Encryption is just one piece of the puzzle when it comes to securing the health information of patients, Toronto health lawyer Mary Jane Dykeman tells CBC News.
The relationship between a Family Health Team (“FHT”) and a Family Health Organization (“FHO”) is often difficult to understand and to navigate.
- In theory, FHTs and FHOs operate and provide services to shared patients harmoniously while maintaining separate streams of business (e.g., each has separate employees, separate expenditures, separate lease agreements, etc.).
- In practice, the division between the operation of a FHT and a FHO is complicated and entangled; often the two organizations share employees, expenditures, premises, policies, equipment, supplies, and leadership (e.g., Board of Directors).
With so much overlap, a clear and proper allocation of resources and expenses between the parties can be difficult, and many FHTs and FHOs choose to operate based on a verbal agreement as opposed to reducing their expectations to writing. The problem with verbal agreements is that they are unwritten and subject to each party’s recollection. Therefore, they lack clarity and certainty. They can change as personnel within the organizations change. And should a disagreement arise, they are worth very little in the midst of a dispute.
Why a written agreement is not only advisable but essential …
Consider implementing a written agreement as between your FHT and its affiliated FHO(s) for the following reasons:
- FHT Funding Agreement
Although it is not an express requirement of the FHT – Ministry of Health and Long-Term Care funding agreement (“Funding Agreement”) that the relationship between the FHT and the FHO be reduced to writing, in our opinion the expectation is that this is the case. The Funding Agreement requires:
- FHTs to be “affiliated with” a FHO, and that each physician member of the FHO agrees to such affiliation. Without a written agreement in place, evidencing this requirement can be difficult.
- Funds provided to the FHT via the Funding Agreement to be spent exclusively as budgeted and in carrying out the FHT’s service plan, with the implication being that such funds are not to be expended on FHO operations. A written agreement with clear mechanisms for reimbursement and division of expenditures as between the FHT and the FHO is highly recommended to evidence the FHT’s compliance with this funding requirement.
- Privacy Obligations
As health care providers, the FHT and the FHO are subject to privacy and security requirements under the Personal Health Information Protection Act (“PHIPA”). A source of confusion for many FHTs and FHOs is the designation of either or both as the “health information custodians” – being the party or individual who effectively “owns” the patient and the patient’s records. Unfortunately, the question usually arises following a privacy breach, and therefore, under the watchful eye of the Information and Privacy Commissioner of Ontario (“IPC”). The IPC in its decisions has made it clear that in multi-party health care settings (such as a clinic run by a FHT and a FHO), the parties need to formally and clearly document their relationship from a privacy perspective in order to establish roles and responsibilities for each. In the unfortunate occurrence of a privacy breach, you do not want to be in a position of finger-pointing as to who is responsible for your patient’s personal health information. The IPC is unlikely to entertain any such finger pointing, and you can expect that there will be disagreement between the parties as to the terms of any purported verbal agreement.
As we have previously alluded to, clarity as between the rights and obligations of the FHT and the FHO is essential. Especially in times of conflict, the parties will need a clearly written agreement to govern their relationship and settle any disputes. A verbal agreement offers little certainty and often becomes the source of disagreement between the parties.
We have assisted many FHTs and FHOs in putting in place a written agreement to govern their unique relationship – from a services perspective and a privacy perspective. We would be happy to learn about your current verbal agreement and assist you in putting together a written agreement that is aligned with your legal obligations and your current practices. If you have a written agreement in place, consider whether it requires any updates in order to align it with your current practices.
If you have not turned your minds to who exactly is the health information custodian, as between the FHO, the physicians and the FHT – please call us immediately. This is dangerous and untenable: email@example.com.
Click the link below to read the AdvocateDaily article profiling DDO Health Law’s Partner, Michael Gleeson. Mike talks about the rise of telemedicine and the regulatory regimes that govern it.
Big news last week about CASL (Canada’s anti-spam legislation) – the right of private action, which was scheduled to come into effect on July 1st, was indefinitely delayed by an Order-in-Council issued by the Federal Government on June 7.
This is a relief for every organization, whether for-profit, non-profit, orcharitable. The right of private action was generally being met with dread – it allowed for private litigants to sue for any breach of specific sections of CASL and to claim for significant damages. Those damages included statutory damages of up to $1 million per day for violations.
Enforcement activity since 2014
However, this development doesn’t mean that CASL is toothless. Far from it. Fines under CASL are a maximum of $10 million per violation for businesses/organizations. That’s huge.
