Privacy Legislation
In addition to the protections reviewed above, many jurisdictions have passed statutes to the same effect.
Ontario’s protective statute, the Personal Health Information Protection Act, 2004 (PHIPA) is typical of legislation which sets out the rights of an individual with respect to the protection of confidential medical information. This statute emphasizes that a person’s consent is required before personal health information can be collected or used or disclosed. 1 In addition, even where consented to, the medical information to be used or disclosed is to be effected only to the extent reasonably necessary to serve the particular purpose. 2
This legislation establishes the mechanism for the collection, use and disclosure of personal health information by what is referred to as “health information custodians” and allows for the right of individuals to access their health records. Essentially such health information custodians, for the purpose of disability issues in the employment context, are members of regulated medical health professions. 3
Where a person agrees to the release of medical information to support, for example, a disability application, the recipient is not allowed to use this information for any other purpose. A written consent is required to access health records.
Similarly worded statutory protections are offered in Saskatchewan by the Health Information Protection Act, In New Brunswick by the Personal Health Information Privacy and Access Act, In B.C. by E-Health (Personal Health Information Access and Protection of Privacy) Act, in the Yukon by Health Information Privacy And Management Act, SY 2013, c 16, in Alberta by the Health Information Act, RSA 2000, c H-5, in Manitoba by the Personal Health Information Act, CCSM c P33.5, In Newfoundland by the Personal Health Information Act, SNL 2008, c P-7.01, in Nova Scotia by Personal Health Information Act, in NWT by the Health Information Act, SNWT 2014, c 2, and in P.E.I. by its Health Information Act.
The Federal Government enacted the Personal Information and Electronic Documents Act (“PIPEDA”) effective on January 1, 2000. It applies primarily to the collection, use and disclosure of personal information in the course of commercial activities by private sector companies and by federal works and undertakings. It regulates all such activity not only at the federal but also at the provincial level, unless the relevant province has passed its own comparable legislation.
As noted in the case below, the Ontario legislation does not deal with the records kept by an independent medical examiner, which accordingly remains governed by the federal statute.
The production of medical records in the possession of a psychiatric facility is governed by the Mental Health Act (“MHA”) 4 and also by the Personal Health Information Protection Act (“PHIPA”) since the inception of this legislation in 2004.
Should there be any conflict between these two statutes, the provisions of the MHA are to prevail. 5 Section 41(1) of the PHIPA is permissive in its reference to the disclosure of personal health information with respect to legal proceedings.
MHA sets out the procedures for the disclosure of patient records from psychiatric facilities. 6 The statute also sets out the process for the production of mental health records pursuant to a summons or similar directive in a judicial or administrative proceeding.
The wordings of these subsections make it mandatory for the officer in charge of the psychiatric facility to disclose patient records which are relevant or potentially relevant to issues in a hearing pursuant to a summons or court order. 7
The patient’s consent is required when they are mentally capable, or with the consent of the patient’s substitute decision-maker where the patient is not mentally capable, or in the event of a proceeding not before a court, where the Divisional Court may determine that such disclosure is in the interests of justice.