Guide to the New Health Information Act
There is no information that is more in need of protection than personal health information (PHI). This is information about our bodies and minds. The health sector relies on the flow of PHI between health care providers in order to diagnose, treat, and care for Islanders.
The Health Information Act is a new law designed to protect your personal health information and ensure that it is shared and managed appropriately.
Common questions related to the Health Information Act are answered here.
What is personal health information (PHI)?
PHI is information about your:
- physical and mental health, and health care history
- family health history
- personal health number or medical record number
- right to health care benefits or participation in a health care program
- medication, devices or equipment you use
- donation of any body part of bodily substance
What does the Health Information Act do?
- it protects your privacy and the confidentiality of your PHI
- it ensures that your phi is disclosed properly
- it set out how you can access your PHI and how to request a correction to your PHI
- it ensures that records containing your PHI are managed and protected
- it allows PHI to be used for health system planning, management and administration
- it provides oversight and creates offences if someone does not comply with the Act
Who is a custodian?
A custodian is an individual or an organization, such as a health care provider or a health care facility, that collects, uses or discloses PHI for the purpose of providing health care including the:
- diagnosis, treatment or management of your physical or mental health condition
- prevention of disease or injury and the promotion of health
- dispensing or selling of a drug, medical device, etc.
What can a custodian do with my PHI?
- collect and use only the PHI necessary for providing health care
- disclose PHI to other health care providers involved in your care
- use your PHI for health system planning, management and administration
When is my consent required to collect, use or disclose my PHI?
Your consent may or may not be required depending on the circumstances:
- the collection, use or disclosure of your PHI for the provision of health care does not require a custodian to ask for your consent as it is implied
- your consent must be obtained by a custodian to collect, use or disclose your PHI for a non-health care reason (for example, to an insurance company, an employer, or another non-custodian)
- you may withdraw or withhold your consent to the collection, use or disclosure of your PHI
What are the rules a custodian must follow in relation to my PHI?
- to collect, use and disclose your PHI for health care purposes only
- to ensure that your PHI is accurate and up-to-date
- to protect your PHI from inappropriate access, use or disclosure
- to help you access your PHI and to view or receive a copy
- to respond to requests for access to PHI in a timely manner (within 30 days of your request)
- to make available the custodian’s policies and practices respecting the collection, use and disclosure of PHI
What are my rights under the Act?
- to view or receive a copy of your PHI subject to some limited exceptions
- to request a correction of your PHI if there are errors; however, you do not have the right to request that the custodian change or remove an opinion of a health care provider
- to add a statement to your PHI record if you disagree with something in you record
- to request an independent review of decisions made by a custodian
Are there fees for accessing my PHI?
- there are no fees for viewing your PHI
- there may be fees for receiving copies of your PHI
- any fees charged cannot exceed the actual costs incurred by the custodian
What can I do if I have concerns about how my PHI was collected, used or disclosed?
- discuss your concerns with the custodian of your PHI
- if you are not satisfied with the custodian’s response to your concerns you may request that the PEI Information and Privacy Commissioner review the matter
What is the role of the PEI Information and Privacy Commissioner?
The PEI Information and Privacy Commissioner has general responsibility for monitoring how custodians are meeting their obligations under the Act. The Commissioner may investigate your complaints related to the:
- inappropriate collection, use and disclosure of your PHI
- failure of a custodian to respond to your request for access to your PHI
- failure of a custodian to justify why a correction to your PHI cannot be made
- inappropriate fees being charged for your request
- time frame for responding to your request
More information on the PEI Information and Privacy Commissioner can be found at: https://www.assembly.pe.ca/