STANDING COMMITTEE ON GENERAL GOVERNMENT

COMITÉ PERMANENT DES AFFAIRES GOUVERNEMENTALES

Monday 26 January 2004 Lundi 26 janvier 2004

SUBCOMMITTEE REPORT

HEALTH INFORMATION
PROTECTION ACT, 2003
LOI DE 2003 SUR LA PROTECTION
DES RENSEIGNEMENTS SUR LA SANTÉ

UNIVERSITY HEALTH NETWORK

THE ANGLICAN, EVANGELICAL LUTHERAN AND ROMAN CATHOLIC CHURCHES IN ONTARIO

CENTRE FOR ADDICTION
AND MENTAL HEALTH

INSTITUTE FOR CLINICAL
EVALUATIVE SCIENCES

CANADIAN MENTAL HEALTH ASSOCIATION,
ONTARIO DIVISION

COLLEGE OF MEDICAL RADIATION TECHNOLOGISTS OF ONTARIO

ONTARIO MEDICAL ASSOCIATION

ONTARIO COLLEGE
OF SOCIAL WORKERS
AND SOCIAL SERVICE WORKERS

ROYAL COLLEGE
OF DENTAL SURGEONS OF ONTARIO

COLLEGE OF MEDICAL LABORATORY TECHNOLOGISTS OF ONTARIO


The committee met at 1001 in room 151.

SUBCOMMITTEE REPORT

The Vice-Chair (Mr Vic Dhillon): Good morning, everybody. I'd like to welcome all of you on this snowy Monday morning. The first order of business is the report of the subcommittee on committee business. Will someone please move the subcommittee report.

Mrs Linda Jeffrey (Brampton Centre): The subcommittee considered the method of proceeding on Bill 31, An Act to enact and amend various Acts with respect to the protection of health information, and recommends the following. There are 14 parts to it.

1. That the committee meet for the purpose of public hearings on Bill 31 during the week of January 26, 2004, in Toronto; and during the week of February 2, 2004, in Sault Ste Marie, Kingston and London.

2. That the committee meet from 10 am to 12 pm and 1 pm to 4:30 pm. Times are subject to change and based on witness response and travel logistics.

3. That the committee invite the Minister of Health to make a 30-minute presentation before the committee, that ministry staff be available during the minister's presentation, and that the official opposition and the New Democratic Party member be allotted five minutes each to make a statement and/or ask questions.

4. That the committee meet for the purpose of clause-by-clause consideration of Bill 31 the week of February 9, 2004, in Toronto.

5. That amendments to Bill 31 be received by the clerk of the committee by 3 pm on Friday, February 6, 2004.

6. That an advertisement be placed on the OntParl channel, the Legislative Assembly Web site and for one day in the English dailies and the French daily and the English and French weeklies that serve the regions where the committee is holding hearings.

7. That the deadline for those who wish to make an oral presentation on Bill 31 in Toronto during the week of January 26, 2004, be 5 pm on Tuesday, January 20, 2004, and that the deadline for those who wish to make an oral presentation on Bill 31 in Sault Ste Marie, Kingston and London during the week of February 2, 2004, be 5 pm on Tuesday, January 27, 2004.

8. That the clerk provide each caucus with the list of those who have responded to the advertisement and wish to appear in Toronto during the week of January 26, 2004, by 6 pm on Tuesday, January 20, 2004. Each caucus will then provide the clerk with a prioritized list of witnesses to be scheduled by 3 pm on Wednesday, January 21, 2004.

9. That the clerk provide each caucus with a list of those who have responded to the advertisement and wish to appear in Sault Ste Marie, Kingston and London during the week of February 2, 2004, by 6 pm on Tuesday, January 27, 2004. Each caucus will then provide the clerk with a prioritized list of witnesses to be scheduled by 3 pm on Wednesday, January 28, 2004.

10. That, if there are more witnesses wishing to appear than time available, the clerk will consult with the Chair, who will make decisions regarding scheduling.

11. That the deadline for written submissions on Bill 31 be 5 pm on Friday, February 6, 2004.

12. That individuals be offered 15 minutes in which to make their presentations and organizations be offered 20 minutes in which to make their presentations.

13. That the research officer will prepare a summary of witness presentations for the committee by 6 pm on Thursday, February 5, 2004, and that the research officer will prepare a briefing memo on the recent history of the issue of health privacy.

14. Last, but not least, that the clerk of the committee, in consultation with the Chair, be authorized prior to the passage of the report of the subcommittee to commence making any preliminary arrangements necessary to facilitate the committee's proceedings.

I move adoption, Mr Chair.

The Vice-Chair: Shall the report of the subcommittee carry? Carried.

HEALTH INFORMATION
PROTECTION ACT, 2003
LOI DE 2003 SUR LA PROTECTION
DES RENSEIGNEMENTS SUR LA SANTÉ

Consideration of Bill 31, An Act to enact and amend various Acts with respect to the protection of health information / Projet de loi 31, Loi édictant et modifiant diverses lois en ce qui a trait à la protection des renseignements sur la santé.

The Vice-Chair: Next, we have the Minister of Health and Long-Term Care, who is going to be making a 30-minute presentation before the committee.

Hon George Smitherman (Minister of Health and Long-Term Care): Thank you very much. [Failure of sound system] considers this bill, around which there are divisions and the like. I'd be very keen to be involved in helping to resolve them.

Before I spend some time discussing the details of Bill 31, let me also take a moment to commend all others who will speak to this committee in the coming weeks. Hearings such as this are a vital part of our democracy and are something I take very seriously.

One of the most important aspects of these hearings is the opportunity for us -- all of us -- to learn. None of us has all the answers. That's certainly true around something like privacy legislation, which is complex. I certainly am not going to pretend to have all of the answers, and I hope over the course of the weeks when these hearings are proceeding, they will provide us with an opportunity to improve and to refine that bill. Let me be absolutely clear in saying that I welcome that input and look forward to it.

Enough of my preamble. Let me spend a few minutes telling you about this bill, the principles which guide it and the values that shaped it.

The bill before the committee is an important part of our commitment to improve and protect Ontario's public health care system, a system which I believe is the very best expression of Canadian values. This is a commitment which the government takes very seriously, and I can assure you it's something that I take very seriously as well. This bill is a central part of that effort.

Specifically, it is a bill to protect the privacy of the personal health information of Ontarians while ensuring that the information is used judiciously to improve health care in our province. Information about our health is extremely sensitive. It's highly personal. It's something people have a right to be protective of. After all, it's their information.

Ontarians deserve health privacy legislation, and health care providers have been asking for health information privacy legislation for some time now. Health providers need clear rules about personal health information to enable them to deliver high-quality health care in every health setting and every situation. We intend to deliver, and this bill does deliver.

1010

Let me also give credit where credit is due. In drafting this legislation, we did not start from scratch. Much important work was done by the previous government, and many of the elements of their bill remain in this current bill.

When it comes to issues like privacy and confidentiality, I believe there is very little room for partisanship. And I'm certainly not embarrassed to say that the previous government's work was extremely valuable to us, and that we have the benefit of a former Minister of Health, in the form of Elizabeth Witmer, who was involved in previous drafting of the legislation.

I also want to thank the stakeholders who have provided important insights and input into the bill. We really have done quite a lot of work in advance to make this bill a good-quality bill.

Bill 31 would, for the first time ever in Ontario, provide broad legislative protections for the privacy, confidentiality and security of personal health information. It also provides consistent, comprehensive rules governing the collection, use, and disclosure of personal health information. It will codify, in law, many of the current practices and codes of conduct of health care providers in the province of Ontario.

Bill 31 provides individuals with the right of access to their own health information and the right to require correction of their health records where the information is incomplete or inaccurate. And it provides for oversight and enforcement of these rights and effective remedies when these rules are contravened.

Fundamental to the proposed legislation is the guiding principle that personal health information should only be collected, used or disclosed in the most limited way necessary. Furthermore, individual consent will be necessary for such collection, uses and disclosures, except in limited circumstances.

Bill 31 contains two separate components: the Personal Health Information Protection Act, 2003, and the Quality of Care Information Protection Act, 2003.

Let me tell you about the first component: the Personal Health Information Protection Act, 2003.

There has long been a need for privacy protection for personal health information. Ontarians deserve to know that their health care information is secure. With on-line technologies and increasing flows of information in health care, the need for clear rules for personal health information is even more critical. The patient needs to trust that the providers in their circle of care are protecting their personal health information and using it only in limited situations.

In this context, let me also note that the federal privacy legislation, the Personal Information Protection and Electronic Documents Act, PIPEDA, came into force on January 1 of this year and deals with the transfer of personal information in the commercial private sector within the province. But the federal legislation was developed to support and promote electronic commerce. It wasn't developed with our health care system in mind.

Ontario's legislation would apply to the collection, use and disclosure of identifying personal health information by specified "health information custodians," including hospitals, physicians and other health care providers, as well as the Ministry of Health and Long-Term Care.

Our bill allows health care providers to rely on implied consent where personal health information is needed for health care purposes. But the patient must be knowledgeable about how this information will be used.

Patients will now have a legal right to control the disclosure of their personal health information within the circle of care.

Individuals will have the right to expressly state when their personal health information cannot be shared within the circle of health care. This right, known as the lockbox, was included after careful consideration of the concerns many Ontarians and our health care partners have expressed about the sharing of sensitive personal health information. Patients need to trust that they have control over the disclosure of their personal health information. Public trust is the very foundation of our health privacy legislation.

We've also listened to the concerns of police about public safety. With this new legislation, a doctor may disclose personal health information about a patient, at their discretion, to reduce or eliminate a significant risk of bodily harm to an individual or to the public.

Bill 31 dramatically enhances the powers of the Information and Privacy Commissioner, creating a strong oversight and enforcement mechanism for the act. The commissioner will be responsible for overseeing the legislation and ensuring compliance with it. We will ensure that the commissioner will have the support necessary to carry out this important function.

The legislation will ensure people can have access to their own personal health information, and have the opportunity to correct it when needed.

Where the request for access or correction is refused by the custodian, Bill 31 enables the individual to file a complaint with the Information and Privacy Commissioner.

The bill also contains extremely tough penalties: fines of $50,000 for individuals and $250,000 for organizations. These figures were not arrived at lightly. They are there to demonstrate the seriousness of the issue at hand.

Also, where the commissioner has made an order or where a person has been convicted of an offence under the act, an individual who is affected by the order or offence may sue for damages. No other provincial health privacy legislation explicitly provides for this.

Another important component of health information protection is the creation of a secure health data institute. This is an organization at arm's length from government whose information practices and privacy protections have been approved by the Information and Privacy Commissioner.

Where information is required by the ministry for health planning and management, this information would go to a secure data institute. This institute would undertake the required analysis and release it in non-identifiable form to the ministry. Minimal identifiers can be released to the ministry in certain cases, but only if the Information and Privacy Commissioner approves.

To those people concerned about government snooping through their personal data, let me say that I find this idea as objectionable as you do. It will not happen.

Unlike other provinces with health privacy legislation, Ontario's Bill 31 limits the ways that those who receive personal health information from a physician or other custodian may use it -- insurers, employers and other organizations, as examples, that are outside of health care. These organizations are subject to restrictions on the use and disclosure of that information. And patients must provide express consent to their doctors before personal health information is provided to such organizations.

Additionally, personal health information cannot be collected, used or disclosed for fundraising or marketing purposes without a person's express consent. Health information, as I said at the outset, is uniquely sensitive. It is also collected in circumstances of trust and vulnerability. This vulnerability, this power imbalance, should not play any role in fundraising. Of course, individuals are free to indicate that they would like to receive fundraising or marketing requests or materials. Charitable giving, particularly to health care facilities, is to be commended. But it must be consensual.

I would just like to say that I expect you're going to hear quite a lot on this point. What this bill does is restrict the capacity of health care organizations to use the fact that you've been a patient to directly solicit you for financial resources. What this bill does allow -- and what I think we will work on amendments to make even clearer to our health care partners -- is that you would have the capacity as a health care facility to write to people who have been patients to ask for their express consent around financial solicitation. I believe that this will satisfy the capacity of health care organizations to be able to build support from people to whom they have provided services. But first they must seek their express consent.

We gave this a lot of consideration. We know our health care partners are strained for resources and that it's a challenge. But the use of personal health information for fundraising purposes is an essential principle, and the bill would be compromised if we allowed an exemption for the use of personal health information to our health care partners. We will provide the mechanism for them to ask for the express consent of past patients to be solicited, but the express consent must be gained before people are asked to give money. I think that's a very important point and I think it's something that you will hear quite a lot about.

Now let me turn to the Quality of Care Information Protection Act, 2003, the second part of Bill 31.

The McGuinty government is particularly aware of the need to encourage health professionals to share information and hold open discussions that can lead to improved patient care and safety. That's why Bill 31 has been drafted with protections for quality-of-care information generated by hospital committees that deal with quality improvement.

1020

When a medical error occurs in a hospital or other health care setting, open disclosure and discussion of the facts surrounding the incident are absolutely critical. Without this, the institution will not be able to analyze the root cause or gaps that led to the incident and frankly to direct appropriate measures to make sure it doesn't happen again. Our health providers couldn't identify and implement changes to avoid similar problems in the future if we didn't have a transparent process to gather information.

This legal protection for quality-of-care information is available only if the facts of a medical incident are recorded in the patient's file. The information provided to the quality-of-care committee and the opinions of committee members would be shielded from disclosure in legal proceedings as well as most other disclosures outside the hospital. In this way, we have carefully balanced the need to promote quality care with the need to ensure accountability.

There you have the nuts and bolts of Bill 31. It's a strong bill, it's an effective bill and it will serve the needs of patients as well as of health care providers, giving them for the first time clear and consistent rules for collecting, using, storing and sharing personal health information. Once Bill 31 becomes law, Ontario will have the toughest rules and limits ever on how health information is gathered and used. Indeed, I believe we will have created the gold standard in health information protection in Canada -- protection to which all Ontarians are entitled. On this point, I would point out to committee members that this bill, in its draft form, has already gained quite a lot of note and interest from other provinces, which are considering adopting many of the provisions and protections that are contained within it.

I would like to thank you for the work you're about to do and to introduce Carol Appathurai, the acting director of health information privacy and sciences. Also with us today are Halyna Perun and Michael Orr, both legal counsel from the legal services branch of the Ministry of Health and Long-Term Care, and my legislative assistant, Abid Malik. Each of these four individuals will be available to you for all the days the committee is sitting here in Toronto and also on the road. I would encourage you to work with our staff. We need your help to make sure the bill we eventually take forward to the Legislature for passage is a bill that enjoys the support of all members of the Ontario Legislature. That's my goal, and I'm very keen to work with you to try to achieve a piece of legislation of which we can be proud that Ontarians have been appropriately protected.

The Vice-Chair: Thank you, Minister, for your presentation. Now we're going to hear from the official opposition for five minutes.

Mrs Elizabeth Witmer (Kitchener-Waterloo): Thank you very much, Minister Smitherman. We do appreciate the work that's gone into the preparation of this act. We've been at it for a long time, and hopefully this time we'll get it all right.

I do have a question, and I have to go back to Bill 8, because Bill 8 also contained privacy provisions, as you know, and was introduced before Bill 31, which actually allowed you to collect, use and disclose personal information. I'd like to know how this bill relates to Bill 8 and, if that is now insignificant, why those portions were not withdrawn from Bill 8?

Hon Mr Smitherman: It's an excellent question and one we had the opportunity to discuss previously. What will be clear in this piece of legislation is the supremacy of this piece of legislation as it relates to privacy. If a strengthening amendment on that point is necessary with this bill, and when Bill 8 goes to committee and amendments are considered, we'll take the necessary steps to make absolutely clear and remove any doubt there might be around where the supremacy lies. This is the bill that offers those protections, and we'll make sure that amendments clearly demonstrate the supremacy on that point. You've been helpful in making sure we've got that hierarchy, if you will, appropriately positioned.

Mrs Witmer: Are you saying, then, that the sections that constitute fundamental breaches of privacy rights will be totally removed from Bill 8?

Hon Mr Smitherman: Well, I need to take a look at the language that's necessary to accomplish the goal we both support, which is making sure that Bill 31 is the place where the paramountcy of privacy is clearly captured and the supremacy of the legislation is established. If you have suggestions around the best way to accomplish that from a language standpoint, that would be very helpful and I'm happy to work that out with you. I'm not sure that I've seen drafting about how we intend to accomplish it, but the goal has been established and the commitment is made.

Mrs Witmer: Right, because I know there were a lot of stakeholders who did ask for that section of Bill 8 to be immediately withdrawn. I was surprised that hadn't happened -- I think they were too -- if the intent is that Bill 31 would have precedence. Are you saying now that this bill has precedence over all the federal legislation, or exactly what?

Hon Mr Smitherman: Carol can strengthen my comment, but the federal legislation that currently has some effect on some health care providers who are deemed to be commercial -- I was in a dental practice last week, where I had been referred from my dentist, and signed a consent form that is part of PHIPA, but it really applies only to the commercial elements of the sector.

What we understand from discussions with federal colleagues and the federal information and privacy commissioners -- I think there's language in PHIPA; help me, Carol, with the language.

Ms Carol Appathurai: "Substantially."

Hon Mr Smitherman: Substantially similar. All the indications we've received so far from the federal government are that this piece of legislation meets the test and will work appropriately with the federal legislation that's there.

Carol will be available for more questioning afterwards, in case you have other questions you would like me to answer more particularly, because your time is --

Mrs Witmer: Right. It sounds to me that you're prepared to make sure that at the end of the day the stakeholders can continue to move forward.

Hon Mr Smitherman: Absolutely, and we have lots of subsequent dialogue with stakeholders to improve this as we move forward.

Mrs Witmer: The other issue that I've heard may present some concern -- and it's been touched on -- is the barriers that may be here to accessing information for research. I think that's certainly going to be one of the more contentious issues.

Hon Mr Smitherman: What we put in place here -- and I hope at the end of the day it doesn't stand as an undue barrier -- is that process is required. Our first goal is the protection of privacy of the information of Ontarians. That's our starting point. From there, once we've established that, we look to put in place the appropriate process or mechanism that will still allow the important research and planning information that comes from that data to be available.

We think what we have outlined here does offer those appropriate protections to Ontarians, dramatically ramping up the roll of the Information and Privacy Commissioner as the arbiter around the appropriateness and then establishing the principle of data institutes, which would be reputable organizations that have also had sign-off from the Information and Privacy Commissioner. I think it's a process that balances the need to be able to collect and use the information for health planning and research purposes, but only in a context of the paramouncy of the need to protect the privacy of Ontarians related to their personal health information. I think we've got the balance right there.

The Vice-Chair: Now we'll hear from the third party.

Ms Shelley Martel (Nickel Belt): Thanks, Minister, for being here today. I appreciate that you take the time out of your schedule to come and go through this. I have two questions, and then I want to make a statement. The first has to do with the last part of the bill, the regulation-making section. Because so much of this is done through regulation -- so many other bills are a shell, and the rest is done in so many ways behind closed doors -- I appreciate that there are many opportunities for public consultation.

The part that gave me concern has to do with your own discretion not to have consultation. The criteria for that are listed: either an emergency or it's a minor amendment or it's going to be replaced by something else. The part that gave me concern, though, is that any decision you make in that regard is not a decision that can be reviewed by the commissioner. If the commissioner has oversight of the legislation and if the areas where you are not going to have public consultation are essentially quite legitimate, I think it doesn't give a good indication or a good impression that there are going to be some decisions that are not able to be reviewed either by a court, in this case, or by the commissioner -- especially the commissioner.

I may be reading this wrong, because Carol is shaking her head, but what bothered me was on page 66 where it said "no review." My assumption was no review of a decision not to hold public consultation. If you can get away from that, you'd be much better off.

1030

Hon Mr Smitherman: I would say first, just on a point of principle with respect to regulation and consultation around that, because I do think this bill is an essential foundation for our health care system, it would be my intention to maintain a very high level of consultation all through the process. We've enjoyed it certainly in the stages that have brought us to this point now. So I would just give you that as my commitment, as my undertaking. I think Carol could perhaps help by commenting more particularly on the intent of the sections that you spoke about.

Ms Appathurai: If I understand your question correctly, there is an opportunity for regulations to be put through in an urgent situation. My voice isn't carrying very well. Those regulations are temporary. They will only last for two years, and within two years you have to go through the full process of public review.

Ms Martel: I think I understand that, but my concern is that if it's a legitimate, urgent situation and the minister would post that and it's posted through the gazette, I'm not sure that you'd need to officially state that the commissioner can't review that. I think that just works at cross-purposes with what is going to be her role, which is essentially oversight. It would give the impression that there might be something to hide. If there's a way that you can get around that, where you don't have to have that, then I just think no one can ever come back and say that something underhanded was being done. I understand the temporary nature of it, but the fact that in the legislation it still says there can't be a review, not only by the court but by the commissioner who has oversight, just takes you down a road where I don't think you really want to go.

Ms Appathurai: We welcome that suggestion, and we'll go back and look at that.

Hon Mr Smitherman: We want to fine-tune things in a way that makes sure it lives up to the goals we've established.

Ms Martel: More generally, we were told at the briefing on Friday that similar legislation is in place in Manitoba, Saskatchewan and Alberta. I think you've given us two indications today where Ontario's legislation is different -- ie, we have a right to allow people to sue, with a cap on that; and there was a second area, I think limits in the ways that organizations can use private health information. Are there other things that the other jurisdictions are doing that we should look at? Did you have a full review of what they're doing and its application to Ontario?

Ms Appathurai: Yes.

Ms Martel: OK.

Hon Mr Smitherman: The bill would contain some things that in some areas other provinces are looking to Ontario's legislation as being superior, but the implied consent place is I think one where we've determined that within the circle of care, that traditional circle of care that people receive most of their care in, that the status quo of implied consent was the appropriate way to go, and it's a point of distinction with some other jurisdictions.

Ms Martel: OK. Just one final thing, if I might. The quality of care comes as a separate bill. Is that the same in the other jurisdictions, as well, those issues are dealt with separately in separate legislation?

Ms Appathurai: In other jurisdictions except for Quebec, those protections are all in the Evidence Act. Ontario has chosen to do it this way.

Ms Martel: Thank you.

The Vice-Chair: Thank you, Minister, for taking the time and coming before us.

Hon Mr Smitherman: That's it? I get to go? All right. Many thanks.

The Vice-Chair: Next, we're going to have a briefing from the Ministry of Health and Long-Term Care.

Ms Appathurai: I'd like to thank you all for the opportunity to be here today. With me are Halyna Perun and Michael Orr, counsel with the legal services branch. You should have in front of you your binder. Can you hear me, more or less?

Mr Jerry J. Ouellette (Oshawa): Not so close to the mike.

Ms Appathurai: Not so close? Better? Good.

You should have in front of you a binder. Tab 1 should be a copy of the legislation. At tab 2 you'll find the compendium, which is a shorter version of the legislation, but very dense. Tab 3 is a slide presentation that is in slide form, fairly high-level -- the key provisions of the act. Tab 4 should be your backgrounder, tab 5 a news release, and you should have in tab 6 a complementary amendment chart. If you don't have that, I do have extra copies here.

The Vice-Chair: If I could just interrupt, Ms Appathurai. How would you like us to handle questions? Can we have the members jump in? Should we do a rotation?

Ms Appathurai: I think it might be best to just jump in. We'd like to clarify the issues at the moment that they come up. However, we will have to keep moving, because I understand we only have about an hour, an hour and a half.

The Vice-Chair: Is that agreeable? OK, you can continue.

Ms Appathurai: I'll begin the presentation by giving you a little bit of the context, a little bit of the background. At the federal level, there is privacy legislation, as the minister mentioned. This is privacy legislation developed in order to promote electronic commerce, inadvertently capturing aspects of the health care sector, those who are commercial in nature. Those have been identified by the federal government as physicians, pharmacists and laboratories. The result of this federal legislation would be that you would have one part of the health care sector under one set of rules and other parts of the health care sector under different rules and requirements. This would make integration very difficult. As well, in the federal legislation there was a need for express consent, which health care providers have indicated to us would have been very onerous, both financially and in terms of human resources.

At the federal level, the bill sets out that if provincial legislation is found to be substantially similar, the federal legislation will not apply. Ontario has heard from its stakeholders who have asked for made-in-Ontario legislation to meet the needs of the Ontario health care system. They have pointed to Manitoba, Alberta and Saskatchewan, who have all had health privacy legislation in place for some time.

I can go over a little bit of the history. I think if you go back as far as 1980, Justice Krever, in his report in 1980, had very strong recommendations about the need for health privacy legislation in the province. Many attempts have been made. There have been many consultations. The most recent were in 1997-98 and again in 2000. So we really have a fair knowledge base on which to build this legislation.

I'd ask you to turn to your bill. You'll notice at the beginning that there are two schedules: the Personal Health Information Protection Act; and schedule B, the Quality of Care Information Protection Act. Those are currently schedules of one bill, but on proclamation they will be two separate pieces of legislation. We'll take you through both of them.

Underlying the privacy legislation are 10 principles. These are principles set out in the Canadian Standards Association model code for the protection of personal information. These are principles that underlie the federal legislation as well. As we think about being substantially similar, we have ensured that these 10 principles moulded the development of our legislation. You'll see them as we move through the various sections of the legislation.

1040

The principles are: accountability; ensuring that the purpose for which information is collected, used and disclosed is identified; the need for consent; the need to limit collection; the need to limit use, disclosure and retention to only that which is necessary; to ensure accuracy in medical records; to ensure there are safeguards to protect the privacy and the security of those records; to ensure there's openness and transparency in how that information is used; to ensure that individuals have access to their files and to their information; and to ensure that there is strong oversight and the ability to challenge non-compliance with the legislation.

The legislation will apply to health information custodians who collect, use and disclose personal health information. It will also apply to non-health information custodians where they receive personal health information from a health information custodian.

The Vice-Chair: Question?

Mr Ouellette: For the information and protection of it, is it advanced enough to take care of DNA coding, which is one of the new technologies coming forward? I know the other jurisdictions have not had this consideration in the past, but with it being able to tell through DNA whether somebody is bound for cancer of a particular type, is that protection written in the legislation?