I attended an update on CASL put on by the CRTC for the Ontario Bar Association in mid-May. There has been a lot of activity around CASL enforcement since CASL came into effect 3 years ago (July 1, 2014). Here are a few tidbits that I learned about:
- In lieu of prosecutions, the CRTC tends to pursue “undertakings” when an investigated complaint reveals an apparent violation of CASL
- These undertakings require the offender to implement a robust compliance program
- Undertakings are accompanied by a reparation payment (in lieu of a fine/penalty)
- These reparation payments are substantial:
- Porter $150K
- Rogers $200K
- Kellogg’s $60K
- Blackstone $50K
- William Rapanos (individual) $15K
- Compu-Finder $1.1M (being contested)
- The ability of the offender to pay is taken into account as one of the factors in determining an appropriate payment. For example, Blackstone is a small business, resulting in a significantly reduced penalty. Still, $50K is a huge amount for any small business to pay.
Deemed implied consent – 3-year grace period ends July 1
Remember, CASL requires that your organization have consent (express or in some cases implied) when sending commercial electronic messages (CEMs). (To be “commercial”, the email/text must be trying to get people to buy a product or service.)
There was a 3-year grace period in which organizations were allowed to email current and former donors, members, volunteers and those with business relationships. That grace period ends on July 1, 2017. After that, the list of individuals to whom your organization can send CEMs is limited to a 2-year ever-refreshing window – you can only email with implied consent if you have had contact with the individual (as a donor, member, volunteer or for business purposes) for 2 years from the date of that contact.
How to be CASL compliant
What also became evident is that your organization needs to have a CASL policy, undertake and update CASL training of all staff, and monitor CASL compliance. If your organization becomes the subject of a complaint/investigation about CASL, you need to demonstrate good record-keeping – i.e., keeping screenshots of subscribes to newsletter lists and emails containing express consent to receive CEMs.
The CRTC update also offered these additional bits of information:
- Non-profits are “not bubbling to the top” of the enforcement radar, which is good news for the health sector
- Sending a survey is not a CEM.
The CRTC’s slides were available to attendees. If anyone is interested in receiving a copy, please let me know.
DDO’s CASL Toolkit for the non-profit and charitable sectors
DDO Health law published a “CASL – Anti-Spam Toolkit” in June 2014 targeted at assisting non-profit and charitable organizations to become CASL compliant. Copies are available for purchase – please contact me if interested.
Recently here at DDO we were discussing the role and powers of the Patient Ombudsman. The Patient Ombudsman has jurisdiction to resolve complaints about health service organizations such as public hospitals, long-term care facilities, and certain services provided by the LHINs.
The Patient Ombudsman is an office of last resort – so people having complaints must first explore resolution directly with their health service organization. When a complaint is filed, the Patient Ombudsman will ensure that no other body has jurisdiction over the complaint and, with patient consent, will try to facilitate resolution by contacting the health sector organization.
The Patient Ombudsman may investigate complaints where a facilitated resolution is unsuccessful. Health sector organizations such as hospitals and long-term care homes will be well placed to respond to inquiries from the Patient Ombudsman if their internal processes for addressing complaints are robust, thorough, and comprehensive.
For more information about the Patient Ombudsman, for help in crafting a robust complaint process, or for help in responding to an inquiry from the PO, please contact me at firstname.lastname@example.org.
Nurse practitioners (NPs) fill an important gap in our health care system. In 2007, the first Ontario NP-led clinic opened its doors in Sudbury, and dozens more are now in operation in Ontario.
On April 19, 2017, the role of NPs was expanded. Provided the NP successfully completes the required education, NPs have the authority to prescribe medical cannabis and substances that may be used for medical assistance in dying (MAID). The education must be approved by the governing council of the College of Nurses of Ontario and must be specifically designed to educate NPs to safely, effectively and ethically prescribe controlled substances.
Before prescribing can occur:
- there must be a nurse-patient relationship between the NP and the patient;
- the intended use of the substance can only be therapeutic; and
- certain information must be contained in the prescription, a copy of which must be retained as part of the patient’s health records.
To see more information, click here http://www.cno.org/en/news/2017/april-2017/nps-can-now-prescribe-controlled-substances/ or access the Nursing Act general regulation: https://www.ontario.ca/laws/regulation/940275#BK39.
Bill 84, the Medical Assistance in Dying Amendment Act, includes limited immunity for NPs who assist with MAID. NP-led clinics are also given limited immunity in relation to the delivery of MAID. Bill 84 received Royal Assent and became law on May 10th.
For advice concerning NPs in your health care organization, contact Simmie: email@example.com.