Government to Bring Hospitals Under the Freedom of Information and Protection of Privacy Act
Date: November 5, 2010
On October 20, 2010, the Ontario government introduced Bill 122, the Public Sector Accountability Act, 2010. The basic purpose of the new Act is to regulate the spending of public funds by the broader public sector in a variety of areas, including the use of lobbyists, expense accounts and procurement. These aspects of Bill 122 are summarized in the companion FTR Now, “Government Introduces Public Sector Accountability Legislation”.
One key feature of Bill 122 is that it would amend the Freedom of Information and Protection of Privacy Act (“FIPPA“) to extend its coverage to hospitals. This FTR Now will briefly review the proposed FIPPA amendments, and the impact that they might have on your organization.
OVERVIEW OF FIPPA
The Freedom of Information and Protection of Privacy Act is a dual-purpose statute that serves two main functions: (1) it establishes an access to information regime that permits individuals to seek access to recorded information under the custody and control of institutions; and (2) it protects personal information by regulating the collection, use, disclosure, accuracy, retention and destruction of personal information by institutions.
Each of these purposes creates responsibilities for institutions subject to FIPPA. For example, institutions have the obligation to assist with and respond to access requests in a timely manner. Similarly, institutions must take reasonable steps to maintain the security of personal information in their custody and control.
All institutions covered by FIPPA are subject to the oversight of the Information and Privacy Commissioner/Ontario.
HOSPITALS AS FIPPA INSTITUTIONS
When passed, Bill 122 will designate hospitals as institutions under FIPPA. This will include public hospitals, private hospitals and the University of Ottawa Heart Institute.
Much as it did when universities were brought within FIPPA in 2005, the Ontario government has recognized that hospitals have unique characteristics that require a number of changes to the usual FIPPA rules and obligations. Some of those key provisions are reviewed in the next few sections.
While FIPPA applies to most records of information in the custody and control of an institution, it contains a number of exclusions for types of records of information to which the statute does not apply (for example, most records of employment information are excluded from the application of FIPPA). Bill 122 proposes a number of new exclusions that recognize the unique situation of hospitals, including:
- an exclusion related to ecclesiastical records;
- an exclusion for records relating to the operation of a hospital foundation;
- an exclusion analogous to the employment record exclusion for professionals who hold privileges to provide services to a hospital;
- an exclusion for records related to the personal practice of a health professional who happens to practice within a hospital;
- exclusions relating to charitable donations and abortion services; and
- certain research- and teaching-related record exclusions.
In the context of an access request for recorded information covered by FIPPA, an institution must generally provide access, subject to a variety of mandatory and discretionary exemptions.
Bill 122 would amend a number of exemptions to ensure that they applied to hospitals once they are subject to FIPPA. For example, Bill 122 would extend a “closed meeting” exemption that was originally created in 2005 when universities were designated as institutions. Similarly, hospitals will be able to rely on an extended privilege exemption that would cover lawyers employed or engaged by hospitals to provide legal advice.
Bill 122 would also amend FIPPA’s use and disclosure provisions to permit hospitals to use personal information in their records for fundraising purposes (either directly by the hospital or its associated foundation), and to permit disclosure of personal information for fundraising purposes, provided that certain restrictions are met.
Under the provisions of Bill 122, FIPPA would only apply to records that came into the custody or under the control of a hospital on or after January 1, 2007. This is quite likely the first time that a category of institution has not faced full retroactivity under FIPPA or its municipal equivalent.
QUALITY OF CARE INFORMATION AND PERSONAL HEALTH INFORMATION
A corresponding amendment to the Quality of Care Information Protection Act (“QCIPA“) is being proposed that would clarify that FIPPA will not apply to quality of care information, as defined in that statute. Moreover, the inclusion of hospitals in FIPPA will not affect the regulation of personal health information, which will continue to fall under the Personal Health Information Protection Act.
As of the date that this FTR Now was published (November 5, 2010), the government has signaled its intent to fast-track Bill 122 through the legislative process by passing a “time allocation” motion, which will have the basic effect of limiting debate on the Bill and ensuring its quick passage. Committee hearings are expected during the week of November 22nd, and the Bill will likely be passed in early December. The FIPPA amendments are scheduled to come into force on January 1, 2012, giving hospitals a little over one year to prepare for the new statute.
As can be appreciated, given the breadth of FIPPA’s scope, there is a significant amount of preparatory work that must be done in order to come into compliance with FIPPA, both on the access to information side and on the privacy protection side.
Moreover, there are some questions as to the full impact of some of the proposed amendments. For example, there are questions as to whether the QCIPA amendments are sufficient to protect the full range of quality of care initiatives undertaken by hospitals, and whether an access model might have a chilling effect in this area.
Hicks Morley will be working with its hospital sector clients to assist them in their efforts to comply with FIPPA, and more information in that regard will be issued in due course. In the meantime, if you would like further information on the FIPPA amendments and their impact on your organization, please feel free to contact any of Scott Williams at 416.864.7325, Dan Michaluk at 416.864.7253, Paul Broad at 519.931.5604, or any other member of the firm’s Information and Privacy group.
The articles in this Client Update provide general information and should not be relied on as legal advice or opinion. This publication is copyrighted by Hicks Morley Hamilton Stewart Storie LLP and may not be photocopied or reproduced in any form, in whole or in part, without the express permission of Hicks Morley Hamilton Stewart Storie LLP. ©