Human Resources Legislative Update
Ontario Proposes Regulations on Interoperability Specifications that Pertain to Digital Health Assets Selected, Developed or Used by Health Information Custodians under PHIPA
Date: May 25, 2020
On May 22, 2020, Ontario’s Minister of Health (MOH) issued a notice of proposed regulation pertaining to interoperability specifications for digital health assets under the Personal Health Information Protection Act, 2004 (PHIPA). Under the proposed regulation, a “digital health asset” (DHA) means a product or service that uses electronic means to collect, use, modify, disclose, retain or dispose of personal health information (PHI) that is selected, developed or used by a health information custodian (HIC). The public is invited to provide written comments on the proposed regulation over a 60-day period, commencing on May 23, 2020 and ending on July 22, 2020.
Ontario Health to Establish Interoperability Specifications
On April 18, 2019, the Connecting Care Act, 2019 came into force and created Ontario Health. Ontario Health will oversee health care delivery, improve clinical guidance and provide support for providers to ensure better quality care for patients. Once fully established, Ontario Health is intended to, among other things, improve integration and efficiency of digital assets across Ontario’s health system.
Subject to the review and approval of the MOH, the proposed regulations give the forthcoming Ontario Health agency the ability to establish, maintain and amend “interoperability specifications.” These “interoperability specifications” apply to DHAs or to a DHA’s interaction with other DHAs that may include, but are not limited to, requirements relating to migration of data from one DHA to another, or specifications relating to privacy or security. Ontario Health will establish a process for certifying DHAs that are compliant with the interoperability specifications and a process for monitoring compliance of these specifications by HICs.
Information and Privacy Commissioner to Review Certain Specifications
Interoperability specifications that relate to (1) the content of data or a common data set for electronic data; or (2) privacy and security, must be submitted to the Information and Privacy Commissioner of Ontario (IPC) for review and to make recommendations at least 30 days prior to the MOH approving such specifications. In urgent cases, this review can be expedited to not less than 5 business days.
Compliance and Enforcement
A HIC must ensure that every DHA it selects, develops or uses complies with every applicable interoperability specification and, upon request of Ontario Health, must provide a report (that does not contain any PHI) that demonstrates compliance with the specifications. If a HIC is not in compliance with the interoperability specifications, Ontario Health is to consult with and provide advice to the HIC on how compliance can be achieved. However, if Ontario Health has reasonable grounds to believe a HIC has contravened or is about to contravene the interoperability specifications, it can complain to the IPC.
The Ontario government has recently been active in making amendments to PHIPA and proposing other regulations under PHIPA. We will continue to keep you updated on any other PHIPA developments. If you have any questions about these proposed regulations or amendments or any other information and privacy-related matter, please contact your regular Hicks Morley lawyer.
The article in this client update provides general information and should not be relied on as legal advice or opinion. This publication is copyrighted by Hicks Morley Hamilton Stewart Storie LLP and may not be photocopied or reproduced in any form, in whole or in part, without the express permission of Hicks Morley Hamilton Stewart Storie LLP. ©