Ms Appathurai: Yes, and that is actually a very important issue. We've had that raised. We do have a regulation which will allow us to define and put protections around that information. It's an ever-changing field, and we don't want to put anything in the legislation that cements it in. We want to be able to adjust as new information comes forward and as information changes.

What we have heard in the field -- there's still a debate -- is that there are physicians in the field who think that your DNA information is no different from any other piece of health information in your file and doesn't need any more protection. There are others -- Maureen McTeer, who's a lawyer, who's spoken on this -- who suggest that it is very unique and does require special protection. So right now, we're looking at what other jurisdictions are doing, but we've ensured that we have the ability to put restrictions around this, a definition around this, through the regulations.

Mr Ouellette: Does that keep the DNA strictly in the ministry's file, as opposed to coming forward through, say, science and technology, so it could be found through another ministry?

Ms Appathurai: Where? Yes. And we'd have a recipient rule that would cover that.

Mr Ouellette: So this will apply to ministries, or does it just pertain to medical uses?

Ms Appathurai: It would apply to those who receive that information from health information custodians.

Mr Ouellette: So it could be effectively utilized within other ministries, whether it's science and technology, for example?

Ms Appathurai: It could be, yes.

Mr Ouellette: OK. Thank you.

Ms Halyna Perun: One of the things I'd like to do is ask you to look at the index to schedule A, which is on page 2 of your legislation.

Just to give you the lay of the land before we get into the details of what the act contains, as it's important to note what all the parts say, there are eight parts -- it's on page 2 of the legislation -- to schedule A, the Health Information Protection Act.

The first part pertains to purposes and sets out the definitions. Here, we have the key definitions as to what a health information custodian is, who this act applies to, what personal health information is, and what we mean when we say "personal health information."

The next part -- and we will go through the key definitions with you; I just wanted to show you what the parts say -- deals with practices to protect personal health information. Here, you will see rules around information practices, the accuracy and security of personal health information, the obligation of custodians to ensure that they have a contact person -- they have a written public statement and a statement around the responsibility of a custodian for those who work for the organization. That's set out in part II.

Part III, then, deals with consent concerning personal health information, and here you will see set out the elements of consent. When we say "consent," what does that mean in the context of this bill? There are rules with respect to the withdrawal of consent, as well as the assumption of validity of consent.

Because we are dealing with health care and in the health care context there are often people who are incapable of providing consent to the issues pertaining to them, part III also provides rules as to whom you go to as a provider if someone is incapable of consenting or, in the case where a person has died, who can decide on behalf of that situation.

Part IV sets out the rules around collection, use and disclosure of personal health information. First, we have a category that pertains to general limitations and requirements. We speak about a general limiting principle, and that is set out in this part. The requirement for consent generally and exceptions to that rule for consent are set out in part IV. The part speaks to collection without consent, uses without consent, as well as disclosures in specified circumstances as set out in sections 37 through 48.

The next part is access to your own record. If you as a patient or client wish to obtain formal access to your record from a provider, part V spells out the rules as to how this can be done. As well, part V speaks to correction.

Part VI, administration and enforcement: This is where you will see the powers and obligations of the Information and Privacy Commissioner and the individual's right to make a complaint about information practice problems with respect to the organization. So here in part VI there are a number of provisions that pertain to that. As well in this part are general powers of the commissioner and also immunity.

Part VII is sort of a general part that sets out a rule with respect to whistle-blowing, immunity, offences, as well as regulations and the public consultation process with respect to the regulations.

In part VIII there are a number of complementary amendments that are proposed to be made to bring the acts in line with Bill 31. Particularly, the approach taken in this legislation is that where there is a need to specify that a certain section of a certain act prevails over this legislation, the amendment is made in that specific act, because it's more relevant to the users of the legislation. There is a chart in your materials that actually shows you what is the current provision and what is the proposed amendment. We'll be happy to go through that with you in time as we go through the next few days.

Going back to the beginning, who is covered by this legislation? That is set out in the definition of "health information custodian," and that definition is found on page 9 of the legislation. You will see here that the proposal is to have this act apply to a health care practitioner. "Health care practitioner" then also has its own definition, and that is set out on page 7, at the top. So the act applies to the regulated health professions; naturopaths under the Drugless Practitioners Act; social workers who provide health care and are regulated by the Ontario College of Social Workers. As well there is a general category, "any other person whose primary function is to provide health care for payment." That could cover acupuncturists, for example.

The Vice-Chair: Question, Ms Wynne?

Ms Kathleen O. Wynne (Don Valley West): If it's OK to jump in. I think we're going to be asked to look at expanding that definition in these hearings, or certainly of the custodian. You're just talking about the practitioner at this point.

Ms Perun: Right.

Ms Wynne: But there is a question about the definition of "custodian" that we're going to be asked, so can you talk about how you came to the definition that's in the act?

Ms Perun: Sure. A health care practitioner is a custodian, because that comes up in the first category. Then there are a number of other organizations that will be subject to this legislation, and they are set out; for example, service providers, hospitals, institutions that are nursing homes and homes for the aged and the like, pharmacies, labs, ambulance service, homes for special care, and "a centre, program or service for community health or mental health whose primary purpose is the provision of health care." Those are all custodians. Those are more traditional entities that provide health care. And there's a definition of health care as well that's important to note.

1050

Then on the next page you'll also see that the act applies to the minister together with the Ministry of Health and Long-Term Care, medical officers of health, and then there is this last category, which is "any other person prescribed as a ... custodian if the person has custody or control of personal health information as a result of or in connection with performing prescribed powers" or duties. So therefore there is an ability to expand the application of this legislation to others who are not listed in the main but can be set out by way of regulation. We've heard for example that Cancer Care Ontario may want to be a custodian; there are other entities that would say this legislation should apply to them, and that certainly can be done by way of regulation.

Ms Wynne: I guess what I'm asking is, what are the principles, the criteria that will come to bear in making that decision in paragraph 7 of section 3? Where are those criteria embodied? Where do we find them?

Ms Appathurai: We are developing those criteria.

Ms Wynne: OK.

Ms Appathurai: But we're certainly looking at individuals who provide health care or who are registries, but we will be working to develop criteria for that.

Ms Wynne: OK.

Mr Ouellette: You mentioned individuals who provide health care. For example, if a family practitioner practises out of a clinic, I'm concerned about the storage of the information. Who would have the responsibility? Would it be the individual practitioner or would it be the clinic? And who would have the accountability for any loss of information or information that is released inadvertently? Would it be the practitioner? Would they have the ability to contract other individuals for security reasons to protect that information?

Ms Perun: The person who is responsible is the person who -- for example, in a partnership it would be all three individuals. Say there are three partners; each person would be responsible for the --

Mr Ouellette: Storage and protection?

Ms Perun: -- storage or the collection in accordance with the rules as set out in this act. For example, part II, which pertains to practices to protect, spells out specifically the obligations of the custodian, which we will take you through.

Mr Ouellette: What sorts of penalties are there for loss of information or for information that's released inadvertently?

Ms Perun: There are penalties as well. That's also set out in the proposed legislation. First of all, the privacy commissioner can review the practices and can order compliance with the legislation. In addition, if there is an offence, then the individual penalties are -- I'll have to take a look.

Mr Michael Orr: While Halyna is taking a look, perhaps I could just mention that there are immunity provisions. Mr Ouellette, you asked about inadvertent disclosures.

Mr Ouellette: Yes.

Mr Orr: And there are immunity provisions which protect health information custodians from liability where they have acted in good faith and reasonably in the circumstances.

Ms Perun: Then, if the person is found guilty of an offence, the fines are set at $50,000 for an individual, up to $50,000, and for a corporation the fine is up to $250,000. That's set out on page 62 of the bill.

Mrs Witmer: Just proceeding down that road, what are the consequences for the Minister of Health if there is information that is disclosed?

Ms Perun: The same provisions apply to the minister as the --

Mrs Witmer: The same financial penalty?

Ms Perun: That's right -- as they do to others who breach the legislation, the way it's set out now.

Mrs Witmer: Is it anticipated that this could become quite lucrative for people in the legal field as people start to challenge the custodians in future and say that their information, for example, has been disclosed inappropriately? Are you anticipating that this will create a whole new area of expertise for lawyers?

Ms Appathurai: That's not been the case in other jurisdictions.

Ms Perun: The other definition that's critical to this bill is that of personal health information itself, and that is set out --

Ms Martel: My apologies. I was waiting to see where you were going. I am clear about who is going to be a custodian. I was unclear about the exception, though, which follows on page 10. I just found the language confusing. Are you essentially referring to, for example, in a laboratory, staff in a laboratory; in a physician's office, staff in a physician's office? Is that what the exception --

Ms Perun: Right. The exception works in this way: A health care practitioner, say a doctor who is running her own practice, is the health information custodian, but the doctor goes to the hospital and for example works in a clinic in the hospital but it's run by the hospital. Then the doctor becomes an agent of the hospital. The doctor becomes an agent of the hospital for the purposes of that information in the hospital. That's the exception. There's always someone who is responsible. The hospital is responsible for all the health care practitioners who work within in it. As well, the doctor is responsible for his or her own staff in the office. But the doctor can also be an agent of someone else.

Ms Martel: Can a staff person be an agent in a physician's office?

Ms Perun: Yes, and therefore --

Ms Martel: All the requirements apply to the agent.

Ms Perun: That's right, and the agent is only allowed to do what the doctor is permitted to do and it's in the course of duties with the doctor. That is set out in section 17 of the draft. So there's actually a rule that tries to encompass the responsibilities of all those who work within the organization. The definition of "agent" is an expansive definition. It includes students, it would include volunteers; it is all of those who work within a custodian.

Should I go on to personal health information as a critical definition? That is set out at page 12. "Personal health information ... means identifying information about an individual in oral or recorded form" and "relates to the physical or mental health of the individual, including information that consists of the medical history of the individual's family." So when I go to the doctor and tell the doctor information about my mother, that becomes my information in my file. It "relates to the providing of health care to the individual, is a plan of service ... relates to payments," donations by the individual of body parts or bodily substances, "the individual's health number," and this is important to know, because even just the number itself is personal health information under this proposed bill. As a result too, because we are proposing rules that govern the collection, use and disclosure of the health number, there is an act in Ontario called the Health Cards and Numbers Control Act that will be repealed consequential to the implementation of these rules under this legislation.

The other definition that I would like to note is that of health care and what is meant by health care. That is set out on page 6. It "means any observation, examination, assessment, care, service or procedure that is done for a health-rated purpose ... is carried out or provided to diagnose, treat or maintain an individual's physical or mental condition, is carried out or provided to prevent disease or injury or to promote health ... for palliative care," and it includes compounding a drug as well as a community service under the Long-Term Care Act.

There is also a provision, on page 15, that sets out a rule which provides that, "In the event of a conflict between a provision of this act or its regulations and a provision of any other act or its regulations, this act" prevails "unless this act, its regulations or the other act specifically provide otherwise," which leads us into a number of complementary amendments that are proposed.

Section 8 of the legislation provides a rule around the Ministry of Health and other custodians, such as boards of health, that are currently Freedom of Information and Protection of Privacy Act institutions, under that particular act. The bill provides that the ministry with respect to its personal health information will be subject to this act, but with respect to other information, for example purely financial information or general information, will be subject still to the FIPPA legislation. You will see this coming up in a number of other ways in the legislation, where there is a need to make sure that the interplay between the two acts still works for institutions that are subject to both acts. So some of these sections seem to be a little bit cumbersome, but we will be happy to explain them to you in time.

Now we're on to practices to protect.

1100

Ms Appathurai: Yes. That's section 10, on page 16. This is part of the openness and transparency that we talked about earlier. Information custodians are required to have in place information practices that comply, that are consistent with this act. In the case where they use electronic means, as we move toward the electronic health record, we wanted to have an acknowledgement upfront in the legislation that that means of collection, use and disclosure may need particular protections. So we've given ourselves the ability to do that under subsection 10(3). We have the ability to prescribe requirements there.

The health information custodian who uses personal health information has to ensure that the information is accurate and up to date for the purposes for which it is being used. The same applies when he discloses that information. He or she needs to ensure that the information is kept securely and, where there is a loss or unauthorized access, that information needs to be transferred to the owner of the file. The owner of the file needs to be aware of that.

Security, you can see in section 13, is a very strong theme all the way through the legislation.

Section 14: We've looked at records that are kept in an individual's home, and as we move to home care that is more and more the case. We want to be sure there's a recognition that those files cannot just be left around, that there have to be some constraints on their use and disclosure.

The Vice-Chair: We have a question.

Mrs Witmer: We're talking about electronic means here. What about print, filing cabinets? You have cleaning staff or others coming into a health practitioner's office. Is the health practitioner under the obligation to keep those filing cabinets locked?

Ms Appathurai: Yes. You can see in section 12 we talk about security.

Mrs Witmer: Is that what it specifically means?

Ms Appathurai: Yes, to control "against unauthorized use or disclosure" and ensure the information is "protected against unauthorized copying, modification or destruction."

Mrs Witmer: Right, but it doesn't say that.

Ms Appathurai: Yes.

Mrs Witmer: I mean, how are you planning to communicate to people as to what their responsibilities are?

Ms Appathurai: That's very important. We are planning to have a fairly comprehensive education program. We've already started talking to various stakeholders about that, and they are, by and large, all onside. The OMA and the OHA have already started developing information packages, but we will be doing that as well.

I just draw your attention to section 13 as well, where we talk about ensuring that the records "are retained, transferred and disposed of in a secure manner and in accordance with the prescribed requirements." So we do have the ability there, too, to add more requirements or to make any clarifications. I think your question is a good one. We have to ensure that all health information custodians understand that they cannot leave their files around the office, and if it's not clear, we'll make that clear.

Mrs Witmer: Right. I'm not saying they are left around the office, but I'm saying they are in filing cabinets, and I don't think all individuals have their filing cabinets under lock and key at the present time.

Ms Appathurai: Right.

Mr Orr: I would just add, if I could, under section 10 there is a specific ability that Carol mentioned to prescribe information practices that all custodians or some custodians must comply with. So you have the general standard in section 12 which ensures that generally everything is covered and they must all ensure that the information is kept secure. It's envisioned that there may be a need for supplementary and more specific rules to really tell people exactly what they have to do in various different situations, and in this kind of situation you have to keep it locked or whatever other kind of method may be necessary to provide that security. So there is the ability to prescribe those kinds of standards.

Ms Martel: Just in that respect, some of this material is going to be required. If you go to subsection (2), which talks about a loss and the responsibility of the custodian to advise if information is lost, if you're in an office and your files are stolen and all you have is paper files, there's clearly a problem about whom you inform. You have no clue whose information was taken in the first place. I'm assuming there are a fair number of offices that still work with paper and not so much electronic material. Has that been raised?

Ms Appathurai: No, that hasn't been raised, but you will notice in subsection (2) "at the first reasonable opportunity," so there is a reasonableness issue there. But, yes, it's a good point, and we'll see if we can't clarify that.

Mr Ouellette: What happens with current files that are found outside the medical profession, such as, for example, the insurance industry? I'm sure they are going to be posturing for information on soft tissue damage and things like that. Are there going to be controls found on the information that's there?

On top of that, what takes place in the case of a practice where somebody retires and passes the information on? Who then controls and has the information in-house, and what is the process for passing that on and the responsibility for the gathered information?

Ms Appathurai: In terms of the insurance companies, they are commercial entities and will be covered by the federal privacy legislation. We do have provisions in the act for health information custodians who have died and the transfer of that information. I'll let Halyna speak to that in more detail, but there are strict provisions around there to ensure that even when a custodian dies, there will be someone responsible for that information.

Ms Perun: With respect to insurance, once the insurer obtains information from, say, a provider under this legislation, with consent of the patient, it goes to the insurance company. There is a recipient rule that is quite critical to this legislation as well, and that is set out in section 47 of the bill. That rule provides that if you as an insurer receive the information, you can only do with it whatever the purpose was for which you received it unless some other law specifies that you can do something else with it. That's where the federal privacy legislation will be important as to what the insurers can or cannot do. In addition, certain other requirements can be prescribed under the provisions of this bill. So there is a proposition to put limits on information even when it leaves the traditional health care sector.

This idea is somewhat different in Ontario than in other provinces, because other provinces don't have these kinds of recipient rules. They don't speak to what happens once the information leaves with consent. So that is quite unique in this proposal.

With respect to the transfer of information to the next person, we have a proposal in section 41 that speaks to what happens when the custodian sells his or her practice and a successor receives it, what the duties of the custodian are. So there are rules that speak to these issues in this bill.

The Vice-Chair: Next we have a question from Ms Van Bommel.

Mrs Maria Van Bommel (Lambton-Kent-Middlesex): I would like to know what authority or jurisdiction this act has over the transfer of health information interprovincially or even internationally, because a lot of people do that now as they move about. We're much more transient than we were. When it happens, can we limit and protect the privacy of the individuals once it leaves our jurisdiction, or when information comes into our jurisdiction?

1110

Ms Perun: The legislation speaks to its own borders, in a sense. It can regulate what custodians and others who reside in Ontario can or cannot do with the information. However, once it leaves our borders, that is not something within the competence of the Legislature to speak to. But there are rules that also provide some guidance, clarity, as to in what circumstances you may disclose information outside Ontario, and there are specific provisions around that.

Ms Appathurai: If you turn to page 17, we're looking at the accountability and openness section. I'm conscious of the time; I'll go over this very quickly. We are requiring that every health information custodian designates a contact person so that the public will know where to go when they have a concern or a request or a complaint. The functions of the contact person are to ensure that there is the custodian's compliance with the act, ensure that all custodians are informed of their duties, respond to requests from individuals for access or correction, and receive complaints from the public.

The health information custodian is required to inform members of the public of his information practices, and that has to be either in a brochure form or a notice on the wall. It has to be easily accessible to individuals so that they know what protections are in place and what uses their information is being put to.

What has to be in the written statement that is provided by the health information custodian we've set out here in the legislation. It has to provide a general description of the custodian's information practices, how to contact the contact person, how to obtain access or request correction, and how to make a complaint to the Information and Privacy Commissioner if you're not satisfied.

Again around information practices, if you look at subsection 16(2) the health information custodian that uses or discloses information about an individual, without that individual's consent, has to inform the individual of this, has to make a note of the uses and has to keep those notes as part of the record. This is part of the openness principle that pervades the federal legislation as well as our own.

You'll see in section 17 the point that we made earlier, that custodians are responsible for the actions of their agents. Whether it's a volunteer working in a hospital or an information manager that you've hired to transcribe your records, ultimately, the custodian is responsible.

Ms Perun: Part III pertains to consent concerning personal health information, but before I walk you through that part it's important to note section 28, which actually resides in part IV, at the top. That section and the principle of this legislation is such that the custodian cannot collect, use or disclose personal health information unless the custodian has consent of the individual or this act permits the collection, use and disclosure without consent. That is set out in part IV. So when we mean consent, what do we mean by "consent" under this bill? That is then set out in section 18, on page 19: "If this act" -- or also another act -- "requires ... consent...." So here again, the bill proposes to stretch just that much beyond and basically regulate. Where another act speaks to the custodian and says you need consent, these rules will apply. The consent must be of the individual, must be knowledgeable, must relate to the information and must not be obtained through deception or coercion.

Consent may be implied or express, but in certain circumstances it has to be express. As the minister mentioned, and again I'll turn to part IV, there are two specific provisions for express consent: section 31, on page 26, pertaining to fundraising, as well as for marketing, also on page 26 at section 32. Then, the general rule around express consent is set out in subsection 18(3), on page 19. Essentially, a custodian, when obtaining consent for the transfer of health information to someone who is outside, is not a health information custodian, or if it's not for health care purposes -- the consent must be express.

Within the health care circle, consent may be implied. That is set out in subsection 20(2), on page 20. Essentially, this provision says that a health information custodian who is a health care provider who receives personal health information about an individual from the individual, the substitute decision-maker or from another custodian for the purpose of providing health care or assisting in the provision of health care is entitled to assume that he or she has implied consent for this use, unless of course the individual has stated that such information shall not be used for the purpose of health care. If that occurs, then there is the obligation on the part of the custodian to make a note on the file -- at least to flag that there is something missing from the information that may be important for the health care of the individual.

Consent to a collection, use or disclosure must be knowledgeable. The act proposes to set out a rule as to what "knowledgeable" is. That is set out at the top of page 20. "Knowledgeable" means that the individual knows the purposes of the collection, use or disclosure, as the case may be, and that the individual may provide or withhold consent. Also, it may be reasonable to infer knowledge by having a notice posted in your office that sets out the uses and purposes of the information. If it's reasonable to conclude that that information has come to the attention of the individual, the health care provider may rely on such notice to conclude that the individual is knowledgeable. That is set out in subsection 18(5), on page 20.

Subsection 20(1) also provides an important rule, in that a "custodian who has obtained an individual's consent to a collection, use or disclosure of personal health information about the individual ... is entitled to assume that the consent fulfills the requirements of this act and the individual has not withdrawn it, unless it is not reasonable to assume so."

On pages 21 and following, there are rules around capacity and substitute decision-making. In a nutshell, the law flows from a law that's currently in place in Ontario, the Health Care Consent Act. That act, however, doesn't deal with information flows; it deals with issues pertaining to treatment, generally. So here, the rules are proposed to be similar to the Health Care Consent Act rules. Essentially, how it would work is that if an individual has been found to be incapable for health care under that act and has what's known as a substitute decision-maker, who makes decisions on that person's behalf, that individual will have an ability to make the decisions around the information ancillary to the treatment under this legislation. There's a way to determine incapacity, and the person will also have the ability to go to a consent incapacity board for a review of the finding of incapacity.

1120

The act also sets out rules as to who can decide on behalf of someone else. The persons who may consent are set out in section 23, on page 22. The authority of the substitute decision-maker is set out on page 23 at section 24; the substitute can take a step or make a decision on behalf of the incapable individual. Who are these substitute decision-makers? That is set out in section 25, and there's like a ranking system. It starts with the guardian of the person, if they have one, and if they don't, you just go down the list. If they have an attorney, under a power of attorney for personal care or property, the provider may rely on that person. However, if there is no such person, go down the list: the individual's spouse or partner -- in this bill, "spouse" is defined to include all conjugal relations -- then a parent, a brother or any other relative. The Public Guardian and Trustee is the substitute decider of last resort. So there are a number of provisions that pertain to that. That is also one of the difficulties with the federal privacy legislation --

The Vice-Chair: Sorry to interrupt.

Ms Jeffrey.

Mrs Jeffrey: Maybe you were going to answer my question before I got there, but I went through the section under "Capacity and Substitute Decision-Making" and the conflict if the child is capable. There's a discussion of an age: "If the individual is a child who is less than 16 years of age," and then later on, under "Incapable individual: persons who may consent" there is "A brother or sister of the individual." I'm wondering what constitutes the age of consent, either of the person who consents or of their agent or someone who is deemed capable?

Ms Perun: Under the Health Care Consent Act, we have general rules for treatment that do not speak to an age of consent. The way the act works is if you're capable -- there's a test for capacity that's decided by the health care provider; that person makes that determination. If the child is capable, in the opinion of the provider, the child can consent to the treatment. There's no age.

That idea is incorporated in this legislation. Basically, the rule provides that if a child has made the treatment decision, then the information decision about that particular treatment rests with the child; otherwise, the parent of a child who is under 16 is authorized to make the decision on behalf of the child. That's the general principle of this legislation. Does that answer your question?

Mrs Jeffrey: Yes, but as a parent I guess I now find that my children are being asked in an orthodontist's office to allow information to be released. I'm not sure they understand the consequences of the signing authority they've just given away. My son just did it as a 17-year-old. Had he been there with a younger brother, could he also have given consent for a brother who is under 16? I just want to ensure that they understand the consequences of releasing that information. As a parent, it troubles me if there is an alternate who is capable -- not that you wouldn't want to release it, but it's something that concerns me as a parent.

Ms Perun: In that situation, if a younger sibling comes with an older sibling, I think the ranking would still set out that the orthodontist should go to the parent first. That's generally how the rule would be. Of course, there is the test of whether the substitute decider is available and willing and whether it's reasonable to find the substitute. But in the situation you describe, I would say it's reasonable to seek the consent of the parent.

Mrs Jeffrey: Thank you.

Ms Perun: Part IV, "Collection, Use and Disclosure of Personal Health Information." Here we come to quite a substantive part of the bill. I've already outlined the requirement for consent in section 28. Section 29 is a critical rule that will generally govern the custodian's collection, use and disclosure of personal health information. This is a general limiting principle that applies to all custodians. The custodian "shall not collect, use or disclose personal health information if other information will serve the purpose." In other words, do not use personal information if you can rely on other information that's not health information. But if you need to, do not use more than is reasonably necessary to meet the purpose of the collection, use or disclosure, as the case may be. This rule also supposes that in handling the information, in terms of disclosing it, an individual would try to minimize the identifiers to the extent possible.

Section 33, with respect to health cards and health numbers: As I mentioned at the outset, the Health Cards and Numbers Control Act is repealed and the provisions of that act reside in section 33. So the repeal doesn't mean those rules are gone; it simply means they are incorporated in this bill.

Section 34 pertains to fees for personal health information. Here the rule for collection and use, set out at page 28, is that a custodian shall not charge a fee for collecting or using personal health information unless it's authorized. With respect to disclosure, the fee that may be charged is the one that is prescribed in the regulations, and if no such fee is prescribed, then it's a reasonable cost recovery fee. There is also a similar rule under the access part in this bill.

Collection: There are rules around collection without consent, set out in section 35. Generally, the rule is that you obtain consent directly from the individual. However, the act allows collection indirectly if, for example, as in clause (b), "the information to be collected is reasonably necessary for providing health care or assisting in providing health care ... and it is not reasonably possible to collect, directly from the individual." For example, the provider would not be able to rely on it as reasonably accurate, or the person is unconscious so you have to collect it from someone else. That is set out in clause 35(b).

There are rules that pertain to custodians that are institutions, which again are the Ministry of Health, the boards of health and some homes for the aged under this legislation.

The commissioner may authorize another manner of collection -- that's set out in clause (d) at page 29. Also, if this act permits a custodian to disclose the information, a custodian may receive it, and that is also set out in this part.

