In our last article we started discussing about the practices that are must to protect the personal health information and we also were discussing about the electronic audit log which was added later on by 2020 amendment, we partially discussed about the electronic audit log now under section 10.1(4) it is mandated that electronic audit log must include –
- Every instances in which a record or part of a record of personal health information that is accessible by electronic means is viewed, handled, modified,
- or dealt otherwise dealt with;
- The type of information that was viewed, handled, modified, or otherwise dealt with;
- The date and time on which the information was was viewed, handled, modified, or otherwise dealt with;
- The identity of all persons who viewed, handled, modified, or otherwise dealt with the personal health information;
- The identity of the individual to whom the personal health information relates and
- Any other information that may be prescribed
Now there are following indicated methods provided under PHIPA which provides practices such as Accuracy, steps to ensure collection, limits on use of de-identified information, security.
1) Accuracy (S.11)
Section 11 of the act makes it mandatory that a health information custodian that uses personal health information about an individual must take all reasonable steps to ensure that the information is as accurate, complete and up-to-date as is necessary for the purposes for which it uses the information.
A health information custodian that discloses personal health information about an individual shall take-
- all reasonable steps to ensure that the information is as accurate, complete and up-to-date as is necessary for the purposes of disclosure that are known to the custodian at the time of of the disclosure or
- Clearly sets out for the recipient of the disclosure the limitations, if any, on the accuracy, completeness or up-to-date character of the information
2) Steps to ensure collection (11.1)
The provisions of PHIPA are clear about it that a health information custodian shall take reasonable steps in the circumstances to ensure that personal health information is not collected without authority.
To Be Continued………………………..
Picture Credit-https://www.veryfi.com/phipa/