On May 5, 2016, the Health Information Protection Act, 2016 (HIPA) passed third reading in the Ontario legislature. The Act will make a number of amendments to the Personal Health Information Protection Act, 2004 (PHIPA) and the Regulated Health Professions Act, 1991, amongst others. The Act has not yet been proclaimed.
The following changes contained in the HIPA will be of significance for those who handle personal health information:
- Mandatory privacy breach reporting to the Information and Privacy Commissioner and, in certain circumstances, to relevant regulatory colleges;
- Removing the requirement under PHIPA that prosecutions must be commenced within six months of when the alleged offence occurred, which allows for a broader range of liability;
- Doubling the maximum fines for privacy offences from $50,000 to $100,000 for individuals and from $250,000 to $500,000 for organizations.
Details about the HIPA and the Ontario government’s efforts to improve privacy protections with respect to personal health information is available at https://news.ontario.ca/mohltc/en/2016/05/protecting-patient-privacy-1.html