In Section 36, "Use," you will see a number of provisions that permit use without consent: for the purpose for which it was collected and for all the functions reasonably necessary for carrying out the purpose, unless the individual has expressly provided otherwise; for planning or delivering programs of the custodian; for the purposes of risk management or error management to improve the quality of care; for educating agents; to modify the information to conceal the identifiers; for the purposes of a proceeding -- for example, if you require the record to prepare yourself for a hearing if you are being sued; for the purpose of processing or monitoring, verifying or reimbursing claims for payment; for research -- there's a rule around that. Also, another act may permit the use without consent; that is, we have these rules under collection, use and disclosure, subject to the requirements and restrictions, if any, that are prescribed, if permitted or required under another act.

"Disclosure," at page 30: Here again there are a number of disclosures relating to personal health information. Section 37 permits a custodian to disclose information if it's necessary for the provision of health care but it's not reasonably possible to obtain the consent, unless, of course, the individual has expressly instructed the custodian not to make the disclosure; and for the purposes of contacting a relative, set out in clause (c).

There are rules around disclosing general information about a patient or resident in the hospital; subsection (3) deals with that at page 31. There's a rule around deceased individuals. Section 38 pertains to disclosure for other programs; for example, to determine or verify the eligibility of an individual or for the purposes of an audit, with certain rules that go with that.

The next page pertains to disclosure to the chief medical officer of health and to a public health authority with similar jurisdiction for the purposes of the Health Protection and Promotion Act.

1130

Disclosures related to risk as set out in subsection 39(1) allow the custodian to disclose if the information is reasonably necessary for the purpose of eliminating or reducing a significant risk of serious bodily harm to a person or a group of persons.

There's a rule around disclosure where the person is in custody.

Section 40 deals with proceedings. That's set out on page 33.

Section 41, as I mentioned, deals with transfer of records.

Also, there is a provision in section 42 that recognizes that disclosure is necessary in other contexts, and they are set out in that section.

Ms Appathurai: Section 43 is research, and I think this is an issue on which you may well hear a great deal during the consultations. In clinical trial --

The Vice-Chair: Excuse me. Ms Martel has a question.

Ms Martel: My apologies, Carol. Can I go back to the criteria around disclosure around facilities? I suspect when we hear from faith communities, we're going to hear about their concern with that particular section. What is the rule now that operates? As I understand it, now they will actually have to reference a very specific individual by name in order to get the information, if that person is in the facility; is that correct? Is that what your section is saying, "confirmation that the individual is a patient"?

Ms Appathurai: Yes.

Ms Perun: That is if someone calls and wants confirmation that someone is a patient. This provision permits that confirmation unless it is expressly requested by the individual not to disclose that information.

Ms Appathurai: This is really to respond to the florists who come or requests from individuals for updates on the condition of an individual who may be in the hospital. But you're talking about chaplains?

Ms Martel: Yes.

Ms Appathurai: That is an issue that will be discussed, I'm sure. The issue is how chaplains are to have access to personal information. We think, and we're certainly open to hearing more on this, that they may be able to access information because they're in the hospital and working as an agent of the hospital and therefore would be able, as an agent, to access that information.

Ms Martel: Is this the particular section that they're going to reference, though, in terms of their concern about a restriction now that was not in place before? Is this where the restriction is coming in?

Ms Perun: I think also the restriction that they feel -- if they're not part of the hospital as agent and if their work does not clearly fall under the definition of health care, they would therefore be required to obtain express consent before they can do their work. So then when we look at this issue, we need to look at their relationship with the custodian and whether they could be an agent and whether the type of provision of service would fall under the fairly broad definition of health care that we have currently. So then they would be within the circle of care, in a sense. But it's still an implied consent rule, so there would have to be some consent to the individual wanting to have that kind of service.

Ms Appathurai: If we could go back to section 43 on page 34, in terms of clinical research, where you're in a hospital or in a setting where the patient is directly in contact with the researcher, it's easy enough to obtain express consent. But in situations where a researcher is doing a very large-scale study or wants information on individuals who are deceased, they need to have access to personal health information and they are asking that they not have to get the consent of individuals, arguing that this is an onerous task, too onerous, too impractical and that it is in the interest of the public. It's in the public and ultimately in the individual's interest to have this health research going on.

At the other end of the spectrum are individuals who say, "I want to have control over my information and I recognize the public good that comes from research, but don't use my information for that purpose." So we have tried in these provisions to walk a fine line between allowing access to improve health care and health care delivery, while putting protections around the individual's personal health information. We have looked at experiences in other jurisdictions. We used the tri-council agreement as our basis. We hope we found a good balance, but we're open to hearing from you. If we need to shift, we really would appreciate any advice on this.

Let's go to page 35, section 43(2). When a researcher determines that he would like to do a research project that requires personal health information, he must develop a research plan that sets out certain requirements: the affiliation of each person involved in the research, the objectives of the research and what is the public good or scientific benefit of that research. He must submit -- and then you'll see on page 35, subsection (3) -- that request, that research plan, to a research ethics review board.

If you go to page 8 of the legislation, you will see under the definition of "research ethics board" that we have the ability to prescribe requirements around how that board is constituted and how it functions. The research ethics board has to look at that plan and approve it, but has to take into consideration (a), (b), (c) and (d) of subsection (3). They have to look at the objectives of the research. Can that be accomplished without using personal health information? What are the safeguards that are in place around privacy? What's the public interest in conducting the research? Is it really not practical or possible to obtain the consent of the individual?

After reviewing the research proposal, the research ethics board will give its approval in writing. The researcher then takes that approval to custodians to request the information. Health information custodians are not required, just because a researcher can show approval of the research ethics board, to hand over the personal information. It's permissive. If they do, they are required to enter into an agreement with the researcher. You can see that's subsection (5) on page 35, and we set out requirements on page 36: (a), (b), (c), (d), (e) and (f). I might not have to read them for you, but one that's particularly important that has to be in that agreement is to "not make contact or attempt to make contact with the individual ... unless the custodian" -- the health information custodian -- "first obtains the individual's consent."

Often researchers, when they are doing research, come across something -- maybe serendipitously -- that's very interesting. They would like to take that information, the sample, the individuals within the sample and continue on. They're often very tempted to call them up and say, "Would you like to come in for interviews?" So we've put a control on that as well.

If we can turn to section 44 -- that's on page 37. This is a disclosure to the ministry for the purpose of monitoring health care payments. This is a provision that just ensures accountability.

If you look at section 45, this is the health data institute section. How this works is, when the ministry requires information for planning and management, the ministry must come up with a proposal which is to be reviewed by the commissioner. The commissioner has 30 days in which to review that. At the end of the 30 days, the commissioner reviews and comments on that. The ministry will respond to those comments, make adjustments and can then request that health information custodians disclose that information to the health data institute.

1140

That data institute has been approved by the Information and Privacy Commissioner and by the ministry and will be reviewed every two years by the Information and Privacy Commissioner to ensure that they have very strong privacy protections in place. It is the data institute that will do the analysis, the linking that is required, will de-identify the information and store it very securely. It will be stored without identifiers and only the key will be maintained as securely.

Where the ministry may require in unique circumstances minimal identifiers, the Information and Privacy Commissioner has to approve that. The ministry cannot request that information to be disclosed to it by the data institute without the approval of the Information and Privacy Commissioner.

We have a number of provisions here that speak to the withdrawal of approval of the data institute. There are a number of provisions around what should happen to the information should that be withdrawn. These are just additional privacy protections around the data institute.

Ms Perun: I've already highlighted restrictions on recipients at section 47, so I won't belabour that. Also, there is a rule pertaining to disclosure outside Ontario in section 48. Next, we're on to access.

Mr Orr: I'm mindful of the time, so I'll try to be fairly brief. I'm starting on page 42, looking at part V on access.

Up to now, patients have had a right of access, a common law, to their health information. It's been recognized by the Supreme Court of Canada. The patients also have rights under the Mental Health Act and under the Freedom of Information and Protection of Privacy Act where those acts do apply to the particular situation. These acts, as provisions, codify the right of access and provide an easy way to get access and provide recourse in case access is not properly provided. It also provides for appropriate exceptions.

This part starts out by talking about some of those exceptions. The part doesn't apply to information that is quality-of-care information, which we'll get to -- that's schedule B to the bill -- or similarly, to information as part of quality assurance programs under the Regulated Health Professions Act, or to raw data from standardized psychological tests, although, of course, if this information could be severed out of the record, then the patient will have the right of access.

Some of the exceptions to right of access are in section 50, for instance, where the record is subject to a legal privilege or a court order which prohibits disclosure, or where it's created primarily in anticipation of or for use in a proceeding. Also, where the information is collected or created in the course of an inspection, investigation or similar procedure, that information would not be accessible to the patient until that inspection, investigation or similar procedure had been concluded.

There's also an exemption for access where granting the access could reasonably be expected to result in a serious risk of harm to the treatment or recovery of the individual or serious bodily harm to the individual or another person, or where it could lead to the identification of a person who has supplied the information pursuant to law or in confidence. There are some specific provisions which apply to institutions under the Freedom of Information and Protection of Privacy Act that are also caught by this legislation which enable them to continue to rely on some of the provisions relating to access there.

I should just mention once again that where the information can be severed out, the information that is severed can then go to the patient. It's only the information that I've mentioned that would not go to the patient.

Nothing in this act is intended to interfere with the normal patient-doctor relationship, and there's a provision in there, subsection 50(6), which specifically says that doctors may continue to give patients information without having to make them go through a formal access request. Where the patient does make a formal access request, however, which must be in writing under section 51, there are specific provisions and rights which then follow.

There is a 30-day time period within which the custodian must answer the request with a possibility of another 30 days being added, an extension of 30 days, where doing it within the first 30 days "would unreasonably interfere with the operations of the custodian" because of the number of pieces of information involved or where consultations are necessary with another person. Once that process has taken place, then the custodian is under an obligation to make the record available or to inform the person that the record doesn't exist or it can't be found, if that is the case, or, if they're refusing the request, to provide a notice of that refusal, with reasons, along with advising the person that the person has the right to then make a complaint to the Information and Privacy Commissioner.

Halyna alluded to fees for access. The health information custodian can charge a fee for access, but it can't exceed the amount prescribed in the regulations or, if there is no amount prescribed, can't exceed the amount of reasonable cost recovery.

I'm going to talk a little bit about correction. Where a patient can get access to their record, they have a right to require that the health information custodian correct that record if the individual can demonstrate to the satisfaction of the custodian that the record is inaccurate or incomplete for the purposes for which the custodian has collected or used that information. Once again, they must make a request in writing, although of course we specifically say that there's nothing to prevent the custodian from acting on an informal request. Once they make the request in writing, there's a 30-day time frame, once again with the possibility of a 30-day extension. As I said, it is a right. The health information custodian is obliged to make the correction if it is demonstrated that the record is incomplete or inaccurate. There are a couple of exceptions to this.

One exception is, where the information "consists of a professional opinion or observation that a custodian has made in good faith about the individual," the custodian's not going to be required to correct that. Or, if the record is one that was originally created by somebody other than the custodian and the custodian does not have sufficient knowledge, expertise and authority to correct that record, in such a case that custodian will not be forced to correct that record.

I'd like now to deal with part VI of the act, which deals with administration and enforcement. Any "person who has reasonable grounds to believe that another person has contravened or is about to contravene a provision of this act or its regulations may make a complaint to the commissioner." The commissioner also has the ability, where she has reasonable grounds to believe that there has been a contravention, to initiate an investigation on her own motion.

In the case where it's a complaint from a person, the commissioner has the ability to do some preliminary work to decide what other courses of action the person is trying to take with respect to the complaint, to try to effect a settlement or to authorize a mediator to intervene and try to get an early resolution. The commissioner has the ability to refuse to investigate a case "for whatever reason the commissioner considers proper." That subsection also sets out a number of specific grounds that the commissioner may rely on, but it's important to note that it is "for whatever reason the commissioner considers proper." There's the discretion on the commission not to investigate if an undue length of time has elapsed and there has been prejudice, if "the complainant does not have a sufficient personal interest," or if the commissioner believes that in fact the health information custodian has already responded adequately to the complaint. After deciding to do a review, either on a complaint or on her own motion, the commissioner is obliged to "give notice ... to the person about whom the complaint is made."

1150

Now I come to what the powers of the commissioner are in such an investigation. Actually, the term that the act uses is "inspection." There are two kinds of inspections under this legislation. The first kind, dealt with in section 58, is an "inspection without warrant."

Mr Lorenzo Berardinetti (Scarborough Southwest): Just very briefly, before you go on with the commissioner, is there a right to appeal any decision that the commissioner makes? Is there an appeal mechanism or is that just provided by the courts?

Mr Orr: No, there is not an appeal mechanism specifically in the bill. What that means is that if a person wants to legally challenge the commissioner's finding, they would have to go by way of judicial review rather than by way of appeal.

Getting back to inspection powers, under section 58, which deals with inspections without a warrant, the commissioner has a number of powers. This section can only be relied on if the commissioner has no reasonable grounds to believe that a person has committed an offence. In such case, the commissioner's inspector may, without a warrant, "enter and inspect a premises ... demand the production of ... records," review and copy records, although they can't remove records that are needed for current health care. The commissioner's inspector is also not permitted, without a warrant, to demand production of a person's personal health information without that person's consent. If there is no consent, and the commissioner needs to look at that record, under these provisions the inspector must go under the warrant provisions.

With a warrant, section 59: The inspector would go under these provisions if there was a need, as I say, to seize somebody's personal health information without their consent. Under these provisions, the warrant can impose conditions on the inspector in terms of getting access to that record. The with-warrant inspection provisions would apply where there are "reasonable grounds to believe" an offence has been committed or where the inspector will need to require answers under oath. There is a provision under these powers with a warrant for the inspector to require answers to be given under oath. The with-warrant provisions are also available in case "the inspector has been prevented from" entering premises without a warrant. Basically, they can do anything in these provisions that they would have been able to do without a warrant. But, as I said, they will also be able to see a person's personal health information without consent, subject to the conditions of the warrant, and they'll also be able to require answers under oath.

Section 60 sets out a number of remedial powers that the commissioner has once a review is completed. They are really quite broad. In the case of access and correction requests, of course, the commissioner may order the access or correction to be given.

The commissioner may order "any person whose activities the commissioner has reviewed to perform a duty imposed by this act or its regulations." They can order somebody "to cease collecting, using or disclosing personal health information ... in contravention of this act," to dispose of anything that has been collected in contravention of the act. The commissioner can order somebody to cease or change an information practice or to implement an information practice where that is necessary to achieve compliance with the act.

There are notice provisions, of course. Once the commissioner makes an order, the order must be provided to "the complainant and the person about whom the complaint was made," or, in the case of an own-motion review, to "the person whose activities the commissioner has reviewed." Of course, notice must also be given to "all other persons to whom the order is directed." Notice is also given to the regulatory body, if any. So if it's a physician, notice would be given to the College of Physicians and Surgeons, and also to "any other person whom the commissioner considers appropriate."

These orders must contain reasons, as indeed must the commissioner's notice in case she doesn't make an order. The order of the commissioner can be filed in the Supreme Court of Ontario and enforced as an order of the court. The commissioner has the power to reopen her decisions in cases where the circumstances may have changed.

Once the commissioner has made an order or if a person has been convicted of an offence under this act -- and I'm going to come to the offence provision shortly -- in either of those cases, the person who has been adversely affected by the conduct in question may go to court and claim "damages for actual harm that the person has suffered as a result of a contravention." This only applies to a person who was affected by the order.

The court has the ability, where the conduct was "engaged in wilfully or recklessly," to include an award of damages "not exceeding $10,000, for mental anguish."

I've been told there are only a few minutes left, so I just want to skip over the highlights for the rest of it.

Section 66 deals with confidentiality. The commissioner is required to keep confidential information which she collects under this act, subject to a number of exceptions which essentially allow her to do her job.

Starting with part VII, there is a provision for non-retaliation. Nobody is allowed to "dismiss, suspend, demote, discipline, harass or otherwise disadvantage a person" who has, you might say in the vernacular, blown the whistle on the situation or who has said they will not do something which is a contravention of the act or who has tried to draw attention to something which is a contravention of the act.

The immunity provision, which has already been referred to, section 69, protects health information custodians from anything done or not done "in good faith and reasonably in the circumstances." Persons giving or refusing to give consent on behalf of others have a similar immunity.

Under the offence provisions, just to highlight, a person is guilty of an offence if he "wilfully collects, uses or discloses personal health information in contravention of this act"; if they make a request for access under false pretences or a request for correction; under (e) if they "dispose of a record of personal health information in contravention of section 13." I just draw your attention to those as the highlights. There are some more but I won't go over them in detail.

1200

There are regulation-making powers in section 71 dealing with some things that have already been alluded to, exempting persons from the definition of "health care practitioner" if that is necessary; specifying people who will not be included in that class of health information custodians. There are powers to prescribe, in or out, what is going to be included in personal health information. There are also powers to specify requirements with respect to information practices, whether those are ordinary information practices or information practices where collecting, using or disclosing by electronic means --

The Vice-Chair: I'm going to have to interrupt there. It's 12 o'clock. We'd like to thank you very much for your technical briefing. We'll be having a recess until 1 pm. I've been told the doors will be locked.

Ms Martel: Chair, on a point of order: We're almost done. Can I ask for consent from the committee that we finish so we don't have to do this at another time?

The Vice-Chair: Is that agreed?

Mr Berardinetti: I have to attend another meeting. I have no opposition to that, but I do have to be at a 12 o'clock meeting. I'll be back at 1.

The Vice-Chair: Do we have consent? Agreed.

Go ahead.

Mr Orr: I will try to speed it up.

Section 72 deals with public consultation before making regulations. It has already been referred to. Before the Lieutenant Governor in Council can make regulations, the minister is obliged to publish a notice in the Ontario Gazette and to allow 60 days for public comment. At the end of that time, the Lieutenant Governor in Council may make the regulations with or without changes.

As has been pointed out, there are some exceptions to that: where it's "of a minor or technical nature" or required to clarify "the intent or operation of this act" or where "the urgency of the situation requires it," in the minister's opinion.

I would just point out that this is a provision that deals with the legislative aspects rather than the administrative aspects of the act. I think that is the reason, as I understand it, why the Information and Privacy Commissioner is not given jurisdiction over that, just as she wouldn't have jurisdiction over the legislative part of it but would have jurisdiction over the administrative part of it.

It also has been pointed out, but I'd just like to highlight, that where the consultation is dispensed with because of urgency, the regulation is deemed to be a temporary regulation and will last a maximum of two years, will take effect for a maximum of two years, and will cease to apply after that time unless a further regulation is brought in.

I'm not going to go through the complementary amendments in detail. They are largely there to make sure that the provisions in other acts are consistent now with the provisions in this act.

Ms Appathurai: The last schedule in this bill is the Quality of Care Information Protection Act. This is an act that is seen to be necessary to improve patient safety. You may remember in 2002 the Royal College of Physicians and Surgeons' national patient safety committee put out a major report with a number of recommendations, and one of their very strong recommendations is that there be protections for quality-of-care information in legislation in each province.

In this act, we've attempted to bring a balance between protecting quality-of-care information but ensuring that information that needs to be public for the sake of the patient is not shielded. We'll look to you for direction on whether we've achieved that balance.

If you go to page 85, I'll just very quickly take you through a couple of the definitions. "Health facility": This legislation applies to health facilities. They are defined there as hospitals, private hospitals, psychiatric hospitals or independent health facilities.

Over on the next page, we are protecting in this act --

The Vice-Chair: We have a question.

Mr Ouellette: When you talk about these health care facilities, Ontario purchasers utilize services outside the province. How do they pertain to outside-province facilities?

Ms Appathurai: We have jurisdiction in this act only over Ontario hospitals. We can't extend it beyond that.

Mr Ouellette: Even when we utilize services or pay the funds for outside services we have no control over the information, or is that part of the contract that could be arranged?

Ms Appathurai: That would be part of the contract.

In terms of proceedings, we're protecting this information from proceedings. What is a proceeding? You can see in the definition that it is rules of court, tribunal, commission, a coroner's proceeding, a committee of a college, an arbitrator or a mediator.

The "quality of care committee" is a body that's established, and we wanted to be sure that quality-of-care committees wouldn't just spring up self-appointed, so there had to be some conditions around them. You can see that. It has to be "established, appointed or approved by a health facility" or "by an entity that is prescribed by the regulations," and it has to carry on activities for the purpose of quality care improvement. It has to be designated as set out in the regulations, and it carries on, as I said, the quality-of-care functions, again defined in here.

The provisions set in the bill -- I won't take you through the rest of the provisions but essentially the requirements are this: When an incident occurs in a hospital, or even a near miss, and there is a need to discuss that incident openly, we want health care practitioners to put forward their opinions on what has happened, an analysis of the situation and suggestions for improvement. Those discussions, those opinions will be protected but those protections will apply only if the facts of the incident are in the patient's file. The patient has access to their information and therefore will have access to those facts. That is the balance that we tried to achieve.

Ms Perun: I should also point out that with respect to both schedules, the schedules come into force on July 1, 2004, essentially. So there is an actual date when the act is intended to come into force.

The Vice-Chair: Thank you again for your technical briefing. We're going to recess until 1 pm. Please feel free to leave your belongings here as the door will be locked.

The committee recessed from 1207 to 1301.

UNIVERSITY HEALTH NETWORK

The Vice-Chair: Welcome back, everybody. I'd like to welcome the University Health Network. You have 20 minutes for your presentation. Any time that isn't used will be divided up among the three parties in discussion and questions. Go ahead.

Mr Tom Closson: Good afternoon, everyone. My name is Tom Closson. I'm the president and chief executive officer of the University Health Network.

I'd like to begin by expressing my appreciation to the committee for allowing us to make the submission today on behalf of our hospital. Our hospital has 11,000 staff. We serve almost 1 million outpatient visits per year and 30,000 inpatients.

With me this afternoon is Tiffany Jay. Tiffany is our corporate privacy manager at University Health Network.

University Health Network is the largest academic health science centre in Ontario. It consists of three hospitals: the Toronto General Hospital, the Toronto Western Hospital and Princess Margaret Hospital.

Every year we train more than 3,000 health care professionals. Over 40% of the University of Toronto's medical students are trained at our organization.

University Health Network has consistently supported the adoption of data protection legislation for the Ontario health care sector.

I must say, on a personal note, I've been involved with hospitals in this province for the last 30 years and I've been supporting the adoption of data protection legislation for the last 30 years. So I'm really pleased that we seem to be finally getting there.

This is demonstrated through our commitment to data protection safeguards at UHN based on a national privacy standard which we adopted voluntarily several years ago in the absence of provincial health privacy legislation.

We have included information on these safeguards, such as copies of our privacy policy, and staff and patient brochures on privacy, in the folders that have been given to you. That's in the blue folder. You can, at your leisure, read that.

We are delighted to see that the government has introduced the Health Information Protection Act. We feel that overall the legislation that has been put forward is clear and understandable and it affords our patients the necessary protections in respect of their personal health information.

The University Health Network appreciates what a challenge it is to draft privacy legislation that strikes the right balance between the privacy needs of our patients and the legitimate needs of our health care providers, researchers and fundraisers to access personal information on a need-to-know basis.

Overall, I'd like to say that University Health Network endorses this legislation. However, in reviewing the specific provisions of Bill 31 we have noted three areas where the legislation could be improved or strengthened, and we'd like to comment on them.

Our corporate privacy manager, Tiffany Jay, is now going to explain these concerns. She and I would be happy to answer any questions following her brief remarks.

Ms Tiffany Jay: The first of these three areas is research. The accelerated pace of scientific discovery makes medical research a critical part of our hospital to advance medical knowledge. As recently as the past year, our researchers have made important advances against cancer, malaria, eating disorders, heart disease and Parkinson's disease.

Because of its critical role in health care delivery, we are pleased to see a definition of research included in Bill 31. However, we request that this definition be narrowed so that it clearly excludes studies of an administrative or quality improvement nature. We will provide specific suggestions for a revised definition in our written submission next week.

The second area we wish to discuss is fundraising. A substantial portion of health research is made possible through the work of our three affiliated charitable foundations. They are the Princess Margaret Hospital Foundation, the Toronto General and Western Hospital Foundation, and the Arthritis and Autoimmunity Research Foundation. In 2003, their combined efforts alone raised $62 million for our hospital activities. This constitutes approximately 12% of the total $500 million raised annually by all hospital foundations in Ontario.

To ensure future funds, University Health Network cannot support an express consent requirement for the collection, use and disclosure of personal, non-health, demographic information for fundraising purposes, for two key reasons.

First, an express consent requirement is inconsistent with the privacy expectations of our patients. For example, our privacy office receives approximately 10 complaints per year from patients about privacy and fundraising. This means that about one out every 20,000 patients complains about privacy and fundraising. In most cases, patients are not concerned with providing express consent, but rather they are interested in receiving more specific opt-out choices. For example, an individual may only want to be solicited by mail, rather than being approached by foundation telemarketing staff.

The second reason why we cannot support an express consent requirement for fundraising is because our doctors, nurses and other care providers have told us that they will not talk to patients about consents related to health care fundraising because it takes time away from patient consultations and education.

Thus, to summarize, we want patients to have control over their personal information in the Ontario health care system, including health care fundraising activities. We believe such control is fundamental to an e-health environment and to inspiring public confidence in electronic patient records. However, we believe the majority of patients do not feel that such control should require their express consent to participate in health care fundraising. Rather, our history of patient complaints in this area demonstrates our patients' principal desire is to have more specific opt-out choices such as for telemarketing as well as a desire on behalf of our patients and clinicians to have as much time as possible for the delivery of patient care.

Finally, University Health Network has concerns about the right of patients under Bill 31 to withhold or block critical information from their care providers, otherwise known as the lockbox provisions. We feel that not only is it impractical and, in some cases, impossible to sever personal health information from a patient's records, but that lockbox provisions also have potentially serious and negative consequences for patient safety and care. These include adverse drug reactions, an increased potential for misdiagnoses and an increased number of unnecessary medical tests and interventions as a result of incomplete medical records.

Perhaps this point is best illustrated by an example.

