In continuation to our last post we will deal with the remaining disclosures herein-
11) Disclosure for research:
A health information custodian may disclose personal health information about an individual to researcher and fort that researcher need to submit an application to the custodian alongwith a research plan that meets the requirement mentioned in subsection 2 of section 44 and a copy of the decision of a research ethics board approving that research plan and then can enter into an agreement which is known as ‘Agreement Respecting Disclosure’ 44(5).
Now the question comes: what is a research Plan?
A research plan is a written plan that reflects the nature & objectives of the research and the public or scientific benefit of the research anticipated by the researcher. It must also prescribe the matters related to research giving affiliation of each person involved in the research.
The approval or research solely lies with the research ethics board and after considering the same, board must provide its decision in writing alongwith its reasons and if approval is conditional must state those conditions therein.
Compliance by researcher
A researcher must comply with the conditions set out in the decision of the research ethics board. And use the information only for the purposes as approved by the board.
12) Disclosure for planning & Management of health system:
A health information custodian may disclose personal health information to a prescribed entity for the purposes of analysis or compiling statistical information relating with the management, evaluation, monitoring, allocation of resources or planning for all or part of the health system including the delivery of services.
However this provision does not apply when the document or health information is recorded during a private counselling session or a group, joint or family counselling session.
A health information custodian may disclose the personal health information to a prescribed authority only if the entity has in place a practices and procedure to protect the privacy of the individuals and maintain the confidentiality of the information and such practice and procedure must be approved by the Commissioner. The commissioner is mandated to review the practice and procedure of each prescribed entity every third year from the date of its approval and also advise the health information custodian whether the entity continues to meet the requirement.
An entity which is not a health information custodian is authorized to collect the personal health information that a health information custodian may disclose to the entity under section 45(1). If an entity which receives personal health information under 45(1) is an extra-ministerial data integration unit under Freedom of Information and Protection of Privacy Act (FIPPA), the entity may also use the personal health information for the purposes set out in section 49 of FIPPA as if it were initially collecting the personal health information.
Picture Credit-https://www.itworldcanada.com