA has on patient privacy, and how health information custodians can get help with compliance.
The Purpose of PHIPA
As you would expect, the primary aim of PHIPA is to keep PHI confidential and secure. According to the law, all persons and organizations providing healthcare-related services are designated as health information custodians, including:
- Health care practitioners
- Registered social workers and social services providers
- Community health service providers
- Unregistered health care practitioners
- Community care access centres
- Most health care facilities, including public hospitals, long-term care facilities, ambulance services, laboratories, and community health centres
Health information custodians such as these are required to treat all personal health information as confidential and maintain its security. The Information and Privacy Commissioner (IPC) of Ontario is responsible for ensuring that health information custodians are upholding their PHIPA-mandated responsibilities.
Storage of Medical Records
Medical record theft is big business worldwide. According to the World Privacy Forum, a medical record has a value of $50 on the black market, versus a mere to $1 value for a financial record. This is because a stolen medical record can be used for medical identity theft, billing fraud and the illegal sale of prescription drugs. As a result, health care custodians must take extra precautions to protect PHI from theft, loss, unauthorized use, or unintended disclosure.
A commercial records centre offers the ideal facility for safeguarding medical records per PHIPA requirements, because it is strictly controlled and monitored with the following systems:
- Entry access control
- Perimeter alarms
- Motion sensors
- Security video monitoring and recording
- Strict chain of custody procedures
Each medical record is barcoded to enable location tracking throughout its retention lifecycle. Patient file requests and retrievals are strictly limited to individuals designated by the health care custodian. To ensure patient privacy, each file is delivered from the records centre to the requestor by trained records management professionals who maintain an unbroken chain of custody.
Final Disposition of Health Care Information
PHIPA also requires health care custodians to destroy expired PHI in a secure manner that prevents it from being reconstructed. Fortunately, with a NAID AAA Certified shredding and destruction service, health care custodians can be sure that all PHI in their custody is destroyed in compliance with this requirement.
NAID AAA Certified shredding and destruction companies must adhere to strict security regulations and standards. Secure shred collection containers must be used to ensure all customer information remains secure until destroyed. Strict chain of custody protocols must be followed to guarantee the secure transfer, handling and transportation of sensitive documents and files at all times. NAID AAA Certification also requires that all paper must be shredded using:
- Cross-cut shredding equipment that reduces paper records to a 5/8” width particle size or less
- A mixing process that combines shredded material with thousands of pounds of other shredded material for complete obscurity
Following these technical requirements guarantees that patient privacy is maintained.
If you’re a health care custodian, it pays to familiarize yourself with PHIPA requirements for protecting patient privacy and partner with a locally-owned records and information management company that’s also NAID AAA Certified for paper shredding.
FileBank Records Centre offers PHIPA-compliant records storage and document shredding services to health care custodians throughout Canada. For more information about our services, please contact us by phone or complete the form on this page.