Health information is one of the most sensitive forms of personal information. It is collected primarily for reasons connected with patient care but may be used for a number of other reasons including financial reimbursement, medical education, research, social services, quality assurance, risk management, public health regulation, litigation and commercial purposes.
Privacy is a major concern for physicians. Patients may refrain from disclosing critical information, refuse to provide their consent to use personal health information for research purposes, or may simply not seek treatment without confidence that their privacy will be maintained.
A 1999 Canadian Medical Association (CMA) survey found that 11 per cent of the public held back information from a health-care provider due to concerns about who it would be shared with or what purposes it would be used for. Wrongful release of personal health information to third parties also may result in harm to the patient. The Supreme Court of Canada has recognized that the purpose of Sections 7 and 8 of the Canadian Charter of Rights and Freedoms is to ensure personal security and to protect a reasonable expectation of privacy.
HIPA was proclaimed in September 2003 and is legislation that governs the collection, use and disclosure of personal health information in the province of Saskatchewan. The Act defines and places obligations on health information “trustees,” which include government, regional health authorities, health professionals including physicians, and professional regulatory bodies. HIPA applies to personal health information in any form, including both paper and electronic records.
At the federal level, PIPEDA was enacted in its entirety on January 1, 2004 to protect personal information, which includes personal health information, for organizations in the private sector that engage in “commercial activities”. Physicians in private practice would be seen as engaging in “commercial activities”. HIPA has not however been considered to be “substantially similar” legislation and therefore does not supersede the requirements of PIPEDA.
Both HIPA and PIPEDA apply to physicians in their private practice.
Maintaining confidentiality is a professional responsibility of physicians, and is a central part of the doctor-patient relationship. The patient, with few exceptions, has a right of access to, and to request an amendment of, his or her personal health information, but the physician owns the medical record. Physicians designated as trustees are accountable for the personal health information they collect, use and disclose through appropriate consent and safeguards. In addition, they are accountable to take reasonable measures to protect the personal health information that is in their custody or control.
The information on this website focuses on the requirements of HIPA which, in the opinion of the College of Physicians and Surgeons of Saskatchewan (CPSS) and the SMA, is more appropriate legislation for the health sector. Again, it should be noted that physicians are guided by both statutes in their private practice.
Current legislation imposes some external controls to ensure that personal health information is managed appropriately. The SMA and the CPSS recommend that all physicians familiarize themselves and their staff with their responsibilities to maintain medical records in compliance with HIPA and PIPEDA.