Mr Closson: I'd like to give you an example, but let me just say a couple of words before I do. We work in a very large organization. We have thousands of caregivers and when patients come in with complex illnesses, it's very difficult in advance for anyone to determine which care providers are going to have to provide them with care. They can move from one unit to the next, from one program to the next. We call this the circle of care. These are all the people who need to participate in their care.

1310

The idea that someone could in advance suggest which pieces of information should be withheld and could be withheld could cause quite a detrimental impact on their care. My example is one of the health care organizations I worked for -- and this may seem like an extreme example to you, but it's an example which might catch your attention. The patient was a staff member, so therefore they were concerned about their health information being shared with other staff. The situation was that they'd had a sex change. So what they wanted withheld from other staff was what their original gender was. They wanted any reference in the record to the fact that they'd had a sex change locked.

Now, this was an organization that didn't have electronic records, so they wanted it done in a paper envelope. This raises the question for the care providers: How do you provide care to somebody if you don't even know which gender they are under the skin? If the person were to say, "Well, I want it withheld," and you say it could be given to the most responsible physician, because presumably the most responsible physician needs to know which gender the person is, once they know that information, whom are they able to share it with? As the patient moves from one most responsible physician to another, can the information be passed on to the next most responsible physician? What about the nurses who are taking care of that patient?

So I think you can see from this that this becomes quite impractical in terms of delivering care. I think rather than having a situation where a patient can decide that there's information that should be withheld, maybe if there is such information or if there is information in total about the patient, the focus could be more on whom they want it withheld from. So there may be certain people like, let's say, their next-door neighbour who also works in the organization and from whom they would prefer that their health information be kept away. I think that's something we could accept, because then we'd be in the situation where certain people would not be able to get access to the record and other care providers would be in a position to take the place of those care providers who were to be excluded from having access to the record. To me, I think that's a much more practical solution to this.

This, as you may know, has been tried in Great Britain and has created a number of issues in terms of the efficiency of care. Of course, there is the issue of the safety of the patient themselves with their care providers not knowing pretty basic information about them in terms of trying to develop a care plan to deliver care.

Ms Jay: In closing, our organization endorses Bill 31, and we hope it is enacted as soon as possible with the amendments we are proposing today in our written submission. We thank you for this opportunity to contribute to the hearing process and are happy to be able to submit a written submission next week. We're also pleased to answer any questions you may have.

The Vice-Chair: Thank you very much. We'll start off with the official opposition; for about three minutes.

Mrs Witmer: Thank you very much.

OK. I appreciate all the work you've already done in order to protect the information that patients have in their files. I'm interested in the fundraising problems that you have identified here. How much of an impact do you think it would have and mean? How much more money would hospitals have to receive from, I guess, the government in the province in order to make up for what you could possibly lose?

Mr Closson: It's hard to estimate it precisely, but one of the big challenges that foundations are facing today is the big donors who have something specific that they want to donate money to and who do not want to give up part of that money for the cost of running a foundation.

One of the sources of funds that foundations rely on to actually be able to pay the foundation staff to go out and raise money is the money that comes in from solicitation using letters or telephone calls. In fact, if that money dried up, I'll tell you, the foundations would just be ground to a halt in this province. So you could say it could be as much as $50 million for our organization alone. I'm going to give you a very broad range, but I'd say it would be anywhere from $10 million to $50 million out of the $67 million or $70 million that we raised last year. Mount Sinai did a six-month study using express consents, and they found that they were only able to get express consents from 10% of their patients. So they cut off 90% of the potential people from being available to try to solicit money from.

Mrs Witmer: What about the research? What do you think is the biggest impediment contained within the legislation as it presently stands?

Mr Closson: The legislation requires approval of research studies by the research ethics board which, of course, is a very positive thing. In our organization alone, we have 1,000 studies going to the research ethics board a year -- 1,000. We're actually pretty much in sync with the legislation on this point. We just want finer language about what a research study is, because there are a lot of internal studies that are done as part of managing the organization that you really wouldn't call research studies. We want to make sure that they don't have to go to the research ethics board, so it's just fine-tuning of the wording. In our submission, we'll give suggestions as to what the wording could say.

The Vice-Chair: Third party.

Ms Martel: Thank you for coming here this morning. Let me go back to the fundraising. Tell me how you solicit someone now. Do you go to every patient who comes in a year, on an annual basis? How does it work?

Mr Closson: Yes, we do. We have lists. We provide demographic information to our foundations of the name of the person and their address. The foundations then solicit from them.

Ms Martel: The study that was done by Mount Sinai, was this a letter that they sent, then, to the entire patient list, asking them if they wanted to be on a fundraising list?

Mr Closson: That's my understanding, yes.

Ms Martel: The extremely low response rate -- do you think that was just that people didn't take the time to respond, or did they really not want to be solicited any more and responded in that way?

Mr Closson: Based on our experience, we get very few complaints, as Tiffany was saying. One out of 20,000 people complains about the fact that we've solicited them, so I don't think this is a concern about being solicited; I think it's people having better things to do with their time than respond.

Ms Martel: When we talked about that this morning, earlier in the briefing, and you wouldn't have been part of that, one of the ministry's suggestions was that we could allow for the hospital to actually write to the patients and ask them if they wanted to be a part of fundraising campaigns, if they wanted to be approached. Is this the same kind of thing that Mount Sinai did?

Mr Closson: That's essentially what Mount Sinai did, so we don't think it will work.

Ms Martel: So you wouldn't see that as an option.

Mr Closson: No, we don't think it will work.

Ms Martel: OK.

Mr Closson: We think that the patients would lose the opportunity of being educated about what's going on in their hospitals, too, because we do use this as an opportunity to educate people. We send out information about the hospital and the latest things that are happening. We can refer them to our Web site. We wouldn't be able to afford to send out those kinds of educational materials if there wasn't some potential for having some money come back.

Ms Martel: I appreciate that. Across, let's say, Toronto and the GTA, outside of Mount Sinai, are there other hospitals that have tried to do a similar thing to really gauge the reaction of their patients with respect to this matter?

Mr Closson: Not that I'm aware of, no.

Ms Martel: I'm not sure if I had anything else about fundraising. If I go back to the research, then, what you are essentially going to provide the committee is a tighter or a more limiting definition of research itself?

Mr Closson: Of what is research. That's right.

Ms Martel: Your ethics committee has been in place for some time now?

Mr Closson: We actually have two ethics boards. They meet alternate weeks, so we have them meeting every week. They've been in -- I don't know the number of years -- certainly longer than I've been at --

Ms Martel: So we should assume that most hospitals already have the ethics committee, that's not in question, and that there is always a process for having research proposals reviewed etc. Should we also assume, at least perhaps for some of the major downtown Toronto hospitals, that in fact these same kinds of numbers of projects are occurring, one institution after the other?

Mr Closson: Yes, we do about $140 million a year in research at UHN, so we are a very large research organization, but it turns out to be about 1,000 studies a year, at least the last time I asked.

1320

The Vice-Chair: Three minutes for the government side.

Ms Wynne: Thank you, and I apologize for coming in to your presentation late; I was in another meeting.

Can you talk a little bit more about the lockbox issue, about the specific recommendations that you would want to see around that disclosure issue?

Mr Closson: We've sort of come at this from the basic premise, when I talked to clinical staff, of their concern about whether they can safely provide care to a patient without having all the necessary information about that patient's condition and their medical background. So we feel that any sort of lockbox approach is going to limit the amount of information that's available in the circle of care, to the people who have to provide care to the patient.

We have an approach. We have an electronic health record at UHN which we audit. We do random audits of everybody who comes through our hospital to see who's been looking at their record. In fact, for famous people we do an automatic review of who's been looking at their record, and if we find anybody on our staff -- one of our students or residents, staff members, physicians -- who's been looking at a record who has no right or no reason to be looking at the record, then we take action against them up to and including dismissal. It's in our policy. It's even on our computer screens, "Don't go past this screen unless you have reason to be looking."

Our view is that more of an auditing approach to make sure that only the right people are looking at information and being serious about taking sanctions against people would be a much better approach to this than limiting the ability of the people who do need to have access to the information.

Ms Wynne: So you think it could be controlled in a reactive rather than an initiative sort of --

Mr Closson: Yes. The word "reactive" doesn't sound too positive. I think it's --

Ms Wynne: I was using it with its connotation, though, that you're reacting to something happening as opposed to trying to prevent it from happening.

Mr Closson: That's right, and the reason this process works, and we know that it does, generally speaking, is because the staff know that you're looking. It's even on the computer screens to tell them that you're looking to make sure that they had a reason to be able to look at the records.

Ms Wynne: And in your presentation you're going to provide details about how you think that should be modified?

Mr Closson: Yes, we'll say in our submission how we think it should be modified.

The Vice-Chair: Thank you very much, Mr Closson and Ms Jay, for your presentation.

THE ANGLICAN, EVANGELICAL LUTHERAN AND ROMAN CATHOLIC CHURCHES IN ONTARIO

The Vice-Chair: I'd like to call the next group. It's the Anglican Church, the Roman Catholic Church and the Lutheran Church in Ontario. You may start. You have 20 minutes.

Bishop George Elliott: Mr Chair, committee members, we'd like to thank you for this opportunity to appear before you as the committee considers Bill 31. We represent the Anglican, Evangelical Lutheran and Roman Catholic Churches in Toronto. I'm Bishop George Elliott, from the diocese of Toronto. With me are Bishop John Pazak, from the Roman Catholic conference of Ontario bishops; Adam Prasuhn, from the Eastern Synod of the Evangelical Lutheran Church in Canada; and Harry Huskins, who is the executive assistant to the Metropolitan of the ecclesiastical province of Ontario.

We support and welcome the intent of the bill to further the privacy of health information. We would like to present a summary of our more detailed brief, which has been given to you, for a few moments and would welcome the opportunity to discuss our concerns with the members of the committee.

We have had a concern for some time that legislative and regulatory action taken by the federal and provincial governments may, unintentionally, have adverse consequences for individuals and their religious community as they live out their religious faith.

We are concerned that necessary safeguards around personal information do not obstruct individual residents and patients in government-operated and-funded institutions from having access to their spiritual caregivers and fellow religious community members when they most need them.

These concerns are focused in two specific areas. Number one, we are concerned that clergy of these religious communities are not denied access to the members of their faith who want their presence and help at what are often very difficult times in their life. Secondly, we are concerned that chaplains in these institutions are not prevented from doing their work by the provisions of the bill or by misinterpretations of the bill.

Pastoral concerns: We can provide you with examples of this system, both when it works and when it does not. Recently, a woman dying at the palliative care unit in Princess Margaret Hospital wished to marry her partner of 11 years. The staff chaplain performed the marriage ceremony at her bedside with a telephone hook-up to North Carolina so that her daughter could hear the exchange of vows.

A man awaiting a heart transplant in the cardiac unit of Toronto General Hospital wished to marry his partner. The resident chaplain, a foreign student, could not legally perform the wedding. With the co-operation of a community clergyperson, the wedding was celebrated in the staff lounge of the unit. Nurses, doctors and other clinicians were overjoyed that such an event was made possible for the patient.

Then there are the cases in which there are problems. Within the past two weeks, an Anglican priest reported to the coordinator of chaplaincy services for the diocese of Toronto that he was denied information relating to a parishioner of his church at a Toronto hospital. The priest had made plans to meet with the parishioner and his wife to share in the sacrament of the sick. Information personnel at the reception desk denied him information because he was not next of kin. It was only when he called his parishioner, who then informed the front desk, that he was allowed access. Even then, his access was questioned because his presence meant that the parishioner then had more visitors than the post-SARS visitor protocol allowed.

Legal concerns: In our main brief, we go in some detail into the changes we would recommend. These changes are relatively minor in nature and would have little effect on the rest of the bill. We can summarize them quickly for you.

We have mentioned our specific concern that clergy and religious care providers from outside the institution are not denied access to the members of their faith who want their presence and help. We think that the way to ensure this lies in the definition of "personal health information." This is defined in the bill as certain information about an individual, whether living or deceased, and whether in oral or recorded form, that can identify an individual and that relates to matters such as the individual's physical and mental health. Clergy and other religious and spiritual care providers need to know what members of their faith are in an institution in order to carry out their ministry. We believe that the bill should clearly state that providing basic information to clergy and religious caregivers is not a violation of the act, and that this information should be provided to them.

Our second specific concern is about chaplaincy. Because Bill 31 does not recognize chaplaincy services as part of ordinary health care and does not address the status of chaplaincy services directly, things are left uncertain and ambiguous. Because the bill is ambiguous and there are penalty provisions for breaching it, our fear is that it will actively discourage communications that are and have been essential to the achievement of the goals of chaplaincy. We do not believe that the successful achievement of the goals of the legislation requires this result.

We believe that the most reasonable way to solve the problem addressed in this brief is to include chaplaincy services in the definition of health care, and chaplains employed by or accredited by a health information custodian as health care practitioners. This will allow chaplains to obtain access to personal health information and oblige them to safeguard it.

Conclusion: Let us say again that we welcome and support the intent of the bill and we firmly believe that its goals can be achieved while continuing to facilitate provision of spiritual and religious care in these institutions. We think that this bill, however, must recognize that freedom of religion is a fundamental right in Canada. It is protected by section 2(a) of the Canadian Charter of Rights and Freedoms. It is also protected by the United Nations Universal Declaration of Human Rights, 1948. In addition, the World Health Organization defines "health" as a state of complete physical, mental, social and spiritual well-being "and not merely the absence of disease or infirmity." The Canadian Council on Health Services Accreditation has essentially adopted this definition. It needs to be adequately reflected in Bill 31. In addition, we believe that the terms of this bill should be consistent with the 1992 memorandum of agreement concerning chaplaincy services in publicly funded institutions.

1330

The Supreme Court of Canada has made it clear in the case of R v Edwards Books that under the charter, freedom of religion includes not only the right to believe, but also the freedom to practise religion in a way that does not harm others. We believe that substantial constitutional questions would be raised by the existence of legislation that has the practical effect of impairing the ability of individuals to obtain religious care, including when matters of life and death may be involved.

In conclusion, let us say that we are very grateful that you have given us this time to speak with you and to tell you how essential we believe the matters we have raised are to the ability of our churches and people to carry out their ministries. Thank you.

The Vice-Chair: Thank you very much. There are about 12 minutes remaining, so that's four minutes each, starting with the third party.

Ms Martel: Thank you for coming here today. I think I see the solution very clearly in terms of part number II. It was number 1, if I can just go back to it, and I apologize if I have just missed this. The shorter brief says, "We think that the way to ensure this lies in the definition of `personal health information.'" You're proposing an amendment to "personal health information" that is currently in the bill? Am I correct about that?

Archdeacon Harry Huskins: If I may respond on behalf of the group, when we began analyzing what the situation was in terms of the bill, it became very clear to us that we in fact face two problems, if you will. There are those people who are spiritual care providers who operate within the institution, are well known within the institution, are accredited by the institution, and we use the generic forms "chaplains" and "chaplaincy" for that. And you're right; that's what most of our detailed brief is about, in dealing with that.

There's a separate problem with clergy, if you will, those spiritual care providers who are from outside the institution. I think you're probably all aware that there's such a diversity of religious communities in this province and the forms that those take. Again, if you're going to use the generic term "clergy," that could involve an awful lot of people. For those who work day to day and are well known within the institution and are accredited by it, it's not a difficulty in terms of providing them with information, obliging them to safeguard it and providing them with only the information they need. But for all of these people outside the institution who could fall into that category, we recognize that there would be a very serious problem here in -- how do I phrase this? -- letting people come in off the street saying, "I'm a spiritual care provider and I want access to information." How do you ensure that, how do you accredit people, how do you supervise them?

So we feel that there should be two approaches to this. For those outside the institution, the information they need really is that a member of their faith is there, and maybe the room number and when it would be all right to go visit them. But they don't need any more information than that. The privacy standard that has now been enacted by the federal government in the United States draws a distinction between those inside the institution who need the wider breadth of information and those outside, and they refer to the information needed by those outside as "patient directory access." We believe that that information -- who it is, where they are and when it would be OK to see them -- does not fall within the definition of the bill as it stands now. If that could be clarified, if that could be said just in that way so it couldn't be misinterpreted by institutions -- and we are all familiar with the perfections and imperfections of institutions -- then we think that would solve that problem.

Ms Martel: Do you have cases where you would have members of the clergy essentially going to a hospital, not knowing who from their faith community might be there and might want a service, but just generally saying, "I am here. I am from this faith. Who might I be able to see?" Does that happen as a regular occurrence now?

Archdeacon Huskins: I can only speak from the Anglican perspective. Mr Prasuhn is here representing the Evangelical Lutherans, but also the Ontario Multifaith Council on Spiritual and Religious Care, and so he is far more attuned to that and may want to comment in a moment.

Certainly the practice in this province previously has been that the clergy would go to the front desk -- when this was small-town Ontario, everybody knew who the clergy were; it wasn't a problem. Usually the people sitting at the front desk knew them only too well. I know that in my own parishes over the years I'd go to the front desk and be given a list of the people who had declared themselves to be Anglican when they came in. The fact that they declared themselves to be Anglican intimated that they wanted me to know that. Often people would put in nothing and I would get no information about those. So I'd take the list and begin doing my rounds. I'd consult with the people involved -- the floor nurses and so on -- to make sure I wasn't intruding at a bad time, and it worked very well. It may be that we've moved past that. Frankly, I would regret it, but that may be a reality we live in, I'm not sure. I would like to see that continue.

Adam, could you talk about the wider religious community?

Rev Adam Prasuhn: I think you've put it very well, in that it has been the practice in the province for many years -- I started in hospital chaplaincy in 1972 -- for lists to be available to visiting clergy and other spiritual caregivers. I think, unfortunately, we are past that day, so further steps have to be taken.

A particular concern we have in the multifaith council is that many of our spiritual caregivers from other faith groups are not readily recognized by hospital staff when they appear. They may have been requested by the family, but there are often questions; for instance, about an aboriginal person who is recognized as a spiritual caregiver by his group, coming to a hospital and really not having ready access. So we do have those concerns.

The Vice-Chair: Thank you very much. The government side for four minutes.

Ms Wynne: I'm just trying to get my mind around how this would change the current practice, specifically in the big cities. We're not in a situation where people will know, so I write "Protestant" or "United Church" on my file. How would what you're suggesting change what would happen now, in the sense that if I wanted my minister to be with me, I guess I would communicate that to him? What are you suggesting that would change?

Archdeacon Huskins: Actually, I don't think it would change anything in most cases. Again, Adam is more familiar with this on an across-the-province basis. What usually happens is that the clergy who appear at the front desk already have been in there years or months before. They have a card with photo ID on it, they've been accredited by the institution and there are letters of reference from their religious community on file.

As I said, I don't think it would change anything at all. It might force us to ensure that happened in very single instance, and we would have to do some careful work to be sensitive to the needs of non-Christian, non-European religious communities.

Ms Wynne: Or non-practising. I guess there's an issue that because I write "Protestant" or "United Church" on my file -- you made an assumption earlier that it meant I wanted a visit, and I'm not sure that link is actually true.

My second question is, is this act the right vehicle for what you're asking? Is this act where this should be, or is it another issue that we should be looking at? I guess I'm just not clear. We're talking about health information as opposed to access to people who are ill, so I just don't know that this is the place where it should be located or where the discussion should take place.

Archdeacon Huskins: Our choice would have been to have a separate health access act or something a number of years ago. The reality is there's nothing in place in the statutes of Ontario or in the regulations that deals with that. In the absence of that, if this act goes forward as it is now written, we will have to live with the result, and we believe that in many cases this act will be interpreted by the institutions involved, as we say in our fuller brief -- the lawyers know more about this than I do, particularly the constitutional ones -- to mean in some cases that the front desk staff will have orders when somebody comes up and says, "I'd like to visit so-and-so, they've called me to come, I know they're in room so-and-so," not even to inform them or acknowledge that the person is in the institution's care.

1340

Ms Wynne: So we at least need to have a discussion with ministry people about whether that was the intention in any way. OK.

Archdeacon Huskins: I'm sure it isn't the intention, but I think we need that clarified a bit, and we think we can do it without having ramifications for the other portions of the act.

Ms Wynne: Are the detailed suggestions in your larger submission?

Archdeacon Huskins: They are indeed, and you'll also find in there a position paper -- most of the brief is a position paper from Manitoba, where there is already in place an act similar to this and where the very problems we are describing to you are in fact happening now. So this isn't, as we say, just unjustified anxiety, this is a situation that exists, and we would like to forestall that in Ontario.

Mr Ouellette: Thank you very much for your presentation. I enjoyed it very much, and it's great to see you here together as a group.

I was very interested in the perspective you brought forward. In your case of the woman dying in palliative care, do you believe the hospitals could interpret that by entering a hospital or being on certain wards you would be receiving information that could be called a disclosure by the hospital, that because you went into a certain ward and those individuals are in that ward, that would be a disclosure of information?

Archdeacon Huskins: I don't think it should be. I fear it would.

Mr Ouellette: Yes. This would have a large impact not only with the religious community but also with service clubs -- the Legion -- that provide rides, other clubs like the Lions Clubs and organizations that take groups or individuals back and forth to the hospital. That could have a significant impact on those service providers as well and would have to be picked up elsewhere. So you believe that the medical community could view this as a way of denying access because it is disclosure of information?

Archdeacon Huskins: I think one of our group might want to respond in a moment. You touch on something we didn't bring up here but that is personally somewhat close to me. I've worked for many years with a group of patients who have gone through open-heart surgery and recovered, who go into the hospitals. They sit and talk with other people in ways that are profoundly more effective than I ever could. It isn't what they say or do, it's that they've been through it, they've lived through it, they're out there jogging and everything else. The fact that they're talking to these people -- I think maybe you understand; I find it hard to put into words. They are some of the most effective spiritual caregivers -- and some of them are committed atheists -- that I have ever encountered. Although I would not want to speak for them in any way, I just would not want to see that cut off, that people facing that would not have the opportunity to sit down with somebody else and discuss with them what's going on in their life.

Mr John Varley: Just to add to what Archdeacon Huskins said, from the perspective of a lawyer who does a lot of statutory interpretation, I think the concern is very valid, particularly with respect to the sensitivity of privacy legislation. There's a lot that could be said or be concerned to be said with respect to any potential breaches of the privacy act by any openness of the sort that we think is appropriate. It's something that a cautious counsel would probably say your best cause is simply not to allow anybody in for fear that there may be a possibility, and therefore I think a clarifying sentence in the legislation is probably quite appropriate.

The Vice-Chair: Mr Yakabuski.

Mr John Yakabuski (Renfrew-Nipissing-Pembroke): Thank you very much for coming here today. Back to the part about access to patients, I take it there's a section on the admission form where people indicate a religious affiliation. If there was a section or an addition that they could request, if available, a member of their clergy, would that satisfy that part of your concern? If there could be a provision on the admission form that, if a member of their religious affiliation were available, they would like to have a visit by them, would that satisfy that?

Rev Prasuhn: That certainly would help. A concern I would also have is that where a person has not had the opportunity to give express consent -- for instance, a resident of a long-term-care facility who has been in the institution for some time -- that that not be construed as withholding consent.

Mr Yakabuski: Right.

Bishop John Pazak: Or you could have an emergency case where there just isn't time to do that and then the family tells the priest or the minister --

Mr Yakabuski: But there are provisions in your form for people to speak for those who are not in a capacity to do so. But if that provision was there, that should alleviate some of that concern, I would think. That is something hospitals would have to work out.

Bishop Pazak: It would help.

The Vice-Chair: Thank you very much for your presentation.

CENTRE FOR ADDICTION
AND MENTAL HEALTH

The Vice-Chair: Next is the Centre for Addiction and Mental Health. Welcome. You have 20 minutes.

Ms Gail Czukar: Thank you. Good afternoon. I'm Gail Czukar, the executive vice-president of policy and planning at the Centre for Addiction and Mental Health. With me are Kate Dewhirst, legal counsel at the centre, and Peter Catford, chief information officer and vice-president of information management.

The Centre for Addiction and Mental Health is Canada's largest mental health and addiction facility. It was formed in 1998 from the merger of the Addiction Research Foundation, the Clarke Institute of Psychiatry, the Donwood Institute and the Queen Street Mental Health Centre. We do a very wide variety of things. We have a variety of clinical programs, in-patient and out-patient, satellite clinics and community-based services. We also have a very extensive research, education and provincial program around health promotion and prevention.

I'm going to try to keep my remarks brief to allow maximum time for questions, so I'm going to try to concentrate on those issues that are particular to the mental health and addictions field. I'll say at the outset that while we've given you a brief, we may well want to expand on this brief next week. We're still going through the bill and discovering new and interesting things and consulting with our internal and external stakeholders to bring you the best information and suggestions that we can on the bill. I know it has a very short timeline, so we'll do that as quickly as we can.

The bill is complex. It's going to take time and study and it will have significant implementation issues. Mr Catford is here to help you with any questions you might have, particularly around the systems and records issues, in that regard.

You'll see that we've made some recommendations. I'm going to actually be concentrating on the points on pages 6, 7 and 8. The recommendations are listed at the end.

We recommended an extension of time to bring this into force in order to allow for those implementation issues to be worked out, and in particular to allow for consultation with stakeholders by the ministry and the government to develop regulations and to develop templates and materials that will be helpful to people. That's the first recommendation, to extend the time for coming into force.

Others before us have spoken of the lockbox provisions. We of course have clinicians who want to have complete sharing of information so that they can provide the best care -- and I think Mr Closson put that case rather well -- and practitioners in this field would feel the same way, that they function best when they have all the information and no impediments to that. Of course, in the mental health field we're used to operating within the constraints of the Mental Health Act, where information sharing is concentrated mainly within the treatment facility and to some extent with other hospitals. But our issues are more with the boundary between the hospitals and the community, and I will come to that.

On the other hand, we're very aware of the effects of wide-open information sharing on stigma and discrimination against our client group, and we're quite concerned about that. We recognize that the legislation has tried to achieve a balance. We think it's mainly successful and we certainly support the government in bringing forward this legislation at this time. It's much preferable to having PIPEDA apply in the health care context.

