Protecting your patients’ personal health information is an important part of your practice
It is essential that you are informed. Under the Personal Health Information Protection Act (PHIPA) and the College’s Standard of Practice, it is ultimately your responsibility to ensure that you comply with your patients’ rights to access their information.
Opticians have a legal duty to provide patients with access to their own health information
Upon request by a patient, you must grant your patient access to all of their personal health information. This includes measurements such as pupillary distance or measurements taken for contact lenses. You must comply with this request within a reasonable time frame, and definitely within 30 days. Here’s what you should know:
Personal health information is any patient information you collect
Under PHIPA, information you collect from a patient at any point in your relationship is considered personal health information. This includes a patient’s measurements such as pupillary distance and measurements taken to fit contact lenses, health insurance information, and any information the College’s Standards of Practice require you to document in a patient’s file.
Opticians are Health Information Custodians which brings important responsibilities
Finding the right eyewear for a patient usually involves collecting personal health information. In doing so, you may become a Health Information Custodian (HIC), which makes you responsible for collecting, using and disclosing personal health information on behalf of your patients. As an HIC, you are also permitted to have “agents” that work with you. Agents can be anyone authorized, on your behalf, to ensure personal health information is handled appropriately. Even if you are not the HIC at your particular dispensary, it is likely that you are acting as an agent of the HIC.
Your responsibilities as health information custodian don’t end when you leave a practice
If you leave a practice for any reason, you still have a responsibility to your patients as a Health Information Custodian or their agent to make the necessary arrangements to transfer your patients’ records to the patient directly or to another optician or optometrist. It is also your responsibility to inform your patient of the transfer with as much notice as possible.
Opticians have a duty to keep patient information safe and report any privacy breaches
Opticians must take steps to keep patients’ personal health information safe from loss, theft or unauthorized disclosure. In the event of a privacy breach, the rules are clear: an optician must report that breach as soon as reasonably possible. A report must be made to:
• Your patient
• The College of Opticians of Ontario
• The Information and Privacy Commissioner
It is crucial that this report contains as much information about the breach as possible and must be responded to in accordance with the Personal Health Information Protection Act.
To learn more information about PHIPA and the rights that you and your patients have, click here.