Time to chalk up a significant victory for the privacy of patients in Ontario. Health Minister Eric Hoskins has done the right thing by bringing in sweeping legal changes that will allow authorities to prosecute snoopers more easily and require hospitals to declare breaches of patient privacy.
These reforms, announced on Wednesday, come after months of reporting by the Star’s Olivia Carville that showed gaping holes in the rules intended to keep patients’ health information confidential.
Most strikingly, Ontario’s Personal Health Information Protection Act (PHIPA) has resulted in exactly zero successful prosecutions after more than a decade in force — even though the provincial privacy commissioner receives reports of hundreds of health-related privacy violations every year.
Now the government plans to overhaul the law to get rid of some of the biggest obstacles to enforcement.
It will do away with the six-month deadline to lay charges under the act, making it easier for investigators to gather sufficient evidence for a successful prosecution. And the maximum fine for those violating patients’ privacy will be doubled from $50,000 to $100,000.
In addition, Ontario’s hospitals will be required to report all breaches of patient privacy to regulatory colleges and the privacy commissioner. Until now, hospitals were allowed to handle violations internally, making it impossible to track the size of the problem across the province or fix breakdowns in the system.
Thousands of patients have had their privacy violated, and the introduction of electronic health records increases the risk that sensitive personal information may be accessed without proper consent. Ontario’s laws clearly aren’t strong enough to deal with the problem.
The reforms Hoskins announced this week are sensible and long overdue. All parties at Queen’s Park should support them and make sure Ontario’s privacy laws are strengthened without delay.