1350

What we'd like to suggest, however, is one change with respect to information sharing between hospitals and community agencies. A lot of community agencies that our clients deal with may not be caught by the definition of the community service in subsection 3(1), paragraph 3, subparagraph vii, which is the one that talks about community service that's primarily providing health care. There are agencies that provide case management services, supportive housing, vocational services and some social recreational programs that we work with to discharge patients to who may not be within that circle of care within the meaning of that definition.

What we're thinking of is something that might be like the information-sharing provision that's currently in the Mental Health Act in section 35.1 with respect to community treatment orders, where a physician who is developing a community treatment order can consult with people in the making of the community treatment plan, which is the care plan, and would be comparable to a discharge plan. We think that some mechanism like that might work to make it clear with whom information can be shared and for what purpose, and that would be for the making of the discharge plan and for transferring a person to those services. That might help us forestall the use of the lockbox provisions too much in the mental health context, which is something we would be concerned about. That's an idea we're exploring with some of our stakeholders and would be willing to work with the ministry on if they're interested in that.

Another issue that we're particularly concerned about in the mental health context is the disclosure of personal health information with respect to Ontario Review Board proceedings. Ontario Review Board is the Criminal Code Review Board under the Criminal Code for people with mental disorders. There isn't a provision similar to the one in the Mental Health Act which specifically allows the disclosure of records to the Consent and Capacity Board. There are a number of provisions in the legislation that allow disclosure of information for placement of people in custody -- it specifically refers to part XX.1 of the code -- and for disclosure of information to comply with orders of the board. We're not entirely certain that this covers the disclosure of information to the board for the making of the dispositions. We want to make sure that is there. Again, we're still looking at it but we don't think it's clear at the moment.

The final point I'll make is with respect to research databases. We share some of what has been said previously by Mr Closson. Researchers tend to have their own databases. They comply with a lot of federal granting agency regulations and other requirements that make them feel that they obtain explicit consent, for the most part, for collection of information, that they do a good job of protecting it. To bring those databases under the jurisdiction of our information management capacity will require significant implementation time and cost. If you have further questions on that, I think Mr Catford could answer those.

I'd like to conclude my remarks there to allow time for questions.

The Vice-Chair: Thank you very much. We'll have three minutes each, starting with the government side.

Ms Wynne: Thank you for your presentation. Could you talk a little bit more about -- it's subparagraph vii of paragraph 3 of subsection 3(1); is that right?

Ms Czukar: Right.

Ms Wynne: OK. Can you give us an example of the kind of thing that -- you're suggesting that we replace it with 35.1 from the other act and I don't have that in front of me.

Ms Czukar: No, I wouldn't suggest that it be replaced. I think this definition is fine as far as it goes. The limitation in it is that it talks about "a centre, program or service for community health or mental health whose primary purpose is the provision of health care." That's the key. There are many mental health and addiction agencies that would not see themselves as providing health care even with the broad definition of health care that's in the legislation. I'm not advocating changing that definition, because I think it's a good idea to keep it restricted to health care for other reasons. That's why I'm suggesting that there might be a special recognition for mental health programs -- I would call them programs rather than agencies -- that may not be providing health care within that definition. The risk to them is that they're disclosing information that does get to be found out to be health care, and it's not. We want to disclose health information, but they may not be caught here.

Ms Wynne: Are you making a specific, more elaborate recommendation on exactly what you think the language should be? Is that included in a presentation that you're going to give us?

Ms Czukar: We're not quite there yet with the specific language. It's the idea of it that has just been developed.

Mrs Witmer: Thank you very much for your presentation. Having been involved in the reform of the Mental Health Act, it looks like you've done another outstanding job of reviewing this legislation. I guess you've identified a problem that I have certainly seen, and that is the very short timeline for implementation of this bill and the amount of work that is going to be required in order to educate those who are going to be responsible for the development of materials. You're suggesting that it should be delayed for at least another six months, which would be about a year from now. Would you say that a year is long enough, or are you suggesting that it would take longer than that?

I guess I ask that question based on the fact that I was health minister when we started to develop this legislation, so if you take a look at the number of years it has taken us to get this far, and then you think about how long it's going to take to educate those who are going to be required to be in compliance, is a year realistic?

Ms Czukar: It's better than a few months, which is what we'll have once the legislation is passed. I recognize that people will start their work before that. Having been involved in the government regulations process myself, I know that trying to have a consultation on regulations that will be required under this, and have them in effect, and people understand them by July 1, is just unrealistic. I think six months is a lot better and can be worked with. There may still need to be some staged implementation. I think Mr Catford may have something to say, though, about implementation.

Mr Peter Catford: I think, as you comment, we've been working over the years to try and move our systems to be better, particularly the computerized systems. As you know, the average system takes eight to 12 months to implement, so in the event that we have to make major changes -- an example would be lockbox -- most of our commercially purchased software wouldn't support such a concept. Then, really to react with our major systems might take us six to eight months. That's probably a minimal need. We'd have a combination of manual and automatic and probably error-prone process to respond to things like the lockbox.

Mrs Witmer: The other thing you've talked about is the cost of making these changes. Have you given any consideration to what it would cost an organization like yours to fully implement the changes that are being anticipated here?

Mr Catford: We have about 35 different computer systems that contain personal health information in one form or another. If we had to change every single computer system and modify it, and you'll take the same kind of logic that it takes six to eight months to undertake a project like that, then you're talking eight months times 35 systems. Obviously, we can do a lot of that work concurrently, but it's still an order of magnitude -- I had estimated it was somewhere between $4 million and $8 million for the centre to respond to that in a purist way. Obviously, we can make compromises and we can implement manual processes and we can do a bunch of other work to try to protect the personal health information and to comply with the act.

I think, by and large, the system over time will have to invest that much to be able to be responsive. I think I'd draw the committee's attention to HIPA in the US and the upheaval it's created in the vendor community. Particularly most Canadian hospitals acquire their systems from the US vendors who are responding to the HIPA legislation. You'll see very publicly that the vendors are taking a hard stance that it's difficult to do. The hospitals have delayed the clinical part of that implementation a number of times. So I think it is a difficult undertaking. I think six months would be an absolute minimum.

Ms Martel: Thank you for being here today. I didn't understand the information you were providing to us with respect to research databases. You said, I think at the start, that researchers who are involved with federal agencies feel they have received consent, but after that, I didn't understand the rest.

1400

Ms Czukar: They're really two different issues. In terms of collecting information for research, if the entire scheme of the act applies, which it would seem to, then all the provisions around collection, use, disclosure and access will apply to research information. Currently, researchers in, I would say, most hospitals maintain their own databases. We have a clinical records database that Peter and his group manage, but they don't manage all the research data. So the researchers know what data they have, but if we had an information access request to research information of Dr Jim Kennedy, for example, we wouldn't be able to honour that because we don't have his information. Researchers get grants. They have laptops; they may have databases that -- you know, they give the laptops to their graduate students to collect information and they carry that around with them. We don't know what they are; Peter's area would not have a list of those. So one of the big implementation issues would be to bring those research databases into the full scope of our information management. That's the main thing I was talking about.

Ms Martel: Right now they belong to individuals per se versus to the organization as a whole.

Ms Czukar: Yes. The alternative is for the individual researcher to be considered a health information custodian under the legislation, which would be the way it would go. But then they'd have to be able to comply with all the security requirements and all the information management requirements and all those things. We're still looking at which way is better. We'd hoped to have our VP of research here today, but unfortunately, he couldn't make it.

Ms Martel: What do they do now with respect to those issues of security and safekeeping?

Ms Czukar: They would say they have very good safety and security, because they have to comply with the requirements of any federal granting agency, in Canada or the US, that they get money from. So they have a lot of those requirements. I think the issues will be more whether they can -- they would not, for example, right now provide access by people to that information in the way that this legislation would mandate. We're not sure how all the other requirements would apply, because they're not used to it.

Ms Martel: In terms of letting people know how the records are kept and who to contact etc, which is right now an obligation of the custodian.

Ms Czukar: Those would be new.

Ms Martel: Just going quickly through the recommendations, I see your last point, number 8, is that subsection 70(3) be deleted, the offences involving officers. Can you explain to the committee why you would like to see that section removed?

Ms Czukar: That's in our recommendations, and I'll point out that there's a slight inconsistency. On the previous page, we said it should be redrafted, but the more we thought about it, we couldn't figure out how to redraft it. The problem with strict vicarious liability is that we don't see how you can say that an employee or an officer is convicted of an offence when the corporation has not been prosecuted for it. I mean, if the section starts out saying that if a health information custodian has committed an offence but hasn't been prosecuted or convicted, I don't know how you know they've committed an offence if they haven't been prosecuted or convicted.

Ms Martel: All right. In "penalty" it says, "A person who is guilty of an offence under subsection (1) is liable...." And then it says here, "If a corporation commits an offence...." If it says, "If a corporation is guilty of an offence," what happens under that circumstance then?

Ms Czukar: That would be better.

The Vice-Chair: Thank you very much for your time.

INSTITUTE FOR CLINICAL
EVALUATIVE SCIENCES

The Vice-Chair: The next group is the Institute for Clinical Evaluative Sciences. You may begin.

Dr Andreas Laupacis: Thank you very much. Good afternoon. My name is Andreas Laupacis, and I am the president and CEO of the Institute for Clinical Evaluative Sciences, also known as ICES. I am accompanied by ICES's privacy officer, Pam Slaughter.

In this presentation we will briefly describe ICES and how we use health information in research activities. We will highlight many of the positive aspects of the proposed bill, and we'll conclude with some areas of particular concern to ICES.

ICES is an independent, non-profit organization that conducts research on a broad range of topical issues to enhance the effectiveness, quality, equity of access and efficiency of health care in Ontario. ICES uses population-based personal health information to produce knowledge that can be used by the Ontario Ministry of Health and others to support health policy development and changes to the organization and delivery of health services in Ontario. ICES also conducts programs of research that are publicly funded by organizations such as the Canadian Institutes for Health Research, among others. ICES reports and our list of publications are made available to the people of Ontario on our Web site.

New legislation is required for the protection of personal health information while at the same time ensuring that health information is available for research and the evaluation and management of the health system. The latter includes measuring the delivery and outcomes of health care in Ontario and comparison with accepted benchmarks of quality of care. We applaud the ministry's hard work in developing a health-information-specific bill. We believe that, in general, the provisions of HIPA will balance the protection of privacy of people's health information and the public interest served by health research. We particularly endorse the following features of HIPA:

(1) It's based on the 10 privacy principles in the Canadian Standards Association code included in PIPEDA.

(2) It affirms the important roles and responsibilities of research ethics boards, which I will subsequently refer to as REBs.

(3) The Information and Privacy Commissioner of Ontario will have a central role in the proposed legislation.

(4) The rules and requirement for uses of personal health information are very similar to those of the Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans, our highest national research standard.

(5) The bill recognizes that there are circumstances in which the use of anonymous information without individual consent is in the public good and therefore permitted.

ICES absolutely agrees that any research that involves direct contact with individuals or which directly impacts upon the care of individuals requires informed consent. However, there are some circumstances in which consent is not possible because of the huge number of individuals involved, the retrospective nature of the research and the fact that some individuals will have died. ICES has a 12-year history of doing such research that has helped evaluate and inform the delivery of health care in Ontario and has never had a breach of privacy. We are pleased that the proposed bill allows for the use of de-identified information without consent in certain circumstances, with approval by REBs. We will now briefly describe the four types of such research that ICES performs.

First, under a research agreement signed in 1997, health information is provided to ICES by the Ministry of Health for the purpose of health-related research. This information is secured in large administrative databases collected by the ministry for other purposes, such as processing service claims for physicians. The information is securely transferred to ICES and stripped of personal identifiers -- it is de-identified -- using computer algorithms only by personnel named in the agreements. An ICES key number is assigned to each record, replacing the health card number, to facilitate linkage across the databases, allowing the creation of an anonymous longitudinal record of health care experience. This allows us, for example, to study the type and quality of care that all persons who had a heart attack received in a given period of time. By comparing this information with evidence-based benchmarks of care, we can determine areas for improvement, including strategies such as providing physicians with feedback, reallocating resources or recommending changes to the delivery of care.

Second, ICES conducts chart abstraction studies with the permission and assistance of hospital CEOs and medical records staff, using laptop computers equipped with password protection and encryption software. The information is collected by nurses and health records technicians who are ICES employees, have undergone privacy and data security training and have signed confidentiality agreements. They operate under strict policies and procedures to ensure the integrity of the data, which is collected as an anonymous record using a unique ICES study number. This information provides an opportunity to help hospitals improve care and services for patients. The EFFECT study you may have read about in the newspapers and heard about on TV just this past weekend, concerning care of patients who had heart attacks or congestive heart failure in Ontario hospitals, is an example of this type of work.

Third, ICES works under specific research agreements with other research groups, registries or agencies, such as the Cardiac Care Network and Cancer Care Ontario. As an example, ICES staff use anonymized CCN registry information to study access to and the quality of cardiovascular services, including angiography, angioplasty and cardiac bypass surgery in Ontario.

1410

Fourth, ICES functions as a data repository, providing data security and management services to organizations such as the Canadian Stroke Network, a multi-million dollar networks-of-excellence initiative to characterize and improve the care and outcomes of stroke in Canadians.

There is, appropriately, great current interest in outcome measurement in health care, and health quality councils of various sorts; for example, Bill 8, which is currently before the Legislature. Such activities can only occur if informed by high-quality information obtained from the sorts of studies I have just described, and we are pleased that the proposed bill recognizes the importance of such studies.

Next, we would like to comment on sections of the draft legislation. In section 43, research ethics boards have the responsibility of reviewing and approving research plans before authorizing the disclosure of personal health information to researchers. We support this duty of REBs, and all studies performed at ICES are reviewed by an independent REB.

However, Canada lacks a legislative framework for governing and accrediting REBs. Therefore, we draw the committee's attention to the fact that in Ontario any group of individuals could declare themselves to be a REB and approve the research plans for uses of personal health information. As researchers, we find that hospitals vary widely in terms of the formation of their REBs, membership, policies and procedures, including the charging of fees to researchers. We are aware that private for-profit organizations also form independent research boards to review and approve studies. We look forward to the delineation and definition of standards regarding the composition, governance and impartiality of REBs, and the timeliness of their deliberations, in the revisions to the bill.

We agree with subsection 43(5) requiring researchers to enter into agreements with the health information custodian before personal health information is released. This includes the provision that the health information custodian should not give the researcher permission to use the same information for any other research unless an REB approves the other research. The agreement should include a date for the destruction of the data following the completion of the research.

We support the concept of the health data institute -- section 45 -- as an agency separate from the ministry that could provide anonymized versions of linked health information to researchers. We have met with representatives from the ministry previously to discuss how health care information should be made more accessible for both monitoring the health system and supporting grants funded by peer-review granting agencies. Currently, many legitimate Ontario health researchers, working on important projects, cannot get access to these types of health information in a timely fashion. Because many Ontario researchers have difficulty accessing Ontario health information, researchers from other provinces have a competitive edge over Ontario researchers when submitting proposals for population health, health systems and policy studies to the Canadian Institutes of Health Research and other funding agencies. Therefore, we support a data institute that would make health data more accessible for research by scientists at Ontario universities, within the ministry and elsewhere, thus better utilizing the scientific intellectual capital of our province.

We are concerned that section 48 potentially restricts the disclosure of health information outside the province, even when used in the research context, because of the requirement of consent, which is impossible when dealing with the entire population of Ontario. This would preclude Ontario's participation in highly important national initiatives, such as the interprovincial health services comparison studies called for in the Romanow and Kirby reports, and would not allow us to take advantage of "natural experiments," such as evaluating the impact of different provincial funding decisions regarding drugs upon patient outcomes. These types of initiatives are only possible when collaborative research is supported by information flow across provincial borders.

We would like to conclude with a comment about how ICES could be named under this legislation so that our important work can continue. Taking into consideration the many types of research that ICES engages in, ICES could be named under one or more of six categories in this legislation, including health information custodian, non-health information custodian, health data institute, researcher, registry, and agent. Other than health information custodian and non-health information custodian, these categories are not mutually exclusive, and the requirements and responsibilities of each of these categories are sometimes contradictory. Importantly, how our collaborating partners and agencies, such as Cancer Care Ontario, are categorized in Bill 31 will also have an impact on ICES operations.

In the appendix attached to this presentation we have outlined multiple areas that require further discussion with the ministry regarding the prescription, exemption or relief granted to ICES in order to continue to allow ICES to function in its current mandate. We look forward to clarifying these issues with the ministry in the near future.

In conclusion, we are pleased that the ministry has developed privacy legislation that deals with health information as a separate entity from personal information in an omnibus bill. Privacy legislation that is sensitive to allowing important quality improvement, performance measurement and research activities is a win-win situation for Ontarians. It is important to ICES that the regulations being proposed are passed in a timely manner, because many of our activities, which are in the public interest, may not be able to continue if regulations are not in place at the same time as the Health Information Protection Act, 2003, comes into force, if passed, July 1, 2004.

Thank you for your attention.

The Vice-Chair: Thank you for your presentation. We will begin with the official opposition for three minutes.

Mrs Witmer: Thank you very much for your presentation. I've always appreciated the research that ICES has undertaken. You talked about how you could be named under this legislation and you suggested there are possibly six, I guess, categories. Do you have a preference? Have you discussed with the ministry what would be the most ideal for you to be able to continue the work that you're presently undertaking?

Dr Laupacis: We've not yet had discussions with the ministry about this. We've had the opportunity to discuss this with our legal counsel, who were instrumental in putting together the appendix, and we would see having our legal counsel and the ministry get together to sort out the details of that, to be honest.

Pam, do you want to comment further?

Ms Pamela Slaughter: I think that one of the dilemmas we have around this is that there are six categories but we also do five different kinds of research and we have multiple partners. I have envisioned this as a kind of a Rubik's Cube. As everybody moves around and is prescribed or named, it has different impacts. Therefore, these have to be examined very carefully in the context of all the other organizations that ICES works with to do the research in the province.

Mrs Witmer: So where would you see yourself being named? Like, at what time?

Ms Slaughter: I think that we're going to have to wait to hear how the other organizations, such as Cancer Care Ontario, the Cardiac Care Network and others, fall out in their discussions with you. At first blush, it seemed like the health information custodian, with some relief in other sections, was going to work well, but the more that we reviewed this with our legal counsel the more convinced I became that we had to examine this in a much closer context in relation to these other partners.

Mrs Witmer: Just one other question: You mentioned in the last line about the coming into force of the Health Information Protection Act on July 1, and some concern that if this isn't passed in a timely manner there is a problem. We've just heard from the last group that if this were to be passed it couldn't be implemented, and I think we all know that. So I guess you're going to have a problem.

Ms Slaughter: I think we are because obviously there are some types of research that we're doing that will be able to go forward, and others will not, that we will be able to disclose findings in some capacities and not in others. We will be able to share findings, is more my meaning than anything else. So, yes, it will constrain activities.

Ms Martel: Thanks for being here. Do you mind just going through with me in a more concrete way, if you can, examples of how you're classified or categorized is going to have an impact one way or the other, especially in relation to other organizations you deal with, like CCO? I'm trying to really understand why this is such a critical issue.

Ms Slaughter: I'm not a lawyer.

Ms Martel: Neither am I, so there you go. Mr Kormos is.

Ms Slaughter: We were very extensively briefed by our legal counsel on this. It mostly comes down to issues constantly of what you can do with the data once you've received it. As health information custodian, when the ministry gives us data to use there are certain things that we can do and cannot do with that data. We can receive data from health information custodians but, for example, could we in fact receive data from registries? If we use the data from registries, could we use it using our algorithms for linkage to link them together to provide them with the outcomes that they are trying to study to improve the health care system?

There are many permutations and combinations of that that are making it difficult to understand comprehensively how we could work all of these issues out, particularly when we're not quite sure how everyone else is going to be prescribed.

1420

So for example, if Cancer Care Ontario or the Cardiac Care Network were prescribed as registries, what we would be allowed to do with those data, unless we were prescribed as a health information custodian or as an agent or just as researchers, we weren't sure.

Ms Martel: CCO is prescribed as a custodian as well. Does that solve your problem? Because then there are provisions in the bill with respect to that transfer of information between, for example, two custodians. Does that make things easier?

Ms Slaughter: It might make things easier, yes.

Ms Martel: So it's a question of how the flow of information is essentially going to work.

Ms Slaughter: That's right, and also how we're going to be able to disclose it at the other end, because in the context of a health data institute, for example, my understanding from the bill is that the data can go back to the minister, but it can't be communicated elsewhere. So if you had data that was used for project X, one of the things that ICES has always done is publish findings independently in the peer review research and as reports which have always been placed in the public sphere as well. In that particular context, that would not be able to happen because the last clause precludes disclosing.

Ms Martel: OK. We need to do some more work on that.

When you talked about, "There aren't really strict criteria around who is an REB," if that was done by regulation, versus actually somewhere in section 43, or wherever it is, would that resolve your concerns as well? I mean, essentially what you're concerned about is what are the criteria around how they're set up, established etc.

Ms Slaughter: Absolutely.

Ms Martel: All right. Thanks.

Ms Wynne: Presumably, one of the things you're concerned about is ongoing research and the concern about completing -- the transitional clause that's in here, subsections 43(12) and (13), do they meet the test for being able to continue the research that's ongoing now?

Ms Slaughter: I'm sorry, I don't have the bill with me.

Ms Wynne: OK. It basically says that there's a transition period. So research that's ongoing now would be able to continue, I think, for one year after the day this section comes into force. So you'd be able to complete, presumably, what's on the books. Is that section of concern to you, or not?

Dr Laupacis: Frankly, I'm not familiar with the details of the section, but obviously if we have a year to continue to finish our research, that's great. I mean, some of our projects take longer than a year.

Ms Wynne: So given that there is a transition, your concern is then that you're not going to be able to do certain kinds of research that you can do now, right?

Dr Laupacis: Our concern is to make sure that this legislation is written in such a way that we are able to continue to do the kind of research that we do.

Ms Wynne: Right.

Dr Laupacis: We have been advised by our legal counsel that there are some concerns about the way this is written that would preclude that.

Ms Wynne: The issue of your privacy procedures -- can you talk about your privacy practices?

Dr Laupacis: Sure, if you'd like. Pam would probably be the best person to do it.

Ms Slaughter: We have an awful lot of data security in place. ICES is located in a building that is very heavily secured. You can only move around the building with coded keys. Access is restricted. It's on a do-you-need-to-be-in-that-area type of coding. Everyone who works at ICES undergoes privacy orientation, data security orientation. We annually sign confidentiality agreements. The data itself is on a moated server. It has no external connections, so it can't be hacked into.

We routinely do audit functions internally. We make privacy and have made privacy the most important part of our culture, quite frankly, since inception in 1992. We have cameras in our halls and cameras on our roofs. We have policies and procedures for who has what kind of access to data. The data's anonymous, but even so, the data sets for use are cut specifically to projects and even the levels of data that are available are very much predicated on, "Do you really need this data to do this type of project?"

Everything that we do is reviewed by the research ethics board at Sunnybrook and Women's College, even the use of anonymous data, which at least until this point has exceeded the standard. We already develop proposals and do privacy impact assessments on all projects that are being contemplated before they're allowed to go forward.

Ms Wynne: Just a last question: When you suggest that your organization be named, you're obviously talking specifically about your organization, but are there others that you would sort of be making a categorical recommendation on, or are you unique?

The Vice-Chair: Just a short response; we're a little bit over the time.

Ms Wynne: Sorry, I went over my time. Can I get the answer? OK, great.

Ms Slaughter: I think there are an awful lot of organizations that are extremely important to the citizens of Ontario that also do research using data in the ways we do, and I know they are presenting to you, so I would rather not speculate.

The Vice-Chair: Thank you very much for your presentation.

CANADIAN MENTAL HEALTH ASSOCIATION,
ONTARIO DIVISION

The Vice-Chair: The next group is the Canadian Mental Health Association, Ontario Division.

Ms Patti Bregman: My name is Patti Bregman. I am the director of government relations and legal counsel for the Canadian Mental Health Association at the provincial level. I want to apologize: Our president, Neil McGregor, tried to get here from Niagara and got caught in the weather, and our CEO is under the weather, so you have me. It's been a bad day.

It's actually quite helpful to present after the Centre for Addiction and Mental Health. I think we in the mental health sector all work very closely together. Like their presentation, we will likely submit an addendum to this brief. The legislation is quite complex, and I think a number of the issues that have been raised need to be addressed further so we can help the ministry come up with some solutions.

I want to start first, unusually, on a personal note. You need to know that I am probably one of the people in longest standing trying to get privacy legislation in the province. So if I appear passionate, it's because I worked for the Krever commission on the confidentiality of health records, which started in 1977 and recommended health privacy legislation in 1980. Since that time, I have worked in a whole variety of settings, including the ministry. So I am personally delighted to see that the government has responded and moved forward so quickly.

As an organization that has tried to deal with the morass of mental health regulations that currently exist, we are also very pleased that the government has moved forward with legislation that we think on the whole has achieved that balance between the need to protect the privacy of individuals and the need of health care providers to use the information. As you heard, mental health information is particularly sensitive, and the concerns we have expressed in this brief are going to relate primarily to those.

To tell you a little bit about the association, in addition to a provincial office, there are 33 local branches that provide a range of services. Some very small branches may have grief counselling, support groups and education, whereas our Toronto branch, for example, provides $8 million in services -- including case management, direct service -- in conjunction with the Centre for Addiction and Mental Health, and to the greatest extent possible across the province, there is this increasing trend to try to work together. So from our point of view, the legislation is particularly timely.

It surprises many people to know that at the moment there is no legislation that protects the information held in community mental health agencies. The common perception is that the Mental Health Act and form 14 are commonly used to protect the information in community mental health agencies. That's not in fact the case. There is no legislative provision right now, so we consider this legislation particularly important. While our branches have always worked very hard and have long had policies to ensure that information is protected and that it's not shared, we have not enjoyed the legislative protection that I think gives that added benefit to our clients.

For the reason, we are also pleased that they have adopted a recommendation we made to previous versions and brought all mental health information within one act. In previous versions, the Mental Health Act was going to continue to cover that information in the hospital sector and the community sector would be covered under different legislation. That would only exacerbate the problems we currently face, so we're trying to share information and develop a more integrated system.

