Provisions related to Electronic Health Record under PHIPA-Part 2

In continuation to our last post we will discuss the remaining provisions with respect to Electronic Health Record. The prescribed organization shall comply with the following requirements in developing and maintaining the electronic health record and they are-

  1. Limit the personal health information it receives
  2. Do not allow its employees or any other person acting on its behalf to view, handle, or deal otherwise with the personal health information it has received from health information custodians unless they comply with the restrictions
  3. Shall make available to the public and each health information custodian that provides personal health information to it, a plain language description of the electronic health record
  4. Protect against theft, loss,  and unauthorized use, disclosure or collection, copying, modification or disposal of the personal health information which is accessible by means of electronic health record
  5. Protect the integrity, security and confidentiality of the personal health information accessible by means of electronic health record
  6. Comply with all directives, guidelines and policies of the prescribed organization. 
  7. Audit and monitor the electronic records 

To know the complete compliance list please refer to 55.3 to 55.19.

Consent Directives:

Any individual may at any time make a directives that withholds or withdraws, in whole or part, the individual’s consent to the collection, use and disclosure of his/her personal health information by means of an electronic record by a health information custodian for the purposes of providing or assisting in the provision of healthcare to the individual. The directives must contain sufficient detail to enable the prescribed organization to implement the directives.   

Despite the contents of a consent directive, a health information custodian may disclose personal health information that is subject to the directive by means of the electronic health record if the custodian that is seeking to collect the information obtains the express consent of the individual to whom the information relates. 

Advisory Committee

The Minister shall establish an advisory committee for the purpose of making recommendation to the minister concerning, prescribe practices and procedures to

  1. Protect the privacy;
  2. Place for responding or facilitating a response to request made by an individual;
  3. The administrative, technical and physical safeguards should have in place to protect the privacy of the individuals;  
  4. Any other matter referred to the advisory committee by the minister;

Picture Credit- https://www.youtube.com/watch?v=tsxa2BvV6Nw