As health professionals, we have access to sensitive information about patients…
We have access to sensitive information, and consequently, the law requires us to protect that information. The Health Professions Act states that as regulated health professionals, opticians must follow privacy and personal information legislation. Therefore, there are two provincial legislative acts with which we must comply: HIA and PIPA. PIPA and the HIA are provincial legislation that cover both personal and health privacy concerns.
The Health Information Act…
The HIA is provincial legislation that strikes a balance between a patient’s right to privacy of their health information and the health professional’s obligation to share pertinent health information with other health professionals in the patient’s circle of care.
The HIA covers any health information a health professional has on file for a patient. For example, a health professional needs to collect and store relevant medical information and test results. Likewise, a patient needs to feel confident that their information won’t fall into the wrong hands. Consequently, the HIA privacy legislation ensures that this sensitive information will not be used, sold, or given out inappropriately.
Under HIA legislation…
- The HIA protects a patient’s health information and governs the collection, use and disclosure of that information.
- Limitations are placed upon the collection use and disclosure of information. These limitations are focused upon what is needed in order to perform the service.
- Practitioners who are managing the information are called custodians and they hold responsibility to see that even if the information is handled by others (affiliates) it is only used for the purpose that it was collected.
- Patients have the right to access a copy of their health information held by an optician, subject to specific and limited exemptions.
- Patients have the right to request a correction or amendment of their health information held by an optician.
- Patients have the right to know why their health information is being collected, used, and disclosed.
- Patients have the right to make an expressed wish regarding the disclosure of their health information.
Disclosure of Information…
Under the HIA, a patient’s pertinent health information can be disclosed to a third party. HIA legislation has regulations for both disclosure with and without consent. Except for limited circumstance, a custodian must get a patient’s consent before releasing information to a third party, such as a family member, lawyer, or insurance company. In some instances, however, disclosure may be made without consent. An optician may disclose information without patient consent:
- to another health professional, for the purpose of providing an individual with health services;
- to any person, if the optician reasonably believes that the disclosure will avert or minimize a risk of harm to the health or safety of a minor, or an imminent danger to any person;
- if authorized or required by another enactment of Alberta or Canada (e.g., the Public Health Act); or,
- to a police service if the optician reasonably believes the information relates to the possible commission of an offense under an enactment of Alberta or Canada (e.g., the Criminal Code of Canada) and the disclosure will protect the health and safety of Albertans.
The Personal Information Privacy Act…
Where the HIA is provincial legislation that protects patient health information, PIPA protects personal information. PIPA is the provincial legislation for private sector organizations, businesses, and non-profit organizations. Opticians in Alberta are subject to PIPA legislation, and the ACAO has developed policies that meet our obligations under this Act.
PIPA protects personal information and ensures that individuals have the right to access their own personal information. Opticians use PIPA for things like personal, retail and employee information.
For more information about PIPA, visit the Service Canada website: This is the description from Service Alberta
The Office of the Information and Privacy Commissioner…
The OIPC is responsible for ensuring that custodians (in our case, opticians) are meeting the requirements of the privacy legislation in Alberta. This is accomplished primarily through a complaint process. Any optician who does not adhere to privacy legislation is subject to investigation by the OIPC.
Privacy Impact Assessment…
Opticians became custodians in 2010. Since then, opticians are required to perform a Privacy Impact Assessment if they change systems for data storage, or make significant changes in how an office operates their information management. A Privacy Impact Assessment is a formalized look at the changes, working step by step through a checklist to make sure that the end result is a secure storage system and secure procedures for handling personal and health information. Although these procedures can be a little bit complicated, all of the requirements exist for legitimate reasons.
With the launching of systems like NETCARE, privacy becomes more critical. All opticians are responsible for making sure that they are up to date in their knowledge of privacy legislation.
For more information, visit the links below.
The following list contains privacy legislation documents and links to more information…
- HIA: Health Information Act
- About the Health Information Act
- HIA General Information
- HIA Forms and Model Letters
- HIA Custodian Responsibilities Checklist (For Opticians)
- HIA Guidelines and Practices Manual (For Opticians)
- PIPA: Personal Information Privacy Act
- OIPC: Office of the Information and Privacy Commissioner
- ACAO Privacy Incident Response Plan (For Opticians)
- Alberta Privacy Laws
- Alberta Access Laws