1430

In terms of our recommendations, I'm going to just focus on a couple of them so there's time for questions. Perhaps it's unfair to burden the committee with the ones I'm not sure we actually have the answer for, but I think it's helpful for you to understand from our perspective where we see the challenges.

At a start, one of our concerns is in fact the regulation-making authority. In every version of the legislation there has always been this give and take between the ability to protect the information and the ability to then disclose information very widely as every group comes before you and explains why they are the group that absolutely must have information. If you have a mental illness, this is more than just sharing information that may be a little sensitive.

People face discrimination every day because they have a mental illness. I think we saw examples of that in the recent upset over the Liberal Party questionnaire that required disclosure of mental health status at the federal level, which the Liberals very quickly withdrew, and we appreciate that. But I think there is that sensitivity in the public, and it should not be discounted. We are somewhat concerned that the regulation-making authority allows quite extensive exemption from the coverage of the legislation. We just urge you to keep an eye on making sure that the regulations are not so broad that they can undermine the legislation itself.

The second point, on the scope of the legislation, was actually raised by the Centre for Addiction and Mental Health. We haven't had a chance to talk together, and I think we'll have our own conversation about how to resolve a somewhat different approach. From our perspective, at least when I read the legislation, the definitions of what falls within a community mental health program are quite broad. Even within health care, it's much broader than the usual definitions of health care. Our concern, though, is: The mental health task forces, and we in our own community, are trying to bring together housing providers, employment supports, direct services such as community treatment teams and primary care. If this legislation segregates different organizations and has different standards, that integration of services may be somewhat more difficult.

The Centre for Addiction and Mental Health's proposal was, in a sense, to have a very limited designation of those groups for the purpose of discharge planning. Our recommendation at the moment is that the regulatory power be used to designate those programs which are like programs provided by community mental health agencies that are broader in scope. I guess what I mean is that if there is a housing and employment supports program attached, for example, to the Toronto branch, which also provides services that are clearly with health care, then those services -- the employment supports and housing -- would be within the scope of the legislation. If it was a free-standing mental health housing support agency, it might not come within the scope of the legislation. I think that is a recipe for confusion, and we need to find a way to address that to ensure that all similar types of programs are subject to a similar type of regulation, whatever that may be at the end of the day, and we can discuss that later.

Terms of accountability and implementation: I'm actually going to skip over that -- I think it's relatively straightforward -- and move on to where I think the biggest concerns are. That relates to both consent and, more importantly, substitute decision-making. So if we skip to page 9, we're pleased that the legislation has adopted the substitute decision-making regime that is in the Substitute Decisions Act and the Health Care Consent Act. This is a very complicated regime, and we have spent a lot of time and energy educating people about what capacity is, how you deal with problems of capacity and who makes substitute decisions.

We have a couple of very technical recommendations, just because there are slight inconsistencies between the two acts. I think what is more complicated for us -- and I've been working with our local branches to come up with some solutions -- is really how this capacity designation is going to be dealt with. When the health care consent legislation was drafted and capacity was looked at, there is always an interaction between the individual and the provider. It's very clear: The health care provider talks to the individual, they can assess the capacity and make a determination.

When you are talking about giving consent for the disclosure or collection of health information, that person and the person who has the authority to make the capacity determination may never meet each other. The request may be in writing. So for example, if I need information disclosed for my employer, I will send a letter to my doctor. I'll send a written consent and say, "Please disclose this information for X purpose." The health information custodian has absolutely no way to determine if I'm actually capable of making that request or not, and yet the legislation seems to suggest that there is that obligation on the health information custodian.

The second example that I started to think about was what if I'm sitting in one doctor's office and say, "I want to transfer my information"? That doctor thinks I'm capable. The doctor at the other end says, "Oh, I know that person. They're not capable." How do we resolve that? There's nothing in the legislation, and I don't think we would support this, that requires somebody to come for a capacity assessment for routine transactions.

The other problem related to this is that the legislation designates the health information custodian as the person to determine capacity. The health information custodian isn't actually a natural person in most cases. It certainly wouldn't be in the Canadian Mental Health Association. There's nothing that talks about who would do it in the place of a corporation, and clearly a corporation is not going to assess capacity. So I think this is an area that has a value because it is very important to address these issues, but as drafted it really addresses only the issue of capacity as it relates to a health care setting where there's direct interaction. I think something needs to be done to make sure we don't get bogged down in very cumbersome processes or intrusive processes for routine transactions. We've made some suggestions, but we'd be pleased to work with the ministry to try and address those issues.

I think there are some other recommendations that are more straightforward in terms of the ability to review findings of incapacity. The requirement that a person should be advised that they've been found to be incapable and have a right to appeal that decision are fairly straightforward.

The final point I want to make is one that the Centre for Addiction and Mental Health started with, and that is the implementation. As Mrs Witmer knows from the implementation of Bill 68, it takes a long time to go from the passage of legislation to actually putting it into effect. We had a very short time frame with that legislation and very few resources, and it showed. There were a lot of missteps in how the legislation was implemented, and there remains a lot of confusion.

So I think while we would certainly support some extension of the time for implementation, we also think it's important that there be a clear mandate and funding attached to education. If there is no centrally organized and funded education process, the result is that organizations like ours, which are very scarce in resources, end up having to develop their own forums, their own education, and spend very scarce staff resources to go out and do the training.

We have a very high standard in our Information and Privacy Commissioner. I think they do excellent work, and we would certainly support providing them with a direct mandate and the funding to do education prior to implementation.

I'm going to stop to allow for questions.

Ms Martel: Thanks very much for coming today. Just on the last point, and I may have read this wrong, but I thought that the FOI commissioner was going to have some obligation around the educational programming here. It's not clear to me what the funding is going to be, so that's a critical issue.

Ms Bregman: Yes, that's our point. Our point is that it has to be not simply to give them a general mandate. It has to be clear that there needs to be a program in place and that the funding needs to be attached to that.

Ms Martel: Let me go back to the regulations, because you expressed concerns around this area. Can you give us some examples, Patti, of what are the ones that are bothering you?

Ms Bregman: The ones that I think bothered us are similar to the ones that have bothered us in previous versions, and that is that the regulation-making power allows for regulations that would actually exempt classes of providers from the legislation, or classes of information from being subject to the legislation. So in a sense what it does is allows the creation of subsets of regulatory structures. I think there is one protection that has not existed in previous versions, and that's the fact that there is a public notice provision, and I think that's very important and does give us some level of reassurance that if there was an undermining of the legislation through regulation, it would be adopted.

1440

Our recommendation is that there be a provision added to the regulation with authority basically saying that no regulation can be made that's inconsistent with the purpose of the legislation, which is to protect the privacy of personal health information, so at least there would be some measure against which the regulation could be checked. I think that would be sufficient to constrain this unlimited regulatory-making power. So those two together would give us a level of comfort and we'd be happy to go forward with this.

Ms Martel: Is this coming as part of the addendum that you spoke of, or is that --

Ms Bregman: It's in here, but I think we will probably work on addressing this.

Ms Martel: This goes to the timelines, and maybe it's more a question of having the financial resources to make it happen for your organization. I'm not saying that's the same for CMHA, but we've been around the track on this a lot of times. There has been a consultation paper and draft legislation every time there have been changes that have tried to deal with the concerns. So I understand that. But part of me says that at a certain point, we've got to get this in place.

Ms Bregman: Absolutely.

Ms Martel: So in your concern with the timeline, does it have more to do with your ability as an organization, speaking for Canadian mental health, to be able to train your staff and find the financial resources to understand what their obligations are? Do you also, though, have concerns with databases and financial costs? I don't know what kind of data you keep and what kind of situation it's in, but is that another concern that we need to deal with?

Ms Bregman: The real concern -- I have to be honest. Community mental health is so significantly underfunded that we have many branches that have no computers, so we don't have the same kind of data problems. I wish we did. Our problem is simply a matter of training and getting the regulations into place that are necessary to make this work.

Ms Wynne: These are not two recommendations that you mentioned, but in your submission, Patti, you talk about them being of greatest concern in terms of implementation, so I'm just wondering, in recommendations 8 and 9: You want changes to the definition of, in 8, "spouse," and in 9, "relative." I'm just not clear why. You want them to be in line with other acts, but --

Ms Bregman: Basically, what this legislation has done is adopt the health care consent framework for giving consent and substitute decision-making, which is wonderful. In fact, if somebody is a substitute decision-maker for treatment, they're deemed to be a substitute decision-maker for consent. The problem is, and I'm not sure if it was drafting or just error and unintentional, the definitions are different, so what might happen is that you actually end up with two different people or barriers that prevent a person from being a substitute in one case. So these I see as pretty technical. There's not really a policy change.

Ms Wynne: So what you really want is the definitions to be the same. If this current definition actually is better than the definitions in the other acts, you're not worried about --

Ms Bregman: Yes. They're not really policy issues. They're very practical, kind of pragmatic things that should be easy to fix.

Ms Wynne: OK, thanks.

Mrs Witmer: In taking a look at this, Patti, overall, CMHA is pleased with the legislation. You've had an opportunity to respond on numerous other occasions. At this point in time, you have some recommendations, which really are quite minor. You're looking for consistency with other pieces of legislation.

Is there anything in your summary of recommendations, and I think they're well done, that absolutely has to be changed, would be your number one priority?

Ms Bregman: I think there are two. One is this whole issue of defining what programs are in and out, because that will be a huge implementation issue. The second is this capacity question, because I see that as creating a huge morass that is unnecessary. I think it can be resolved.

But I think, as you said, this really built on the legislation that you introduced earlier and, we're pleased to say, incorporated a great number of the recommendations we made in response to that legislation, so we certainly would support moving forward with this as quickly as possible.

The Vice-Chair: Thank you for your presentation.

COLLEGE OF MEDICAL RADIATION TECHNOLOGISTS OF ONTARIO

The Vice-Chair: The next group is the College of Medical Radiation Technologists of Ontario.

Ms Sharon Saberton: Good afternoon. I'm Sharon Saberton. I'm the registrar at the College of Medical Radiation Technologists of Ontario. With me today is our legal counsel, Debbie Tarshis. Our president, Sheila Robson, was unable to make it because of the weather. We're very pleased to be able to make this submission to you today.

The College of Medical Radiation Technologists of Ontario, or the college, is the regulatory body for medical radiation technologists in Ontario. Our mandate is to serve and protect the public interest through self-regulation of the profession of medical radiation technology. It is the role of the college to protect the public of Ontario from practitioners who breach professional standards or are incompetent or unfit to practise.

The college understands that the purpose of the Personal Health Information Protection Act, 2003 -- and I'm going to from now on call it PHIPA -- is to provide consistent and comprehensive rules governing the collection, use, retention, disclosure and disposal of personal health information in the custody and control of health information custodians. We also understand that the goals of the legislation are to protect the privacy of individuals and the confidentiality and security of personal health information in the health sector in a manner that facilitates the effective provision of health care.

We appreciate the challenges of creating consistent and comprehensive rules for organizations that collect personal health information. Through this submission, the college wishes to assist the government in understanding the ways in which the protection of individuals' privacy and facilitating the effective provision of health care intersect from the point of view of the college. The college firmly believes that facilitating the effective provision of health care includes ensuring, for the public of Ontario, that health practitioners are qualified to practise, and practise in accordance with professional standards, and protecting the public from practitioners who breach professional standards or are incompetent or unfit to practise.

Next I'd like to present a summary of our main comments and recommendations.

(1) The college supports the government's initiative to provide clear rules for the collection, use and disclosure of personal health information in the health sector.

(2) The college is pleased that a number of the concerns that the college expressed in previous consultations appear to be addressed in PHIPA. Specifically, the college is pleased that the college has not been included in the definition of "health information custodian" and that specific provisions permit health information custodians to disclose personal health information without consent to the college for the regulatory purposes of the college. This information is essential so that the college can protect the public from harm.

(3) The college supports the recognition, under section 47, "restrictions on recipients," that legislation such as the Regulated Health Professions Act, or RHPA, may permit or require uses or disclosures that are different from the purposes for which the health information custodian disclosed the information to the college.

(4) The role of the college in regulating the profession of medical radiation technology is to ensure for the public of Ontario that medical radiation technologists are qualified to practise and practise in accordance with professional standards, and to protect the public from unprofessional, incompetent and unfit practitioners. PHIPA provides that it is paramount to any other legislation in the event of a conflict. This paramountcy provision causes a significant concern for the college. There are several potential conflicts and inconsistencies between PHIPA and the RHPA. The college is concerned that the potential conflicts and inconsistencies between PHIPA and the RHPA will create confusion and unintended consequences regarding the college's regulatory role and will involve the college in proceedings before the courts while inconsistent and conflicting provisions await judicial interpretation. This would have a negative impact on the protection of the public from harm.

We have a recommendation: that, in order to avoid conflict and inconsistency between PHIPA on the one hand and the RHPA, the code and the MRT act and other health profession acts on the other hand, a complementary amendment be made to the Regulated Health Professions Act to the following effect:

In the event of a conflict between a provision of the Personal Health Information Protection Act, 2003, or its regulations and a provision of the Regulated Health Professions Act, 1991, or an act named in schedule 1 to that act or their respective regulations, the provisions of the Regulated Health Professions Act, 1991, or the act named in schedule 1 to that act or their respective regulations prevail.

1450

Now I'd like to talk a little bit about the role of the regulatory college, our college, the College of Medical Radiation Technologists of Ontario.

This college is the regulatory college for the practice of medical radiation technologists in Ontario. It is one of the 21 health regulatory colleges governed by the Regulated Health Professions Act, RHPA, and the health professions procedural code. The health-profession-specific act that established this college is the Medical Radiation Technology Act, 1991. We call it the MRT act. The college has approximately 5,500 members in the profession of medical radiation technology.

The primary duty of the college in carrying out its objects is to serve and protect the public interest. The objects of the college include:

-- To regulate the practice of medical radiation technology and to govern the members in accordance with the MRT act, the code and the RHPA and the regulations and bylaws, including investigating and prosecuting allegations of professional misconduct, incompetence and incapacity.

-- To develop, establish and maintain standards of qualification for membership in the college.

-- To develop, establish and maintain programs and standards of practice to ensure the quality of the practice of the profession.

-- To develop, establish and maintain a quality assurance program to promote continuing competence among the members.

-- To administer the MRT act, the code and the RHPA as it relates to the profession.

Under the MRT act and the code, there is a registration process for determining whether an applicant meets the qualifications for membership in the college in accordance with the requirements of the MRT act, the code and regulations made under the act. There is a process for complaints and mandatory reports to be filed with the college. There is a complaints committee whose responsibility it is to consider and investigate complaints regarding the conduct or actions of members of the college. Matters may be referred to the discipline committee for a hearing to determine any allegation of professional misconduct or incompetence on the part of a member of the college. Matters may be referred to the fitness-to-practise committee for a hearing to determine any allegation of incapacity on the part of a member of the college. The college has published standards of practice for members of the college, to which members of the college must adhere. There is a register of members that provides information to the public about the members, their professional status, any terms, conditions and limitations imposed on a certificate of registration, any notations of revocation or suspension of a member's certificate of registration, results of disciplinary and incapacity proceedings and information directed to be added to the register by a panel of one of the statutory committees of the college.

Now I'd like to tell you a little bit about what our folks do.

The scope of practice of medical radiation technology is the use of ionizing radiation and electromagnetism to produce diagnostic images and tests, the evaluation of the technical sufficiency of the images and tests, and the therapeutic application of ionizing radiation. There are four specialties within the profession of medical radiation technology -- radiography, nuclear medicine, radiation therapy and magnetic resonance. Medical radiation technologists in the specialty of radiography use X-rays to produce images of parts of the body on film or on computer screens. The procedures performed by an MRT in the specialty of radiography include chest X-rays, mammograms, barium enemas and CT scans (computerized tomography). MRTs in the specialty of nuclear medicine use low-level radioactive substances which are injected, swallowed or inhaled to produce diagnostic images of how the body functions. Procedures performed by an MRT in the specialty of nuclear medicine include bone scans, cardiac stress testing and lung scans. MRTs in the specialty of radiation therapy treat disease, such as cancer, with radiation in order to destroy diseased cells in the body. Procedures performed by an MRT in the specialty of radiation therapy include radiation treatments by using focused beams of radiation to destroy tumours or by placing radioactive sources directly into the patient's body. MRTs in the specialty of magnetic resonance use electromagnetism, which is static magnetic fields and radio frequencies, to produce diagnostic images. Magnetic resonance imaging procedures play a significant role in imaging the brain, spine, abdomen, pelvis and musculoskeletal system.

Generally, MRTs are employed in hospitals, independent health facilities and regional cancer centres. Some MRTs own their own independent health facilities such as X-ray and nuclear medicine technology clinics.

Now I would like to talk a little bit about the college's collection, use and disclosure of personal health information.

The college's collection, use and disclosure of personal health information are done in accordance with and as permitted by the MRT act, the code and the regulations and bylaws made under the MRT act. Pursuant to its objects and its public protection mandate under the MRT act, the code and the regulations and bylaws made under the MRT act, the college currently collects, uses, and in some circumstances, discloses personal information about a member without the consent of the member.

Given that MRTs are involved in patient care and treatment, many of the activities of the college which relate to investigating and assessing the practice of a member of the college will involve personal health information of a patient. Under many circumstances, the college collects and uses personal health information with the patient's consent. Under certain circumstances, the college collects and uses personal health information without the patient's consent; however, it is necessary to do so in order to protect the public from harm caused by a member's incompetence, incapacity or professional misconduct. In other words, the purpose for which the college obtains personal health information of a patient or a member is to investigate, assess and, where necessary, impose sanctions on its members in order to protect the public from harm.

It is very important, though, to understand that subsection 36(1) of the RHPA imposes a duty of confidentiality on every person engaged in the administration of the MRT act with respect to all information that comes to his or her knowledge in the course of his or her duties and not to communicate any of those matters to any other person, subject to certain limited exceptions. A breach of this provision is an offence under the RHPA. If a person is found guilty of the offence, there is liability for a fine of up to $25,000.

In conclusion, the college supports PHIPA and is pleased that a number of the concerns of the college expressed in previous consultations have been addressed. The main concern of the college is that the paramountcy provision of PHIPA will have unintended consequences that will impede the college and other regulatory colleges in their legislated mandate to regulate the members for the protection of the public.

The college recommends that the legislative framework that governs the regulated health colleges prevail in the event of a conflict between the PHIPA and the RHPA and the health professions acts.

Thank you for the opportunity to make this submission to the standing committee and for your consideration of the college's comments and concerns.

The Vice-Chair: Thank you. We'll begin with the government side for about two minutes each.

Ms Wynne: I just want to try to understand exactly -- you've got three recommendations. Is that right? You're making a total of three recommendations?

Ms Saberton: Yes.

Ms Wynne: All right. Can you just clarify what the impact is going to be in real terms? Can you give me a picture of what's going to be the impact of the change? What is the specific situation that you're concerned about, that you want your recommendations to address? I think I need an example to understand.

Ms Debbie Tarshis: One example would be, under the RHPA there is a mandatory reporting obligation for employers who terminate the employment of a member for reasons of incapacity, for example. The RHPA provision indicates that the report must include the reasons for which the termination was made. In this circumstance the employer will have personal health information about the member, and the concern is that if it is not clear that the mandatory duty to report includes or prevails over PHIPA, the member will be able to object to the provision of this information and, in effect, the college will not be able to protect the public from harm caused by a practitioner who may not be fit to practise.

That would be one example of where it would be important for the RHPA mandatory duty to report to prevail with respect to the PHIPA if there were interpreted to be a conflict between the two pieces of legislation.

1500

So the fundamental concern is that a member will try to rely on provisions in PHIPA to prevent the college from regulating the member in accordance with the college's mandate.

Ms Wynne: OK. I think that helps. Thank you.

Mr Yakabuski: Thank you very much for coming in today, ladies, on such a beautiful day.

As I understand it, in a nutshell, you're pretty satisfied with the bill. It's recognized some of the recommendations you've been making over the years in various attempts to get a piece of legislation like this through. Your one major concern is where there comes an issue between statutes of your own regulatory bodies coming in conflict with the provisions in Bill 31, you would like the pieces of legislation within your own bodies to take precedence over that provided for in Bill 31. Other than that, you're pretty much satisfied with the legislation speaking to the needs of the protection of privacy.

Ms Tarshis: Yes.

Mr Yakabuski: Thank you.

Ms Martel: Thank you for coming here today. I just want to focus on section 47, if I can. I look at page 2, point number 3, which I see is an endorsement -- I could be reading this wrong -- essentially of that section. Then I flip to page 14, and there are two concerns that are being raised about the same section. I'm just not clear what the amendments are doing, then, if you indicate support in the first case. Is it just making it very clear that in cases where there could be bodily harm, that's going to be disclosed in a manner that would protect the public -- the first provision?

Ms Tarshis: Section 47 creates restrictions on non-health information custodians from use and disclosure of personal health information for purposes other than the custodian was authorized to disclose it. The introductory language is: "Except as permitted or required by or under an act of Ontario or Canada...." So we would interpret that as being "except as permitted or required by the RHPA etc." So the exception is very important, because the college does have uses and disclosures that are different from the reason that a hospital, for example, would disclose information to the college. However, the exception for simply "required by an act of Ontario" doesn't cover "required by law." So, for example, if there were a situation where, under a common law, duty to disclose arose for the college, the introductory language of section 47 isn't broad enough.

The second concern relates to subsection 47(2), which is a control on the extent to which the information can be used or disclosed by a non-health information custodian. That doesn't have the exception language as introductory to it. So we're concerned, for example, if a member was in the course of the initial investigation and there was certain information that the college had in its possession -- personal health information -- that the member would argue that it wasn't reasonably necessary for purposes of the discipline proceeding to use that information for the discipline proceeding. Since there's no exception language, the college is concerned that that subsection could be used by a member to undermine the rule of the college. Ultimately, a court might say, "Well, that's not a reasonable interpretation of subsection 47(2)." But that will have been after lengthy and expensive legal proceedings for the college, which would undermine the college's regulatory role.

The Vice-Chair: Thank you very much for your presentation.

ONTARIO MEDICAL ASSOCIATION

The Vice-Chair: The next group is the Ontario Medical Association.

Ms Wynne: Do we have your presentation?

Ms Barb LeBlanc: Yes, we did provide them to the clerk.

The Vice-Chair: You may begin.

Dr Larry Erlick: Thank you very much. Mr Chairman and committee members, good afternoon on this lovely spring day. I'm Larry Erlick. I'm a family physician from Scarborough, and I'm also president of the Ontario Medical Association. Beside me is Barb LeBlanc, our director of health policy. I intend to keep my remarks brief so there's time for committee members to ask us any questions they may have.

I would like to begin by expressing my thanks to the government for introducing the two acts that comprise Bill 31. The OMA recognizes the need to move forward with privacy legislation for the health care sector in Ontario, so we appreciate the introduction of the Health Information Protection Act, referred to as HIPA. Given that we have lobbied for the last 20 years for the introduction of statutory protection for quality assurance information, we are also very pleased to see the introduction of the Quality of Care Information Protection Act.

Those of you who have been involved with the discussions relating to the federal privacy law, PIPEDA, will know that the OMA, along with the Ontario Hospital Association and numerous other health stakeholders, has expressed serious concerns about the ability of the health care system to function under PIPEDA. Unfortunately, the efforts of the health care sector and the provinces to try to solve the problem were completely unsuccessful and the federal government has refused to acknowledge that the health care sector faces unique challenges when it comes to balancing patient privacy against the flow of information required to make the system work.

As it stands, there is tremendous confusion in the system as all the players struggle to understand which, if any, of their activities are captured by PIPEDA. For example, based on the most recent commentary coming from the federal government, it would seem that physicians would be in PIPEDA for their office work but out of PIPEDA for their hospital work, and similar questions and inconsistencies are playing out across the health care sector.

In addition, it seems that the questions and answers provided by the federal government are at odds with the language of the legislation itself. In short, there's just so much uncertainty swirling around PIPEDA that it's taking time and energy away from the delivery of health care services so much in need today. We desperately need a uniform set of rules that will apply throughout the health care system and fit with the reality of practice, and that's why Bill 31 is such a positive step forward.

The OMA believes that HIPA does a good job of adapting fair information practices for patients and for the needs of the health care sector. The best illustration of this point is probably seen when you compare the consent provisions in the federal law and HIPA. While PIPEDA calls for express consent, possibly written, for every new use or release of personal information, HIPA allows for implied consent based on reasonable patient knowledge. Under HIPA, my patients have clear control over their personal health information but the information I need to provide good medical care is not blocked by unnecessary bureaucracy and red tape. On that note, I will say that physicians are concerned about the notion of the lockbox but appreciate the addition of the flag, so that at least we know when we are receiving incomplete information. We will have to monitor the lockbox to see how it actually functions in practice and whether it affects our ability to deliver appropriate health care.

1510

The government is also to be congratulated on its innovation in the introduction of the data institutes that will be used to de-identify patient information before it goes to the government for planning purposes. The OMA believes that this is an important step forward and should be monitored with a view to expansion. It seems to us that this is an important privacy tool and that it might be used in the future to cut down on the movement of identifiable patient information in the system, especially for things like research, where patients are not necessarily aware of the uses being made of their personal information.

The OMA does have a number of comments and significant recommendations with respect to Bill 31 which will require attention, and we will put them forward in our written submission, once approved by our board later this week. As part of our process, our board must sign off on the written submission. I apologize that we don't have it here for today, but it will be forthcoming within a couple of days.

I would like to note for this committee, however, our concerns about the extensive regulation-making powers found in the bill. They are so wide-ranging that they allow the government to change virtually any aspect of the law by regulation. This is contrary to the traditional division of legislative and regulatory authority and represents an intrusion of the government's executive powers into the lawful powers of the Legislature. Not only does it create the power to completely undermine the content of the act, it undermines the democratic process of the Legislature. We recommend that this committee review the proposed regulatory-making powers closely with a view to significantly curtailing them.

Implementing HIPA will pose some fairly substantial challenges for the health sector, and the OMA recommends that the government develop a formal process to coordinate implementation strategies that involves the privacy commissioner and stakeholders. If the government doesn't do it, we fear that the confusion that has been characteristic of PIPEDA will spill over into our provincial privacy activities. The OMA, for one, would be pleased to work with our partners to make the implementation of HIPA as smooth as possible so as to avoid a repetition of the mess -- and I do mean a real mess -- that occurred with the implementation of PIPEDA.

