FIPPA vs PHIPA: Some things Ontario hospitals need to consider with respect to Bill 122

"One of the foundations underlying freedom of information is the principle that organizations that exist by virtue of public funding should be subject to public scrutiny through FOI laws... The government should also bring children’s aid societies, hospitals, and other publicly funded organizations under FOI legislation." - IPC 2005 Annual Report

On October 20, the Ontario government introduced amendments to the Broader Public Sector Accountability Act, or Bill 122, whose basic purpose is to promote a higher level of accountability in the public sector. The proposed legislation will enforce new standards for reporting and accountability for hospitals, local health integration networks, school boards, colleges, universities, and other broader public sector organizations that receive more than $10 million in public funding annually. The bill is expected to pass by November 30.

A key element of Bill 122 is that it extends the Freedom of Information and Protection of Privacy Act (FIPPA) to public and private hospitals. Unlike the Personal Health Information Protection Act (PHIPA), which regulates the access to one's personal information, under FIPPA, the general public will have a right of access to institutional records, unless they are excluded from the right of access or subject to an exemption.

Hospitals will have until January 1, 2012 to implement new procedures to meet the requirements of the new provisions, such as processing requests for access, managing complaints, and training for the staff. The new legislation will apply to all records in the custody or under the control of a hospital after January 1, 2007. Ensuring compliance with FIPPA is the responsibility of the chair of the hospital board. According to Ann Cavoukian, Information & Privacy Commissioner of Ontario, this move is absolutely necessary, as "Transparency will help build public confidence and trust in Ontario’s health care system, which is currently at an all time low."

Does FIPPA apply to email? Yes, it does. Emails messages are considered records under the Act and are subject to the same provisions, exemptions and exclusions as any other type of record. Unless an email falls into one of the exclusions outlined in the Act, this means:

• Emails containing personal information must be protected and dealt with in accordance with FIPPA.
• Emails are subject to access requests under FIPPA.
• Hospital and staff needs to be aware of the requirements of the Act.

There is no doubt that the application of FIPPA represents a significant change for Ontario hospitals. Whereas previously the only right of access to information was by individuals to their own health records under PHIPA, if the proposed legislation is enacted and it is very likely it will be, many other hospital records will be accessible to the general public. Thus, it is key for Ontario hospitals to make appropriate changes to their record keeping policies, procedures and practices so as to be able to efficiently respond to access to information requests.

Download this brief. For additional information on what hospitals need to consider with respect to email retention, we invite you to contact our Healthcare Email Risk Management experts at 866-497-0101 x230.

– Roumiana Deltcheva