DDO Health Law – COVID-19

COVID-19 has the potential to affect all of us in many ways. At DDO Health Law, and our sister firm, INQ Data Law, we are gathering the lessons already learned in operating in this new environment, and will post them here. This includes on clinical matters, health services delivery (including virtual care); privacy and information management; corporate and commercial matters; governance; regulated health professions; procurement; risk management (including reputational risk); public policy and more.

The health and safety of our staff and clients is of paramount importance. In light of the pandemic, we have closed our offices in Toronto and Ottawa but continue to deliver uninterrupted services.

We are proud to have taken measures in 2019 to operate a seamless legal services experience for lawyers and clients working virtually. Last year, we moved to an agile office space that supports remote working, purchased technical tools to support a completely paperless office, and we have equipped our lawyers with resources to easily work remotely, including using video tools to stay connected. Our continued goal is to provide exceptional service.

In the meantime, here is the full text of the Emergency Management and Civil Protection Act, which applies when an emergency has been declared as is the case with COVID-19 today, March 17: https://www.ontario.ca/laws/statute/90e09#BK13.

This Act creates broad authority for emergency orders to be issued, including to compel the collection, use and disclosure of information where necessary to prevent, respond to or alleviate the effects of the emergency. Orders are in place for as long as necessary; and with limitations on intrusiveness. See s. 7.0.2(4) for a list of emergency orders that may be made by the Lieutenant Governor in Council (or if delegated, by a provincial Minister or the Commissioner of Emergency Management). See also paragraph 13 of section 7.02(4) for authority to make emergency orders compelling the collection, use or disclosure of information during a declared emergency. See sections 7.02(7)-(9) for the limits on intrusiveness of such orders – including special rules for research if information is de-identified or consent of the person is obtained.

We wish you and your families continued health and safety in these unprecedented times as we work collectively to contain COVID-19’s impact.

The FHT/FHO Relationship: Put it in Writing

The relationship between a Family Health Team (“FHT”) and a Family Health Organization (“FHO”) is often difficult to understand and to navigate.

  • In theory, FHTs and FHOs operate and provide services to shared patients harmoniously while maintaining separate streams of business (e.g., each has separate employees, separate expenditures, separate lease agreements, etc.).
  • In practice, the division between the operation of a FHT and a FHO is complicated and entangled; often the two organizations share employees, expenditures, premises, policies, equipment, supplies, and leadership (e.g., Board of Directors).

With so much overlap, a clear and proper allocation of resources and expenses between the parties can be difficult, and many FHTs and FHOs choose to operate based on a verbal agreement as opposed to reducing their expectations to writing.  The problem with verbal agreements is that they are unwritten and subject to each party’s recollection. Therefore, they lack clarity and certainty. They can change as personnel within the organizations change. And should a disagreement arise, they are worth very little in the midst of a dispute.

Why a written agreement is not only advisable but essential …

Consider implementing a written agreement as between your FHT and its affiliated FHO(s) for the following reasons:

  1. FHT Funding Agreement

Although it is not an express requirement of the FHT – Ministry of Health and Long-Term Care funding agreement (“Funding Agreement”) that the relationship between the FHT and the FHO be reduced to writing, in our opinion the expectation is that this is the case. The Funding Agreement requires:

  • FHTs to be “affiliated with” a FHO, and that each physician member of the FHO agrees to such affiliation. Without a written agreement in place, evidencing this requirement can be difficult.
  • Funds provided to the FHT via the Funding Agreement to be spent exclusively as budgeted and in carrying out the FHT’s service plan, with the implication being that such funds are not to be expended on FHO operations. A written agreement with clear mechanisms for reimbursement and division of expenditures as between the FHT and the FHO is highly recommended to evidence the FHT’s compliance with this funding requirement.
  1. Privacy Obligations

As health care providers, the FHT and the FHO are subject to privacy and security requirements under the Personal Health Information Protection Act (“PHIPA”). A source of confusion for many FHTs and FHOs is the designation of either or both as the “health information custodians” – being the party or individual who effectively “owns” the patient and the patient’s records. Unfortunately, the question usually arises following a privacy breach, and therefore, under the watchful eye of the Information and Privacy Commissioner of Ontario (“IPC”).  The IPC in its decisions has made it clear that in multi-party health care settings (such as a clinic run by a FHT and a FHO), the parties need to formally and clearly document their relationship from a privacy perspective in order to establish roles and responsibilities for each. In the unfortunate occurrence of a privacy breach, you do not want to be in a position of finger-pointing as to who is responsible for your patient’s personal health information. The IPC is unlikely to entertain any such finger pointing, and you can expect that there will be disagreement between the parties as to the terms of any purported verbal agreement.