I would like the committee to know that your civil service has done an excellent job on your behalf throughout the process. We believe the accessibility and responsiveness of the staff involved in the privacy file, both at the Ministry of Health and Long-Term Care and the Ministry of Consumer and Business Services, is a model that should be copied as other legislation is brought forward that affects the health care sector.

We look forward to ongoing consultations as our amendments are considered and the final draft is prepared.

In closing, I would like to reiterate my support for the principles established in Bill 31, thank the government for introducing Bill 31 so early in its mandate and urge you to move forward with its passage and proclamation at the earliest possible date.

Thank you for the opportunity to address you today. We would be pleased to answer any questions you may have.

The Vice-Chair: You're allowed four minutes, Mrs Witmer.

Mrs Witmer: Thank you very much, Dr Erlick, for your presentation. I'd like to go back to the comment you made about the lockbox, the fact that there are some concerns about the incomplete information that could be received. We heard from an earlier presenter that it certainly could have an impact on the health and safety of a patient. Are there any other concerns that you wish to share with us? It says here that you're going to monitor it. What recommendations have you thought about that the government might introduce to overcome the concern about the safety of the patient?

Dr Erlick: I'll turn it over to my expert beside me.

Ms LeBlanc: We've really not developed formal recommendations in our written submission, mainly because we know that PIPEDA has a lockbox function and we're concerned about the substantial similarity question. That's why we're suggesting that it be made a formal part of the three-year review function that occurs so that we can understand exactly how it's functioning in practice and whether or not there are in fact any practical problems arising.

Mrs Witmer: So, then, you're saying that in the interim you'd be prepared to see how it functions over three years before any changes would be made?

Ms LeBlanc: Yes.

Dr Erlick: Our issues are in terms of when physicians are asked about the health of a patient in an emergency situation, particularly when a physician is called at his office, yet there is a disclosure denial by the patient, who wishes that certain information be kept. That could endanger the risk. When we say "monitor," we obviously have clinical monitoring and feedback from our members as to difficulties they're having both providing care and putting their patients at risk.

Ms LeBlanc: Just to elaborate, we think that in a true emergency situation there are other provisions in HIPA that would prevail. We hope and think that the lockbox would only occur in the general course of non-emergency care.

Mrs Witmer: I think we'd all hope that it would, if it had to do with the life and safety of a patient.

You express your concern about the extensive regulation-making powers of the bill. I think this is certainly a concern that has been expressed by others, in that it does give certainly a lot of power to the minister to make regulations in the short term. What suggestions would you have as far as the regulation-making powers? How would you change them?

Ms LeBlanc: We will enumerate those in our written submission, but essentially we would suggest that fundamental terms that are critical to the legislation and how you read it and interpret it should not be subject to regulatory change. Furthermore, we think the fact that there is this three-year review means that if there are some terms that we discover require amendment, that's an opportunity to do it. We are going to provide a list, but, generally speaking, the issue is ensuring that matters of substance remain defined in the core body of the legislation.

Mrs Witmer: The third one is implementation. We've heard this afternoon some concern about the timeline for implementation. Is it your opinion, given the changes that are going to be necessary to a lot of systems and the education that's going to need to be provided, that July is a realistic date of implementation, or would you agree with some of the others who think it maybe is going to require possibly a year for implementation?

Dr Erlick: PIPEDA is a mess.

Mrs Witmer: Yes.

Dr Erlick: As it stands, we have advised our members, all 25,000 physicians, to essentially function under the rules they lived by before PIPEDA was proclaimed. We've had discussions with the College of Physicians and Surgeons. The level of privacy that we think we guarantee at present of our patient records and information is more than adequate for security of their information, as well as allowing us to provide appropriate care. My understanding is that there is a six-month window, and Barb can correct me if I'm wrong. We really would like to see it done quickly.

The issue really is a disjointed introduction. We're quite prepared to sit down right away and start, based on our understanding of where PIPEDA has failed -- we have been working extensively in trying to get that legislation effected and recognized for a couple of years -- but at the same time work out a process that the government must control. Multiple stakeholders trying to interpret without clear direction and structure is part of the reason why PIPEDA is such a mess. We think it's urgent that we have provincial legislation in place that supersedes the federal legislation. A year would not be acceptable to us. By then, we would be having to deal with two different pieces of legislation.

Mrs Witmer: Thank you.

Ms Martel: Thank you for being here today. You've committed that you're going to be sending us a more extensive brief, and we appreciate why we don't have it here before us today. Do you want to just give us some idea of what's coming, because I gather that you have had some chance to look at this. We've heard a number of concerns from a number of quarters here today, and it would be useful if you could just give us some idea of what's going to happen next.

Ms LeBlanc: At the risk of titillating without providing any content, I think most of our amendments focus on regulatory powers, decreasing bureaucracy, tweaking the legislation to provide a little more flexibility in practice. For example, small things like designating your contact person: At present, it's all or nothing. We think physicians might like to retain some of the powers of being a HIC for themselves but delegate certain other powers. It's simple things like that.

1520

One of the more substantial issues is powers of the college. We think the legislation does intrude in certain areas, like fee setting, on powers that are presently regulated by the colleges, and we would suggest that it continue to be regulated by the colleges and would propose certain amendments and deletions along those lines.

Ms Martel: So would that include the college setting a fee, for example, if you were trying to get access to information?

Ms LeBlanc: Correct.

Ms Martel: That's set now by the college. Is that the same with other colleges, as well?

Ms LeBlanc: Yes, it is.

Ms Martel: So what you would like in place is essentially an amendment or regulation that says that whatever prevails, and I guess it would be through the RHPA then, would continue to prevail.

Ms LeBlanc: Yes. We do recognize that there will be other HICs who are not captured by the Regulated Health Professions Act, so we recognize that they will need some regulation-making powers applied to them. But we're going to propose that, for professionals who are already captured through the Regulated Health Professions Act, the regs not apply to them.

Dr Erlick: There are also issues about the medical record itself. The medical record, apart from being the documented interaction of both the physician and the patient, is also a billing record for the purposes of audit. It's also a recognition of everything that transpired. There are some minor comments about deleting, selecting, cutting out, keeping separate parts of a record that someone may have objection to. Physicians, we don't believe, should alter their record at all. Legally they shouldn't be altering their record, because it is a record of transaction and a record of audit. So there are some recommendations on that. There are also some recommendations in the quality assurance part of expanding the definition and which groups are included under that umbrella and what protection is provided to physicians during the quality assurance reviews.

Ms Martel: So that would be the second part of the bill, or schedule B. The recommendation there is a change in the definition of -- let me just flip to it.

Dr Erlick: I apologize, but our processes are such that the board would not be happy if we gave you the actual written text, because they may add to it. They are in the midst of reviewing it at the board this Wednesday and Thursday. So I definitely can assure you that you will have your copies by the end of the week.

The Vice-Chair: To the government.

Ms Wynne: Thank you for being here. I wanted to go back to the regulatory process. You are concerned about the power that the bill gives to make regulations. Is that mitigated at all by the timeline for public consultation, the 60-day window? Can you comment on that part of the process, the fact that there's a 60-day consultation process when the regulations are going to be changed.

Ms LeBlanc: While of course we welcome with open arms the opportunity to have some input into the regulation-making process, at the end of the day the government may proceed regardless of what that input is, and further, there is some authority for the minister to proceed on his or her own accord. So it's a nice procedural step, but substantively we just think the reg-making is too broad.

Ms Wynne: OK. Is this part of what you don't want to talk about, the specifics, because you want the --

Ms LeBlanc: Unfortunately. Sorry.

Ms Wynne: OK, that's all right. Dr Erlick, could you speak specifically to how you'd like that power reined in?

Dr Erlick: I apologize. It'll be coming.

Ms Wynne: OK. I guess we'll have to wait for the document with the specifics in it. Thank you.

Dr Erlick: All I can assure you is that in the document that will come we have in detail explained the rationale for our recommendation, why we think it should be changed and on what basis we're basing our suggestion, as opposed to just providing you with an amendment. I think it will be fairly clear. But our legal counsel is available any time to continue working forward to explain those.

Ms Wynne: I just want to be clear; you're also concerned about the interaction between this act and the Regulated Health Professions Act. Is that true? You're going to be making comments on that?

Ms LeBlanc: Not with respect to the act per se, because I know the previous speakers talked about that. Rather, we're just talking about some of the powers of the college to regulate in certain areas, mainly around fees.

Ms Wynne: Because there is provision in this act for where it is in conflict with or where there is perceived conflict with another act that the other would prevail. So some of that is covered.

Dr Erlick: The issue really revolves around insured and non-insured services. As a matter of rule, all insured services are determined by the Ministry of Health and Long-Term Care, either through a schedule --

Ms Wynne: Part of the fee schedule, right.

Dr Erlick: Non-insured services are self-regulatory, and the guidelines for application of those non-insured services are done both through the OMA, which provides an uninsured billing guideline, as well as by the College of Physicians and Surgeons, which establishes the appropriate processes for a physician to charge and advise a patient of those charges and how those fees are communicated.

Ms Wynne: And you're saying you want to retain control of those.

Dr Erlick: We believe that as a self-regulated profession, our college should continue to have the authority in matters of fees that are not set or determined by government.

Ms Wynne: OK. So we will get the details of that.

The Vice-Chair: Thank you very much for your presentation.

ONTARIO COLLEGE
OF SOCIAL WORKERS
AND SOCIAL SERVICE WORKERS

The Vice-Chair: The next group is the Ontario College of Social Workers and Social Service Workers.

Ms Mary Ciotti: Good afternoon. My name is Mary Ciotti. I'm vice-president of the Ontario College of Social Workers and Social Service Workers. I'm a registered social worker and I work at the Hamilton Health Sciences Centre.

I wish to begin by introducing my colleagues. Glenda McDonald is the chief registrar and executive officer of the college, and Debbie Tarshis is legal counsel for the college.

The college is very pleased to present to the standing committee on Bill 31, the Health Information Protection Act. The college has been involved in several consultations regarding legislation of this nature, including in 2001 in response to the Personal Health Information Privacy Act, 2000, Bill 159, and in 2002 in response to the consultation draft Privacy of Personal Information Act, 2002, circulated by the Ministry of Consumer and Business Services.

The format of our presentation is as follows: I will give a brief overview of the college and its mandate. Ms McDonald will then provide the members of the committee with some information regarding the role of social workers and social service workers, and then proceed to provide a summary of our submission to the committee. We will allow some time to answer questions from committee members and may call upon Ms Tarshis to assist in this regard.

The Ontario College of Social Workers and Social Service Workers, "the college," is the regulatory body for social workers and social service workers in Ontario. Our mandate is to serve and protect the public interest through self-regulation of the professions of social work and social service work. The college was established by the Social Work and Social Service Work Act, 1998. All of the provisions of the act were brought into force by August 15, 2000. Although the college is still in the early stage of its development, in just over three years it has registered approximately 10,000 members in the social work and social service work professions.

The framework of self-regulation established under the Social Work and Social Service Work Act is similar to the framework of self-regulation provided under the Regulated Health Professions Act and health professions procedural code, which govern the 21 regulated health professions colleges, some of whom will be presenting to this committee regarding Bill 31.

1530

Similar to our RHPA colleagues, under the Social Work and Social Service Work Act there is a registration process for determining whether an applicant meets the qualifications for membership in the college in accordance with the requirements of the act and regulations made under the act. There is a process for complaints and mandatory reports to be filed with the college. There is a complaints committee whose responsibility it is to consider and investigate complaints regarding the conduct or actions of members of the college. Matters may be referred to the discipline committee for a hearing to determine any allegation of professional misconduct or incompetence on the part of a member of the college. Matters may be referred to the fitness-to-practise committee for a hearing to determine any allegation of incapacity on the part of a member of the college. The code of ethics and standards of practice for members of the college, prescribed by bylaw in accordance with the act, provide professional standards and ethical standards to which members of the college must adhere. There is a public register providing information to the public about the members, their professional status, any terms, conditions and limitations imposed on a certificate of registration, any notations of revocation, cancellation or suspension of a member's certificate of registration, and information directed to be added to the register by committees of the college, such as the results of discipline or fitness-to-practise proceedings.

This thumbnail sketch of the role of the college is intended to provide members of the committee with a context within which to appreciate how the college collects, uses and discloses personal health information for the purposes of regulation of the two professions.

I will now turn the remainder of the presentation over to the registrar of the college, Glenda McDonald.

Ms Glenda McDonald: Good afternoon. As I begin, I just want to say that I will refer to the Personal Health Information Protection Act by its acronym, PHIPA.

Not only is it important for members of the committee to understand the role of the college; it's also important to understand the role of the professionals that the college governs and regulates in the public interest: social workers and social service workers.

Both professions are employed in a broad range of settings in which health care and social services are delivered. Though some are employed as administrators and educators, many provide direct health care within the definition proposed in PHIPA, as well as social services to individuals, families, groups and communities. Social workers and social service workers who are members of the college and provide health care are health care practitioners within the definition of that term under PHIPA. Many social workers and social service workers are employed by health information custodians, and many are self-employed in private practice. Social workers may be evaluators within the meaning of the Health Care Consent Act or assessors within the meaning of the Substitute Decisions Act. Additionally, many social workers and social service workers who provide health care are employed by organizations that would not be considered health information custodians within the meaning of PHIPA, such as school boards, shelters, correctional facilities, children's aid societies, family service associations, income support programs and employee assistance programs.

The scope of practice of the profession of social work means the assessment, diagnosis, treatment and evaluation of individual, interpersonal and societal problems. This is accomplished through the use of social work knowledge, skills, interventions and strategies to assist individuals, dyads, families, groups, organizations and communities to achieve optimum psychosocial and social functioning.

The scope of practice of the profession of social service work means the assessment, treatment and evaluation of individual, interpersonal and societal problems. This is accomplished through the use of social service work knowledge, skills, interventions and strategies to assist individuals, dyads, families, groups, organizations and communities to achieve optimum social functioning.

In health care, social workers help and empower clients and patients and their families to deal with emotional needs and problems that may accompany or predate illness and disability. This function involves counselling of clients and patients and their families to address emotional needs and problems associated with a health condition and, in appropriate cases, involves psychotherapy.

Social service workers work with a wide range of clients and, in doing so, develop appropriate action plans through the use of assessment, evaluation and referral skills. Social service workers intervene in crisis situations and, depending on specific job requirements, may provide counselling to individuals, families or groups regarding emotional problems.

In the course of their practice, a frequent function of social workers and social service workers is to collect, use, and on occasion disclose personal health information regarding their clients.

The college's collection, use and disclosure of personal health information is done in accordance with and as permitted by the SWSSW act, the regulations made under the act and its bylaws. Pursuant to its objects and its public protection mandate under the act, regulations and bylaws, the college currently collects, uses, and in some circumstances discloses personal health information about a member without the consent of the member. Given that many social workers and social service workers are involved in providing health care to clients, many of the activities of the college which relate to investigating and assessing the practice of a member of the college will involve personal health information of a client of such member. Under many circumstances, the college collects and uses personal health information with the client's consent. Under certain circumstances, the college collects and uses personal health information without the client's consent; however, it's necessary to do so to protect the public from harm caused by a member's incompetence, incapacity or professional misconduct. In other words, the purpose for which the college obtains personal health information about a client or a member is to investigate, assess and, where necessary, impose sanctions on a member in order to protect the public from harm.

It's important to understand that subsection 50(1) of the Social Work and Social Service Work Act imposes a duty of confidentiality on every person engaged in the administration of the act with respect to all information that comes to his or her knowledge in the course of his or her duties and not to communicate any of those matters to any other person, subject to limited exceptions. A breach of this provision is an offence under the act.

I will now turn my comments to a summary of the college's written submission to the committee regarding PHIPA.

The college appreciates the challenges of creating consistent and comprehensive rules for organizations that collect personal health information. Through this submission, the college wishes to assist the government in understanding the ways in which the protection of an individual's privacy and facilitating the effective provision of health care intersect from the point of view of the college. The college has reviewed the legislation principally from the perspective of the impact of the legislation on the role of the college to protect the public. The college firmly believes that facilitating the effective provision of health care includes ensuring for the public of Ontario that social workers and social service workers who provide health care are qualified and practise in accordance with professional standards protecting the public from practitioners who breach professional standards or who are incompetent or unfit to practise.

The college supports the government's initiative to provide clear rules for the collection, use and disclosure of personal information in the health sector, based on the principles enunciated by the Canadian Standards Association model code for the protection of personal information.

The college is pleased that a number of provisions of PHIPA recognize and are consistent with the role of the college to regulate its members in the public interest. Specifically, the college is pleased that the college has not been included in the definition of "health information custodian," and that specific provisions permit health information custodians to disclose personal health information without consent to the college for the regulatory purposes of the college. This information is essential so that the college can protect the public from harm.

The college supports the recognition under subsection 47(1), "Restrictions on recipients," that legislation such as the Social Work and Social Service Work Act may permit or require uses and disclosures that are different from the purpose for which the health information custodian disclosed information to the college.

As the college has stated, it is supportive of the intent of PHIPA, as well as much of the drafting of the new legislation. However, the college does have some concerns with certain sections of PHIPA.

The first of these is the paramountcy provision in PHIPA. PHIPA provides that it is paramount to any other legislation in the event of a conflict. There are several potential conflicts and inconsistencies between the PHIPA and the Social Work and Social Service Work Act. In the written submission, we provide some examples of provisions that may create a conflict between PHIPA and the Social Work and Social Service Work Act or where PHIPA and the Social Work and Social Service Work Act are inconsistent. The college is concerned that the potential conflicts and inconsistencies between PHIPA and the Social Work and Social Service Work Act will create confusion and unintended consequences regarding the college's regulatory role and will involve the college in proceedings before the courts while inconsistent and conflicting provisions await judicial interpretation. This would have a negative impact on the protection of the public from harm.

The college recommends that in order to avoid conflict and inconsistency between PHIPA and the Social Work and Social Service Work Act, a complementary amendment be made to the Social Work and Social Service Work Act to the effect that in the event of a conflict between a provision of PHIPA or its regulations and a provision of the Social Work and Social Service Work Act or its regulations, the provision of the Social Work and Social Service Work Act or its regulations prevail.

1540

As stated previously, the regulatory role of the college and the legislation governing this college is similar to the regulatory role of the health regulatory colleges and the legislation governing those colleges. We encourage the standing committee, when it is considering changes to be made to PHIPA relative to the health regulatory colleges, to recognize the similarities between this college and the health regulatory colleges and determine if any changes that may be contemplated relative to the health regulatory colleges are also applicable to this college.

In the written submission of the college, the college has made suggestions regarding the drafting of subsections 47(1) and (2) and clause 33(3)(c) of PHIPA. The drafting changes to section 47 are recommended to recognize the potential use and disclosure of personal health information received by the college in the course of its legislated duties. The college has a continuum of uses that it makes of personal health information in a manner that is either permitted or required by the Social Work and Social Service Work Act.

Subsection 47(2), however, does not recognize any exception to the obligation regarding the extent of use or disclosure of personal health information where an exception would be permitted or required by another act of Ontario.

If a health information custodian makes a mandatory report regarding a member that includes personal health information, then the college may conduct an investigation. This investigation may ultimately result in a referral of allegations of professional misconduct to the discipline committee of the college for a discipline proceeding. The member of the college who is the subject of a discipline proceeding could argue, based on subsection 47(2), that the full record of a college's investigation should not be provided to the prosecutor for the college to prepare for a discipline proceeding because not all of the personal health information contained in the record of the college's investigation was reasonably necessary for the purpose of the discipline proceeding. While these arguments on the part of a member may not ultimately be successful, the processes of the college may become embroiled in proceedings before the courts while provisions inconsistent with the Social Work and Social Service Work Act await judicial interpretation.

In addition, it is possible for the college to receive personal health information from a health information custodian that it would be required by law to disclose, such as in an order to comply with the common law duty to warn a person or persons if there is a significant risk of serious bodily harm to that person or persons. The current drafting of subsection 47(1) would not permit the college to do so.

The college wishes to recommend a change to the drafting of clause (c) of subsection 33(3) of PHIPA. This subsection appropriately recognizes the exception for the regulatory health colleges to the prohibition of the collection and use of another person's health number by a person who is not a health information custodian. This college will need to rely on this exception in the same way that the health colleges will. The college believes that this is just an oversight in the drafting and accordingly the language of the exception in clause (c) should be amended to include this college.

A number of the members of the college provide health care but are employed by agencies that are not health information custodians. There is a potential for a conflict between such a member's duties under PHIPA and the expectations of his or her employer to comply with the policies and practices of the employer. We suggest that consideration be given to adding protection for such an employee from retaliatory action by his or her employer when the employee is acting in accordance with his or her duties under PHIPA.

In conclusion, the Ontario College of Social Workers and Social Service Workers supports the Personal Health Information Protection Act and is encouraged to see a number of the provisions of PHIPA support the college's regulatory role and processes.

As stated, the main concern of the college is that the paramountcy provision of PHIPA may have unintended consequences that would impede the college in its legislated mandate to regulate its members for the protection of the public. The college recommends that, in order to avoid these unintended consequences, the Social Work and Social Service Work Act prevail in the event of a conflict between PHIPA and the Social Work and Social Service Work Act. The college would be pleased to assist in the implementation of any of these recommendations.

Thank you for the opportunity to make this submission to the standing committee and for your consideration of the college's concerns and recommendations.

The Vice-Chair: Thank you very much.

Ms Martel: Thank you for your presentation.

The Vice-Chair: You have a minute left, so if you could --

Ms Martel: Very quickly, then, because you're talking about how the social work act should prevail. In one of the areas that I see, if that happened, someone would not then be able to go to court to ask for an award for damages because that would be counter to section 49 of the social work act. Am I reading that correctly?

Ms Debbie Tarshis: Unless there was bad faith. One can sue any member of the college or its counsel if their action is done in bad faith. So the provision of section 49 does not exclude actions that have been taken in bad faith.

Ms Martel: But how does that square, then, with the provision under section 63 that says that if the commissioner has made an order, which I would assume would be that some wrongdoing has been found, which would lead to the privacy commissioner then determining someone could go forward with an action -- you not see a conflict there, then, that someone who would have a right under section 63 would lose that right if section 49 of the social work act actually prevailed?

Ms Tarshis: The Supreme Court of Canada has recognized the importance of immunity provisions given with respect to the members of counsel and committees of the college in carrying out their roles under their legislative framework because of the importance of supporting the regulatory role of these bodies. So consistent with the legislation that exists, the college would wish to see the immunity provision follow through with respect to all of its regulatory functions.

The Vice-Chair: Thank you very much for your presentation.

ROYAL COLLEGE
OF DENTAL SURGEONS OF ONTARIO

The Vice-Chair: The next group is the Royal College of Dental Surgeons of Ontario.

Mr Irwin Fefergrad: Good afternoon. It's been a long afternoon and day for you, I suspect. I understand why there are no windows in this room. You can't see what's going on outside.

With the permission of Mr Dhillon, may I provide each of the parties one of these kits? I undertake to provide each and every member a kit tomorrow. May I do that? Thank you very much.

The kit is a compliance kit that we prepared for each and every dentist in the province of Ontario to be fully compliant come January 1 with the federal legislation. I give it to you just to show you that it's not difficult for an entire profession to be compliant with privacy. In particular, the Royal College of Dental Surgeons of Ontario has a strong belief and commitment to privacy, as evidenced by what we did with the federal legislation.

Our college, as you've heard from other colleges, is not a university. We're not a teaching institution. We're a regulator and, in the case of dentistry, we regulate 8,000 dentists in the province of Ontario. You've given us this authority to do so under the Regulated Health Professions Act and we've been doing this for some 135 years, give or take.

We're governed by the Regulated Health Professions Act, which, as you know and have heard before, came into being in 1993. But it took about 10 years to develop in its concept, and it became a model of governance for regulatory bodies in not only North America but in the world. In fact, it's looked at today as a model piece of legislation. In fact, we now know it works very, very well.

1550

Our core responsibilities are, first, registration, basically entry: Do we license people, register them, in order to carry on the onerous responsibilities that you've allowed us to have?

Our second core responsibility involves the area around professional misconduct: complaints, where the public, of course, has access to our process, and discipline, where our committees have the authority to remove licensure or the permission to practise dentistry in the province of Ontario. In fact, the only body, of course, that can remove the ability to practice is the regulator. In our case it's our college.

Our third core area of business is the quality assurance business. We want to make sure that not only are we there for the discipline end but we're also there for the education and rehabilitative end for our members who in fact are licensed.

The RHPA provides a broad mandate for us, as you know. It allows us not only to increase the knowledge base of our members, to educate our members and to provide ethical codes for our members, but you also have provided us with the authority to set standards of practice for our members and to do anything that relates to health care in the broadest sense that will benefit and protect the public. We don't represent the membership; we represent the public. That's what you've delegated that responsibility to us to do.

We've been very active, as you know, as other colleges have, with the previous drafts of legislation that came with respect to privacy. We're delighted to see that much of the submissions that we've made historically are in this current legislation. The college supports this legislation, as it supports the notion and concept of privacy generally. It's something we've invested huge resources into, as I said before, not only with the PIPEDA legislation, but as we will with this one as well when it comes into being.

We're delighted that this information has incorporated many of our previous concerns and we're very pleased, for the most part, with it. That said, it's not a perfect piece of legislation, because nothing in life is perfect and ideal, but we thought we'd make a submission or two that might help make it just a little bit closer to perfection than it now is.

My colleagues have talked to you a bit about the notion of paramountcy, the notion of what piece of legislation should really, in the sense of a conflict, govern. When you have two competing pieces of legislation, it's important to look at what the consequences are if one piece is paramount over another: what will happen in terms of, in our case, public interest protection. I thought I'd give you two examples. I know that Ms Wynne had asked a colleague of mine earlier for some examples, which you were given, and I thought I'd scoop the opportunity and, having had some time to think about it, add a few to the trough for your consideration.

