If you are not confident about your organization’s PHIPA compliance, practices or the knowledge of the staff around their obligations, the time to address this is now – not after a privacy breach!
Although the Personal Health Information Protection Act, 2004 (PHIPA) has been in force for years, the standards for what safeguards for personal health information (PHI) records would be considered “reasonable in the circumstances”, and best practices around PHIPA compliance, are still developing. Lessons can be (and must be) learned from each high profile privacy breach, and with each such breach and publication or order from the Information and Privacy Commissioner/Ontario, comes greater expectations on health information custodians to safeguard clients’ or patients’ PHI.
If your organization suffers a privacy breach or receives a complaint under PHIPA, your immediate response is crucial. While a breach may not be preventable, the harm to your organizational credibility that results from a critical order can be. But only by getting the right advice at the outset, and through effective management of the breach – including particularly the notification of clients and, where appropriate, the Commissioner. When a breach or complaint occurs, your first call should be to your health privacy counsel.
Since the implementation of PHIPA, we have assisted hundreds of professionals and organizations to meet their obligations under PHIPA, through privacy impact assessments, compliance audits, and workshops for staff who deal with PHI records. Call on us to assist you in implementing a “culture of privacy”, and place you in the best position possible to respond to a complaint or privacy breach.