Privacy Law and Information Management in Healthcare

The Fundamentals – Overview of the Legal and Regulatory Regimes; Understanding What Privacy Is and Why it Matters to you

Personal Health Information
• What is a record of personal health information?
• Paper records versus electronic records
• Provincial, Canadian and local shared electronic systems
• What exists now?
• What is the future of health information recordkeeping and sharing?

Privacy Principles
• Why is privacy important?
• What are the issues you care most about?
• What opportunities exist?
• What barriers exist?

The Regulatory Landscape
• What laws apply to health information privacy in Canada?
– PHIPA, PIPEDA, MFIPPA, FIPPA
• Interprovincial regulatory variation
• What is the role of the regulators such as the Information and Privacy Commissioner (IPC)?
Privacy laws in specific healthcare contexts
• Mental Health
• Public Health
• Long-term care
• Indigenous health privacy

Exercising Meaningful Privacy Rights Understanding and Managing Patient Rights

• Consent, capacity and substitute decision-making
• Consent directives
• Access to information
• Correction requests
• Duty to assist
• Bringing class actions to enforce privacy rights
• Frivolous and vexatious requests
• Impact of COVID-19

The Challenge of Navigating the System
• Patient, health care provider, organizational and IT perspective

Communicating with Patients
• What agreements are needed?
• Drafting privacy posters or website agreements
• Essential elements of an email disclaimer form
• Best practices when using email forms

A Practical Guide to Access and Correction Requests under PHIPA

Health Privacy Rights and Challenges for Racialized Communities

Administrative Enablers for Managing Privacy and Personal Information

Privacy by Design
• How can healthcare organizations proactively design for privacy compliance and maximize patient rights and choices

Privacy, data and technological supports
• Data asset identification, sensitivity classification and handling obligations
• Optimized electronic health record models
• User accountability controls
(e.g. declaration of relationship, proactive alerts)
• Surveillance Anomaly Detection Audits

Effectively Using Contracts to Share Information
• Data sharing agreements
• Electronic health record access agreements
• Agency agreements
• Health Information Network Provider agreements

Vendor Contracts
• Using privacy checklists to simplify what the agreements mean
• Tactics for vendor management
• Designing contracts so that provisions are reasonable and manageable

Creating and Drafting Policies
• What must be included?
• Plain language challenges

Reconciling Health Information Privacy and Quality Care

Privacy and Medical Research

Health and Service Delivery in an Emerging Digital Environment

Health and Service Delivery in an Emerging Digital Environment
• What are the new technological solutions supporting healthcare?
• How are medical devices and apps regulated?
• Should we be afraid of technology? Is big data and artificial intelligence a threat to individual privacy?
• How does the blockchain impact the healthcare industry?

Perspectives on Health Service Delivery
• What are the legal and hospital perspectives in an emerging digital environment?
• What can we expect to see from Ontario Health around health service delivery?
Information Security Stakeholder security perspectives: IT Security; Police
• Hacking, ransomware, phishing
• Security issues with medical devices
• Lost or stolen devices (laptops, USB keys, portable hard drives)
• Phone safety protocols and best practices

Intersection of Healthcare, the Police and the CAS

Privacy Breach Workshop
Putting what you have learned into practice, you will work through a real-life scenario and in small groups – you will:
• Identify whether or not a breach has occurred
• Develop the investigation plan
• Conduct the risk assessment
• Suggest strategies for managing the breach, including communication protocols
• Proper responses to a breach

As a group, you will then discuss what you can learn from breaches, including:
• Compliance monitoring
• System/process improvements
• Policy improvements
• Audits – how to do an audit
– Surveillance Anomaly Detection Audits vs. Investigative Audits
• Where is tech going to help re: compliance
• Consequences of breaches
– Reputation
– Social media issues

During the workshop, you will get feedback from faculty members, and be able to apply what you have learned in a supportive learning environment.

Summary of IPC Decisions
• What do these decisions tell us about the current health privacy landscape?

Understanding the Freedom of Information and Protection of Privacy Act
• A practical guide you will come back to time and again

Litigation: Cases to discuss
• Learn from the litigators who are developing new privacy case law