Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

KNPE400 > Week 4: Privacy Legislation > Flashcards

Week 4: Privacy Legislation Flashcards

1
Q

Personal Information Protection and Electronic Documents Act (PIPEDA)

A

Federal privacy law for private-sector organizations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does the PIPEDA law apply to?

A

Collection, use and disclosure of personal info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the purpose of PIPEDA?

A
  • people have the right to access personal info and to challenge its accuracy
  • personal info can only be used for the purposes for which it was collected
  • must obtain consent again if being used for diff purpose
  • personal info protected by safeguards
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is meant by “substantially similar”?

A

Some provinces have privacy laws deemed substantially similar to PIPEDA and this means that in some circumstances the provincial law applies instead of the federal law but this may differ based on the case

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Federal privacy act purpose

A

Extend the present laws of Canada that protect the privacy of individuals personal info held by a governmental institution and that provide individuals w a right to access that info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In which selected domains does the federal government run health care?

A
  • department of national defence
  • correctional service of canada
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Canada’s anti-spam legislation (CASL) purpose

A
  • to protect consumers and businesses from the misuse of digital technology, including spam and other electronic threats
  • to help businesses stay competitive in a global digital marketplace
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How can you make sure you’re complying with CASL?

A
  • dont send messages without consent
  • provide an opportunity for clients to say no to commercial electronic messages
  • clearly identify yourself and the organization (ie. business name, your name, current mailing address, phone number/email, an unsubscribe mechanism)
  • be truthful in advertising (ie. specify whether taxes are included)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the Personal Health Information Protection Act of Ontario (PHIPA)?

A

Ontario’s health-specific privacy legislation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the purpose of the Personal Health Information Protection Act of Ontario (PHIPA)?

A
  • governs how personal health info may be collected, used and disclosed within the health sector
  • regulates health info custodians, individuals and organizations that receive health info from custodians
  • gives individuals greater control of how personal info is collected, used and stored
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

PHIPA terms

A

Collect
Use
Disclose

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Collect

A

Gather, acquire or obtain the info by any means from any source
ex. referral

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Use

A

View, handle or otherwise deal w the info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Disclose

A

Make the info available to another health info custodian or another person

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does PHIPA require health info custodians to do before personal health info is collected, used or disclosed?

A

Obtain consent!!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What rights does PHIPA provide for indivduals?

A
  • right to access and request correction to personal health info
  • independent review and resolution of complaints through the Office of the Information and Privacy Commissioner of Ontario (IPS) when privacy rights have been violated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a health information custodian (HIC)?

A

A person who operates an organization that delivers healthcare as a solo practice, group practice or organization (ie.hospital, LTC) that has a reason to know personal health info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Examples of HICs

A
  • health care practitioners
  • LTC homes
  • hospitals
  • pharmacies
  • psychiatric facilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Agent of a HIC

A

A person that with the authorization of the custodian, acts for or on the behalf of the custodian in respect of personal health info for the purposes of the custodian, not the agent’s own purposes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Examples of agents of a HIC

A
  • front desk clerk at a clinic
  • students
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Administrative duties of HICs

A
  1. develop and comply with policies with respect to when, how and the purposes for collection, use, modification and disclosure of PHI and the administrative, physical and technical safeguards that are maintained
  2. designate a contact person
  3. display a written public statement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What does a contact person do for the HIC?

A
  • facilitate compliance w PHIPA
  • ensure agents are informed of duties
  • respond to public inquiries about policies
  • respond to requests for access or correction
  • receive public complaints about alleged privacy breaches
23
Q

What does the written public statement include?

A
  • privacy policies of HIC and purpose of collection, use and disclosure of PHI
  • how to contact
  • how to seek access to or correction of a record
  • how to make a complaint to HCI and IPC
24
Q

HIC exceptions- dont need to adhere to PHIPA

A
  • aboriginal healer or aboriginal midwife that provides treatment to members of aboriginal community
  • a person who provides treatment solely by spiritual means or prayer
25
Q

What is personal health information (PIH)?

A

Information that can identify and be connected to the health of an individual

26
Q

What must PHI be related to, to be defined as PHI?

A
  • physical or mental health of an individual, including family health history
  • health care provided or the provider
  • payment for health service or eligibly for health care services (ie. benefits, insurance)
  • health card number
  • donation or testing of body part or bodily substance
  • identification of substituted decision-maker
  • non-health care info mixed in w other PHI
27
Q

Is phone number or home address considered PHI?

A

Not unless it is part of a reference that includes PHI

28
Q

What is a registered kinesiologists obligations under PHIPA?