  1. Clarity

As we have previously alluded to, clarity as between the rights and obligations of the FHT and the FHO is essential. Especially in times of conflict, the parties will need a clearly written agreement to govern their relationship and settle any disputes. A verbal agreement offers little certainty and often becomes the source of disagreement between the parties.

Next Steps

We have assisted many FHTs and FHOs in putting in place a written agreement to govern their unique relationship – from a services perspective and a privacy perspective. We would be happy to learn about your current verbal agreement and assist you in putting together a written agreement that is aligned with your legal obligations and your current practices. If you have a written agreement in place, consider whether it requires any updates in order to align it with your current practices.

If you have not turned your minds to who exactly is the health information custodian, as between the FHO, the physicians and the FHT – please call us immediately. This is dangerous and untenable: mdeiana@ddohealthlaw.com.

CASL – important developments and enforcement updates

Big news last week about CASL (Canada’s anti-spam legislation) – the right of private action, which was scheduled to come into effect on July 1st, was indefinitely delayed by an Order-in-Council issued by the Federal Government on June 7.

This is a relief for every organization, whether for-profit, non-profit, orcharitable. The right of private action was generally being met with dread – it allowed for private litigants to sue for any breach of specific sections of CASL and to claim for significant damages. Those damages included statutory damages of up to $1 million per day for violations.

Enforcement activity since 2014

However, this development doesn’t mean that CASL is toothless. Far from it. Fines under CASL are a maximum of $10 million per violation for businesses/organizations. That’s huge.

I attended an update on CASL put on by the CRTC for the Ontario Bar Association in mid-May. There has been a lot of activity around CASL enforcement since CASL came into effect 3 years ago (July 1, 2014). Here are a few tidbits that I learned about:

  • In lieu of prosecutions, the CRTC tends to pursue “undertakings” when an investigated complaint reveals an apparent violation of CASL
  • These undertakings require the offender to implement a robust compliance program
  • Undertakings are accompanied by a reparation payment (in lieu of a fine/penalty)
  • These reparation payments are substantial:
    • Porter $150K
    • Rogers $200K
    • Kellogg’s $60K
    • Blackstone $50K
    • William Rapanos (individual) $15K
    • Compu-Finder $1.1M (being contested)
  • The ability of the offender to pay is taken into account as one of the factors in determining an appropriate payment. For example, Blackstone is a small business, resulting in a significantly reduced penalty. Still, $50K is a huge amount for any small business to pay.

Deemed implied consent – 3-year grace period ends July 1

Remember, CASL requires that your organization have consent (express or in some cases implied) when sending commercial electronic messages (CEMs). (To be “commercial”, the email/text must be trying to get people to buy a product or service.)

There was a 3-year grace period in which organizations were allowed to email current and former donors, members, volunteers and those with business relationships. That grace period ends on July 1, 2017. After that, the list of individuals to whom your organization can send CEMs is limited to a 2-year ever-refreshing window – you can only email with implied consent if you have had contact with the individual (as a donor, member, volunteer or for business purposes) for 2 years from the date of that contact.

How to be CASL compliant

What also became evident is that your organization needs to have a CASL policy, undertake and update CASL training of all staff, and monitor CASL compliance. If your organization becomes the subject of a complaint/investigation about CASL, you need to demonstrate good record-keeping – i.e., keeping screenshots of subscribes to newsletter lists and emails containing express consent to receive CEMs.

The CRTC update also offered these additional bits of information:

  • Non-profits are “not bubbling to the top” of the enforcement radar, which is good news for the health sector
  • Sending a survey is not a CEM.

The CRTC’s slides were available to attendees. If anyone is interested in receiving a copy, please let me know.

DDO’s CASL Toolkit for the non-profit and charitable sectors

DDO Health law published a “CASL – Anti-Spam Toolkit” in June 2014 targeted at assisting non-profit and charitable organizations to become CASL compliant. Copies are available for purchase – please contact me if interested.

Ontario’s new Patient Ombudsman

Recently here at DDO we were discussing the role and powers of the Patient Ombudsman. The Patient Ombudsman has jurisdiction to resolve complaints about health service organizations such as public hospitals, long-term care facilities, and certain services provided by the LHINs.

The Patient Ombudsman is an office of last resort – so people having complaints must first explore resolution directly with their health service organization. When a complaint is filed, the Patient Ombudsman will ensure that no other body has jurisdiction over the complaint and, with patient consent, will try to facilitate resolution by contacting the health sector organization.

The Patient Ombudsman may investigate complaints where a facilitated resolution is unsuccessful. Health sector organizations such as hospitals and long-term care homes will be well placed to respond to inquiries from the Patient Ombudsman if their internal processes for addressing complaints are robust, thorough, and comprehensive.

For more information about the Patient Ombudsman, for help in crafting a robust complaint process, or for help in responding to an inquiry from the PO, please contact me at spalter@ddohealthlaw.com.