Monday, July 25, 2016 8:29 pm, Posted by Absolute Destruction
Over two months ago, the Ontario legislature passed a third reading of the Personal Health Information Protection Act (PHIPA). It resulted in amendments meant to improve the accountability and transparency of the healthcare system, including changes to the penalties for privacy breaches. Anyone working in the healthcare industry would do well by reviewing these revisions, ensuring their method of collecting, storing, and disposing of Personal Health Information (PHI) is within accordance to the amended act.
PHIPA is still a relatively young bill, having only been introduced in May of 2004. Since then, it has regulated the way healthcare workers can collect, use, disclose, and dispose of PHI. Under this bill, PHI means any data as it relates to a patient’s past, current, or future medical files. It’s an umbrella term that encompasses a considerable amount of information. PHI is deemed anything used by a healthcare worker to identify or treat a patient, including family medical histories, prescriptions, hospital records, and lab test results.
The original bill outlined clear strategies on how to collect and record PHI. Physical files should be locked in filing cabinets in rooms with restricted access, while digital records should be protected by passwords, encryption, and firewalls. Only those who have been properly trained and authorized to handle these documents should have access to the rooms and computers used to store them. Once obsolete, these records follow similarly controlled methods of disposal. In order to protect outdated and unnecessary PHI, PHIPA requires the complete and utter destruction of both physical and digital copies.
These basic features of PHIPA have not changed in the latest reading, but the minor modifications have improved the transparency of the bill in hopes of strengthening patient privacy. Firstly, it’s now mandatory for healthcare organizations to report any breaches of privacy to the Information and Privacy Commissioner. Changes also include removing time restrictions on prosecutions, eliminating the need to start prosecutions within 6 months of the breach. Perhaps the most important amendment – from healthcare professionals’ perspectives – is the increase in fines for those individuals and organizations found guilty of breaking PHIPA. Nearly doubling in amount, these penalties can range from $50,000 - $100,000 for individuals and $250,000 - $500,000 for organizations or businesses.
It would be a shame to be fined half a million dollars over something so easily preventable. Employee screening and training is a critical step in safeguarding the chain of custody and shouldn’t be overlooked. Neither should mobile shredding services. Simply by scheduling regular pickups of paper medical files and obsolete electronics, the healthcare industry can avoid disposing of PHI incorrectly, saving themselves from prosecution and hefty fines.
Our shredding services are performed by highly vetted individuals, who follow NAID-certified processes to ensure security at every stage. From collection to destruction and finally recycling, the documents and devices are properly secured until our shredding representatives can provide twin guarantees of destruction and recycling.
PHIPA applies to far more professionals than just healthcare providers like doctors and nurses. Anyone working within the industry must abide by this law, including freelance caregivers, pharmacists, lab technicians, paramedics, physiotherapists, naturopaths, and mental health care workers. That’s a huge range of professionals who need help ensuring they stay within the letter of the law. Whether you’re a self-employed massage therapist or a director of a medical laboratory, your business needs professional shredding services. Luckily for you, we service the entire healthcare industry with dependable shredding, and you need only call or send off a request form to schedule your first appointment.