Subsection 11(2) of HIPA suggests that the test for record-keeping is reasonableness. Every college has a much higher standard; every college under the RHPA requires not reasonableness but accuracy. Accuracy is the test. The reason is that when a patient's health is at stake, it's important that the health care provider make sure that the record is as perfect as it can be so that if a subsequent health treating practitioner takes a look at that record, he or she can see what the treatment was before, what radiographs were ordered, what medicines were prescribed, what the medical history has been like, so that there is little opportunity of an error being made, with the patient's health being at stake, because of a conflict in the records.

So let's track this out and see what happens. As you know from our brief, one of the professional misconduct regulations is essentially that of a dentist who may not keep accurate records. Reasonableness is not good enough for us; accuracy is what's important. If that record isn't accurate, that member may find himself or herself the subject of a complaint and the subject of some concern by the college.

In a discipline hearing, it may well be that you have inadvertently provided a defence that might not otherwise be available. The defence would be this: "Look, college. You're imposing on us a standard of accuracy. However, HIPA is imposing on us a standard of reasonableness. The RHPA isn't paramount, and therefore HIPA is paramount. Therefore, the standard of accuracy that you're requiring has to fall by the wayside." Some of you may say that's an argument that, at the end of the day, because the discipline committee may or may not buy it, a court is going to have to decide is not going to hold much water.

The difficulty is that, assuming the discipline committee throws out that kind of argument and says, "Look, we understand what this is all about. We're talking here about patient safety, patient health. Accuracy is the name of the game," and they find the member guilty of professional misconduct, the member appeals and the appeal suspends the order of the discipline committee, so the member is able to continue to practise, able to continue to keep records that aren't accurate and that put his patients in jeopardy. It affords a defence. It costs a lot of money to defend these kinds of actions; it costs a lot of money to go to court. In fact, the government may be brought in with intervener status to be able to offer some argument and help to the court as to which legislation is paramount. At the end of the day, it's an unnecessary defence that nobody intends a member who's not abiding by college regulations to have.

That's just one example. We can use that same example in the area of fraud. Suppose the record is inaccurate, lacks detail, and the college has a complaint from an insurance company and says, "We suspect that the member is backdating service to cover off insurance," or "We suspect there is a wrong fee code being inserted in order to cover off one service that is covered, as opposed to the service that was actually rendered, which is not covered." Very often, by the way, in these cases -- and 135 years of business tells us this -- the patient is in collusion because the patient benefits. So we don't get a lot of co-operation from the patients on this.

Fraud is a very serious matter. It's something we take absolutely very seriously. We entrust our members not only with the health of patients but as well with honesty to deal with other stakeholders like insurance companies that have huge investments financially in health care and in providing insurance.

Spurious though it may be -- but it is a defence -- the member's defence would be, "Oh, gee whiz, the record isn't quite accurate. HIPA allows me to make some corrections to it. Let me make those corrections and therefore make it whole." In the meantime, a defence that wasn't intended would be offered and, again tracking it through, even if the discipline committee orders that the member has been found guilty of professional misconduct, the member would appeal. There's about another year and a half of wait until it goes to divisional court and another year and a half of this practice continuing.

One last example that I can think of, and I think I'll stop with that, is that under the RHPA you have mandated that in two specific sets of circumstances there must be mandatory reporting, one with respect to sexual abuse and another with respect to dismissal of a member. The requirement is that the college be notified in writing under those two sets of circumstances. That's fine, and we often get our information around boundary issues from this mandatory reporting section. If it's in a public health context or a hospital context, our best information on boundary issues actually comes from the mandatory reporting section.

The difficulty is that, again, it's a defence. It may not succeed at the end of the day, but why go through the headache? HIPA provides for the provision that essentially we're not allowed to use the information other than for the purposes for which it was intended. So the defence the member would have is that the report came to us because that's the mandatory requirement under the RHPA; the employer or the hospital reported to us because they have to. Nowhere does it say in the RHPA that we then track that to discipline. That becomes a registrar's discretion, whether or not we want to proceed to an investigation, and of course it all depends on the detail. But if we were to proceed -- in my case if I were to proceed to an investigation, I will likely be faced with an argument that I'm abusing my authority, because HIPA says that the mandatory reporting is for the purposes only of mandatory reporting. I'm not allowed to use that information, the argument would be, to pursue professional misconduct.

1600

I leave you with those three troublesome examples, and there are more. You will hear from my colleagues as you've heard from those before me that paramountcy is the one really troublesome issue in this legislation. We were fortunate enough to meet with the privacy commissioner's office the other day, and I know you will be hearing from the privacy commissioner herself tomorrow. Time permitting, if there is an exploration of the paramountcy argument, I think you will find that the privacy commissioner's office would join the colleges in our concern that when there is a conflict, the RHPA should really be paramount. I don't want to take up valuable time now, but there's lots of room in the legislation to tweak it just a little bit to make sure there is that continued public interest protection.

In conclusion, the college commends the government for coming through with this legislation. We take the government at its word that we will be involved in the consultation process with the regulations. Therefore we're not troubled with the authority and power under the regulations, knowing full well that we will be fully involved and fully consulted, using our years of experience to assist you in developing what will be as close to perfection as we can get in the regulatory process.

I'm happy to take any questions.

The Vice-Chair: We have a little less than two minutes each.

Ms Wynne: I just want to check out the paramountcy issue. There are a couple of sections or subsections in the bill, and I assume the answer is that they're not adequate, but I would like you to comment on them.

Under subsections 42(1), clauses (g) and (h), (h) says, "Subject to the requirements and restrictions, if any, that are prescribed, if permitted or required by or under any other act or an act of Canada or a treaty...." In other words, the disclosure of personal health information would be controlled by another act if it came into conflict with this one.

Mr Fefergrad: I liked your first comment: It's not good enough.

Ms Wynne: Based on what you said, I assumed it wasn't, but can you explain why it's not?

Mr Fefergrad: Whenever there is an issue that isn't clear, it raises defences that are not otherwise available. Unfortunately, the way the statute is worded, there are other statutes that are given paramountcy to HIPA; the RHPA is not.

Ms Wynne: The ones that are listed?

Mr Fefergrad: The ones that are listed, right. That will provide an argument. You see, the difficulty is that when government and people work on drafting of legislation, you're doing it with the best of intentions, to try to offer the best protection that's available to the public. When it gets in the hands of defence lawyers, sometimes they try to maybe give it intention interpretation that you didn't intend. All I'm suggesting is that if it's your intention that in areas of conflict the RHPA be paramount, it's safer to say so.

Ms Dayna Simon: Maybe I can add my clarification to that too. The section that you're referencing speaks to disclosure, and the section with the mandatory reports, where we have the problem, is subsection 47(2), which is a use.

Ms Wynne: Actually, I thought that was going to be your answer.

Mr Fefergrad: Well, I knew she would say that, so I didn't want to say it.

Ms Wynne: I was waiting for it. Thank you.

Mr Yakabuski: Thank you very much for joining us today. You've cited the same concern as two other colleges that were here previously this afternoon. It's with regard to paramountcy, whose legislation takes precedence in cases of conflict. You've spoken to a few examples. In the absence of bringing in a provision so that your act would take precedence, are there amendments you could recommend to the specific clauses you have concerns with that would bring them more in line or in compliance with your own acts so that we could avoid those conflicts without necessarily giving your act paramountcy over this act?

Mr Fefergrad: Actually, I like to say the RHPA is our act. We're all in it together. We don't own it; it's a teamwork effort.

I suppose you could look at subsection 7(2). It specifically says, in schedule A, "In the event of a conflict between a provision of this act or its regulations and a provision of any other act or its regulations, this act and its regulations prevail unless this act, its regulations or the other act specifically provide otherwise." So you could actually put a complementary provision in the RHPA, as others have submitted to you, or you could add a clause (f) in section 9. You've got some exceptions in section 9. You go from (a) to (e); you could add an (f) and say, "In the event of a conflict, the RHPA shall have precedence."

Ms Martel: Thank you for being here today. Actually, I wanted to focus on schedule B and your desire to see your quality assurance programs elevated to a level that I think would be on a par with, say, information that comes forward in a quality-of-care committee. The proposal you brought forward is either to do it by regulation, which I could see would work if we added perhaps a number 4 that would speak to the regulated colleges, because I'm going to assume that everybody else has them and would like that protection, or a consequential amendment to the Regulated Health Professions Act. I think it's the second one that I didn't understand in terms of how that, then, would deal with your specific concern that those discussions remain confidential.

Ms Simon: I think definitely the first thing we proposed would be preferable. With the amendments to the RHPA, we would look for the exact same language as you see in schedule B put into the RHPA for our quality assurance committee information.

Ms Martel: When you're talking about the same language, are you referencing the definition around "quality of care committee"?

Ms Simon: The same protections about use, compelling testimony. I think the real solution would be either to do it by regulation or to change it right in schedule B so that the health care colleges are actually listed.

Ms Martel: So you could do that under the definition of "quality of care committee" --

Ms Simon: Or by regulation.

Ms Martel: -- "that is established, appointed or approved, (i) by a health facility" or point number 2 or however you want to do it, by the college of a regulated health profession?

Ms Simon: Yes.

The Vice-Chair: Thank you for your presentation.

COLLEGE OF MEDICAL LABORATORY TECHNOLOGISTS OF ONTARIO

The Vice-Chair: Next, we have the College of Medical Laboratory Technologists of Ontario.

Ms Kathy Wilkie: Good afternoon, everyone. Thank you very much for the opportunity to address the committee. My name is Kathy Wilkie. I'm the registrar and executive director of the College of Medical Laboratory Technologists of Ontario, and I have with me legal counsel Christina Langlois, who is our director of investigations and hearings.

This afternoon I'd like to first tell you a little bit about the college and then turn it over to Christina, who will speak more specifically about the issues or the concerns we have with respect to HIPA.

The CMLTO is the regulatory body for almost 8,000 medical laboratory technologists in Ontario. The government established us as a regulatory college in 1993, with a mandate to protect the public interest by regulating the practice of medical laboratory technology.

Our mission is to protect the public's right to quality laboratory service by ensuring that all members meet and comply with the accepted standards of practice within a self-regulated environment.

1610

Our vision is to be recognized and respected for our leadership, collaboration and quality services by our members, the public, members of the health care team, government and other stakeholders.

Our values include professionalism, fairness, integrity, accountability and collaboration.

Many of you may not be familiar with what we do. We are considered somewhat of an invisible profession because we are behind the scenes working very diligently to provide essential information to other health care providers. The practice of medical laboratory technology is the performance of laboratory investigations on the human body or on specimens taken from the human body and the evaluation of that technical sufficiency.

It might be interesting to note that 70% of a person's medical file is comprised of medical laboratory test results. Over 70% of the medical decisions that are made and the treatment plans developed are based on those test results. The CMLTO works together with the laboratory services branch of the Ministry of Health and Long-Term Care and the quality management program-laboratory services to help set and monitor best practice standards.

One of our statutory objectives under the Regulated Health Professions Act is to develop, establish and maintain standards of qualification for persons to be issued certificates of registration in the province. We are also responsible to develop, establish and maintain programs and standards of practice to assure the quality of practice of the profession and to maintain standards of knowledge and skill and programs to promote continuing competence among our members.

Our core business includes setting entry-to-practice standards. We do ensure that members who practise medical laboratory technology in the province are only granted that right providing they have met the minimum set of criteria and have the essential competencies necessary to practise safely and protect the public from harm.

As you've probably heard from other colleges today, we also are responsible for complaints and discipline processes. We enforce the standards of practice and protect the public from incompetent practice through our complaints and discipline processes. These, combined with our investigatory powers set out in the RHPA, allow the college to deal effectively with complaints and reports or information related to professional misconduct, abuse, fraud or incompetence.

The free flow of information from health facilities, patients and health professionals regarding these matters is essential to our effectiveness as a regulator. The CMLTO, like other regulatory bodies, does not possess the resources to be in every practitioner's place of practice at all times. We must therefore rely on the information of others to be able to remove unsafe practitioners from practice.

The next core activity is incapacity and fitness to practise. The CMLTO also deals with practitioners who have physical or mental conditions that impair their ability to practise. Unfortunately, at times these practitioners must have their practices restricted, or in some cases be removed from practice entirely, to ensure the public safety. Again, it is essential for public protection that we are permitted unfettered access to the information that makes these processes work.

We've talked about quality assurance. My colleague who spoke before talked about the issues around quality assurance. The core of any self-regulating profession is a commitment to continuing competence. The RHPA creates a positive obligation on health regulatory colleges to have quality assurance programs to ensure that continuing competence is maintained by members. We have a multifaceted quality assurance program that includes practice reviews, technical competence evaluations, and a professional portfolio that must be maintained by every medical laboratory technologist and must be submitted to us upon request. This program allows medical laboratory technologists to evaluate their practice against objective standards, diagnose learning needs, and identify opportunities to improve their practice. Clearly a program of this kind relies on the absolute protection of the information to foster honesty and full disclosure. The benefits of a quality assurance program are well documented. CMLTO's program has been reviewed and evaluated by an independent body and found to fully comply with the high standards set out in the RHPA.

That's a little bit of background on our regulatory college and profession. At this time, I'd like to give Christina Langlois the opportunity to speak specifically to some of our college's concerns with respect to Bill 31.

Ms Christina Langlois: Thank you, Kathy. Ladies and gentlemen, I know the afternoon is getting long and it's miserable weather out there, so I won't repeat what you've already heard from other regulatory bodies. Our submissions on Bill 31, though, won't surprise you. Having heard from other regulatory bodies, I think it's safe to say that our support is in the same areas and our concerns are also in the same areas.

Firstly, the CMLTO is very supportive of specific privacy legislation that deals with the health care sector. We feel that it's appropriate and in fact needed that health care information be dealt with uniquely and separately from commercial information, so we very much welcome a specific piece of legislation geared to our unique needs.

We have been involved, as have our colleagues in other regulated colleges, in consultations on previous versions of provincial privacy legislation, and I think it's safe to say that we are very pleased with this iteration of the privacy legislation. It speaks to many of the concerns that we had raised in prior consultations. So I can tell you that the CMLTO certainly supports the spirit and intent of HIPA 2003, which is what we like to call it around our shop.

We do have some areas that we'd like to comment on specifically. Firstly, we're very encouraged to see that this legislation does not refer to colleges as health information custodians. In fact, quite clearly it does not lock us into that definition. In our submissions on previous versions of this privacy legislation we made clear how difficult being classified as a health information custodian would have made our regulatory activities. We're certainly grateful that we have not been so classified and would recommend that we remain in a non-custodial status, as we are now.

In terms of the disclosure provisions, I think we can say that we're very pleased at the efforts that have been made by the drafters to reflect college regulatory functions in the disclosure provisions of HIPA 2003. Clearly, you've recognized the need for health information custodians to disclose information to colleges for public protection and regulatory purposes. That's very important to us and we feel that has to be preserved.

We want to reassure you that as colleges under the RHPA, we are in fact subject to very strict confidentiality provisions in the RHPA, and the information that comes into our hands is dealt with appropriately from that perspective and always has been. In addition, the RHPA contains a number of other provisions that can be used to protect sensitive patient information or in fact the identification of patients who may appear at hearings. For instance, discipline hearings can be ordered closed and publication bans can be ordered to protect an individual's identity or their medical information.

We're very pleased also to see that there's a minimum consultation period included in the legislation for any proposed regulations. Unfortunately, the submission we make to you today has not had the benefit of input from our counsel because of the very quick turnaround time on this bill. We certainly would be happier if we were here with their input, because we think they bring a great deal to the table, both from representing the public of Ontario and our profession. So we're pleased to see that we'll have a minimum period in which to make those submissions in the future on proposed regulations.

We do have a number of concerns -- not a number; let's say two. That makes it sound more manageable. Again, they are the same concerns as have been expressed by other regulators.

The first is the issue of paramountcy. I think the CMLTO is quite pleased with the intent of the legislation and feels quite confident that the intent of the legislation was to protect privacy, but in a way that doesn't interfere with colleges' important regulatory functions.

Having said that, as my colleague Mr Fefergrad mentioned, the creativity of defence counsel is sometimes endless. So in any area where there is a lack of clarity, colleges potentially face defences from members and their counsel that HIPA was in fact intended to provide them with a shield from the college's powers to inquire into their practices or into their records, or frankly, it might be argued that it blocks the college from using information that comes to their attention. We at the CMLTO do not believe that was the intent of HIPA 2003, but we are concerned that these are the types of arguments we may face if some clarity is not brought into the legislation.

The example that I provide in my submission is not going to shock you either. It's the example of an incapacitated professional being reported to the college by their employer -- in this case, a hospital. We've assumed in our example that the MLT, or medical laboratory technologist, in question has been let go because they have a cocaine addiction.

1620

Clearly, the hospital has filed the report with the college to fulfill their mandatory reporting obligations, and in fact if they were asked, they would say just that. The report is usually drafted by their legal and HR departments to very much comply with the four corners of their mandatory reporting obligation.

Clearly, the college does not simply stop after receiving that information. I think the public would be dismayed to think that any college would receive that kind of information and not take further steps. The college uses that mandatory report, if you will, to trigger other processes that are put in place to appropriately deal with the matter. In this case it could well be an incapacity proceeding or a fitness-to-practise proceeding. It could even be a professional misconduct proceeding if the professional had been practising while under the influence of narcotics. So there is certainly a variety of different processes that the college may choose to access when they come by information about a practitioner.

It's our position that certainly we don't believe HIPA was intended to restrict those options or the college's ability to access those options. We feel that those options are very important for the protection of the public. Our concern is really that: Not that we think HIPA was ever intended to undermine our abilities or our effectiveness, our functions, our programs, but rather, by a lack of clarity in drafting, that there is a possibility that HIPA may provide unscrupulous members with a defence that, even if it's found to be ineffective in the long run, could delay the process as much as two years while the individual continues to practise. This is the unfortunate situation that we do not want to see happen as a result of what we feel is very good legislation to protect the privacy of patient health information.

We suggest to you a remedy that you've also heard before. The easiest solution would be, in those cases where the RHPA and HIPA 2003 conflict -- and there are only limited situations where that might happen -- to have the RHPA prevail.

The other example I provide in our submission is the example I believe you've already heard as well about the ability of investigators and assessors of the college to access confidential health information. Our legislation provides them that ability despite any confidentiality of health information in other legislation. We're concerned that someone might mount the defence that HIPA 2003 was actually meant to erode those powers and that we don't have the ability to access this information. From a regulator's perspective, the health information of our members and of their patients is often the best evidence we have to deal with incompetent practice and with individuals who should be removed from practice, so we very much are concerned about anything that might restrict our access to that information.

Our second concern, and I think again you've probably heard this before, is that we are very encouraged to see a very high level of protection given to quality-of-care programs in schedule B to HIPA 2003. We would like to request that college programs be so recognized as well and be provided with the same protections. The college programs are statutory, they run across the profession, they're inclusive, and we believe that makes them potentially very valuable and that they certainly deserve the same protections that quality-of-care programs have been granted under schedule B.

Having said all of that, in conclusion I can say that our college certainly supports HIPA 2003. We're pleased that there's a unique set of rules for health care but college functions are recognized in that set of rules. Our only concerns are unintended consequences that might emerge when the legislations come into conflict and also the request that our quality assurance programs be included in schedule B.

Thank you very much for your time and attention this afternoon.

The Vice-Chair: Thank you. We'll start with the official opposition; a couple of minutes each.

Mr Yakabuski: Thank you for coming in. We're not going to take too long either, because it seems to be an ongoing concern cited by, I guess, four regulatory bodies now. The committee has certainly duly noted that that's a concern you share.

Ms Martel: I'm going to ask you something that wasn't in your brief. It relates back to this issue of which act is going to be paramount.

The College of Social Workers has its own act, of course, which is different from the rest of the regulated professions.

Ms Langlois: That's right. They're not covered by the RHPA. I'm afraid I'm not terribly familiar with their legislation.

Ms Martel: No, no, I'm not going to ask that, because what's in their brief, which they didn't focus on, was of course that there is a section that essentially protects people from immunity.

Do you have, through the Regulated Health Professions Act -- are there sections that are essentially the same?

Ms Langlois: There are. They extend to individuals who serve on council and committees, and the immunity is for activities undertaken in their role as a council or committee member, or staff member as well, so if you have a staff investigator -- it's been argued that those individuals are covered as well. People have challenged that but I think, as my colleague Ms Tarshis has pointed out, the courts have been fairly supportive of the immunity provision.

Ms Martel: I don't pretend to be a lawyer, because I'm not. I want to be clear about something. The bill of course has a new section essentially that would allow for damages for breach of privacy. It was clear from the case by the social workers that if we allowed all of the details of their bill to be paramount, then I think -- and I could be wrong, and I'm not trying to undermine what they say -- this right, which is now in the law, would not be in place then for people trying to deal with their college. It's not clear to me whether, given what you just said, the same thing would happen if the committee made the argument that all of the details and implications of the Regulated Health Professions Act also applied. Is that going to then wipe out section 63 of this bill?

Ms Langlois: I wouldn't think so, not having studied it in detail, but my gut tells me not, simply because the immunity provisions were meant to be protective of people who were carrying out a legislative or statutory role or function under the act. I think that breaching privacy would certainly not fall within what would be seen as your role, and therefore you would not be protected in that context.

Ms Martel: The distinction is around a front-line provider, if I might, versus someone who in your college has a role that's different essentially.

Ms Langlois: That's right. Our immunity provision applies more so to those people who do committee and council work at the college but not to the practitioners in their practice. That's not the intent of that immunity. It's for people who do the committee work at the college.

Ms Wynne: Thank you for your presentation. Your recommendation around the paramountcy issue is that there be a complementary amendment. Is the suggestion then that there would be paramountcy on certain sections? Is that what you're suggesting? I mean, what would it --

Ms Langlois: How could it be structured?

Ms Wynne: Yes, how could it be structured?

Ms Langlois: There are various options. Certainly you could say that in any conflict the RHPA would prevail. There is the possibility of doing a section-by-section analysis. I think the difficulty at this stage, to be honest, is that no one has had the time to, in a very detailed way, create a comprehensive list of things that we think may conflict. Certainly, that is a possibility as well.

Ms Wynne: So as far as you're concerned, it doesn't have to be that blanket statement; it could be section by section and here are the issues where you need paramountcy.

Ms Langlois: It would require us to do a very detailed analysis but, absolutely, it's possible to go through and analyze those sections which we feel are most problematic.

Ms Wynne: The last question is on the timeline for implementation. Can you comment on that, the way it's written in the bill? Is the timeline too short or are you eager that we get going on this? Which is the --

Ms Langlois: We, like other colleges, have been involved with our federation, which is the group that represents all 21 RHPA colleges, whom I think you'll hear from tomorrow, in preparing for the application of PIPEDA to our members anyway and creating guides and checklists. So, no, I don't think that they --

Ms Wynne: So you're ready.

Ms Langlois: Yes. I think we've got to be ready for something to come, and if this is what it is then, yes, we can be ready.

Ms Wynne: Great. Thank you.

The Vice-Chair: Thanks to all the presenters and the members for being here today. The committee stands adjourned until 10 am tomorrow.

The committee adjourned at 1629.

STANDING COMMITTEE ON GENERAL GOVERNMENT

Chair / Président

Mr Jean-Marc Lalonde (Glengarry-Prescott-Russell L)

Vice-Chair / Vice-Président

Mr Vic Dhillon (Brampton West-Mississauga / Brampton-Ouest-Mississauga L)

Ms Marilyn Churley (Toronto-Danforth ND)

Mr Vic Dhillon (Brampton West-Mississauga / Brampton-Ouest-Mississauga L)

Mr Jean-Marc Lalonde (Glengarry-Prescott-Russell L)

Mr Jeff Leal (Peterborough L)

Mr Jerry J. Ouellette (Oshawa PC)

Mr Ernie Parsons (Prince Edward-Hastings L)

Mr Lou Rinaldi (Northumberland L)

Mrs Maria Van Bommel (Lambton-Kent-Middlesex L)

Ms Kathleen O. Wynne (Don Valley West / -Ouest L)

Mr John Yakabuski (Renfrew-Nipissing-Pembroke PC)

Substitutions / Membres remplaçants

Mr Wayne Arthurs (Pickering-Ajax-Uxbridge L)

Mr Lorenzo Berardinetti (Scarborough Southwest L)

Mrs Linda Jeffrey (Brampton Centre L)

Ms Shelley Martel (Nickel Belt ND)

Mrs Elizabeth Witmer (Kitchener-Waterloo PC)

Clerk pro tem / Greffier par intérim

Mr Trevor Day

Staff /Personnel

Ms Margaret Drent, research officer,
Research and Information Services

CONTENTS

Monday 26 January 2004

Subcommittee report G-5

Health Information Protection Act, 2003, Bill 31, Mr Smitherman /
Loi de 2003 sur la protection des renseignements sur la santé,

projet de loi 31, M. Smitherman G-5

Ministry of Health and Long-Term Care G-6
Hon George Smitherman, Minister of Health and Long-Term Care
Ms Carol Appathurai, acting director, health information privacy and sciences branch
Ms Halyna Perun and Mr Michael Orr, legal counsel, legal services branch

University Health Network G-22
Mr Tom Closson
Ms Tiffany Jay

The Anglican, Evangelical Lutheran and Roman Catholic Churches in Ontario G-25
Bishop George Elliott
Archdeacon Harry Huskins
Rev Adam Prasuhn
Mr John Varley
Bishop John Pazak

Centre for Addiction and Mental Health G-28
Ms Gail Czukar
Mr Peter Catford

Institute for Clinical Evaluative Sciences G-31
Dr Andreas Laupacis
Ms Pamela Slaughter

Canadian Mental Health Association, Ontario Division G-35
Ms Patti Bregman

College of Medical Radiation Technologists of Ontario G-37
Ms Sharon Saberton
Ms Debbie Tarshis

Ontario Medical Association G-40
Ms Barb LeBlanc
Dr Larry Erlick

Ontario College of Social Workers and Social Service Workers G-44
Ms Mary Ciotti
Ms Glenda McDonald
Ms Debbie Tarshis

Royal College of Dental Surgeons of Ontario G-47
Mr Irwin Fefergrad
Ms Dayna Simon

College of Medical Laboratory Technologists of Ontario G- 50
Ms Kathy Wilkie
Ms Christina Langlois