A
  • notifying the individual whose info has been stolen, lost, used or disclosed inappropriately
  • notifying the Privacy Commissioner of Ontario when required
  • informing the HIC at earliest convenience if the kinesiologist who caused the privacy breach is an agent of a HIC
29
Q

When are kinesiologists that are HIC required to make a report to the appropriate regulatory college?

A
  • if disciplinary action is taken against a member of a College, who is an employee or an agent of the HIC, for a privacy breach
  • if the employee or agent of the HIC resigns and the HIC has reasonable grounds to believe that the resignation is related to investigation or other action relating to privacy breach
30
Q

What do regulated health professions in Ontario have to comply to?

A

PHIPA and CASL

31
Q

What do regulated professionals who also engage in commercial activities outside of Ontario have to comply to?

A

PIPEDA

32
Q

What is the Health Care Consent Act intended to do?

A
  • provide rules w respect to consent to treatment that apply in all settings
  • facilitate treatment and enhance role of family members for persons lacking capacity to make decisions
  • enhance autonomy for person receiving proposed treatment
  • promotes communication and understanding
  • permit intervention by Public Guardian and trustee as last resort to make decisions on behalf of incapable person
33
Q

How does the Health Care Consent Act enhance autonomy?

A
  • allowing persons found to be incapable to apply to Consent and Capacity Board for a review
  • allowing incapable persons to choose a representative to be appointed to make decisions on their behalf
  • requires adherence to treatment wishes expressed by person while capable and after 16 years old
34
Q

What is required under the Health Care Consent Act before a health practitioner in Ontario can provide treatment?

A

CONSENT

35
Q

What must the consent be?

A
  • related to the treatment being proposed
  • informed
  • voluntary
  • not obtained through misrepresentation or fraud
36
Q

What information must be provided for an individual to give informed consent?

A
  • the nature of the treatment
  • the expected benefits
  • alternative courses of action
  • risks and side effects
  • consequences of not having treatment
37
Q

PHIPA principles

A
  1. Accountability
  2. Identifying purpose
  3. Informed consent
  4. Limiting collection
  5. Limiting, use, disclosure and retention
  6. Accuracy
  7. Safeguards
  8. Transparency
  9. Individual access
  10. Challenging compliance
38
Q

Principle #1: Accountability

A

HICs must take reasonable steps to ensure that records are kept in a manner that ensures legislation and professional standards are respected

39
Q

Principle #2: Identifying purpose

A

HICs and their agents ensure that the purpose for which they routinely collect, use, disclose, or retain PHI is clear to the individuals whose PHI they’re managing

40
Q

Principle #3: Informed consent

A

When PHI is being collected, used, disclosed there must be informed consent, either by the individual whose PHI or by their substitute decision maker (SDM)

41
Q

Principle #4: Limiting collection

A

HICS must ensure that all forms of PHI are only collected for the purposes for which they are required and the purposes for which individuals provide consent

42
Q

Principle #5: Limiting, use, disclosure and retention

A

The legally permitted uses of PHI are:
- for the purposes for which PHI was created or collected
- for planning, delivering or monitoring services for which the custodian allocated funding
- for risk management or other activities to maintain quality of care
- for educating agents to provide care
- for obtaining payment, verifying or reimbursing claims etc.
- for research conducted by the custodian

43
Q

Principle #5: Limiting, use, disclosure and retention–> legally permitted disclosures of PHI are…

A
  • within the circle of care
  • outside the circle of care with the consent of the patient
  • to the SDM of an incapable person
  • within the organization fro certain audit or accreditation purposes
  • to a “successor” (person taking over as HIC) with an attempt to gain consent and an attempt to contact patients to inform them
44
Q

Principle #5: Limiting, use, disclosure and retention–> retention policies

A

HICs responsible for ensuring that retention policies and standards are followed

45
Q

Principle #6: Accuracy

A

HICs are responsible for ensuring that reasonable steps are taken to ensure records are accurate, complete, and up-to-date

46
Q

Principle #7: Safeguards

A

HICs must take reasonable steps against theft, loss and unauthorized use or disclosure and to ensure that the records containing the info are protected against unauthorized copying, modification or disposal

47
Q

Safeguards examples

A
  • physical measures
  • administrative/organizational
  • technological
48
Q

Safeguard examples- Physical measures

A
  • locked rooms/cabinets
  • writing “confidential” on envelopes sent out
  • securely shredding documents when it comes time for disposal
  • secure lockable file box for travelling and carrying the minimal necessary documents with you
49
Q

Administrative/organizational

A
  • systems of who has access to physical locations and electronic systems
  • providing private areas for conducting conversations in person or by phone
  • IT policies and processes
50
Q

Technological measures

A
  • passwords on files, encryption
  • ensuring data is backed up
  • secure channels for transfers
  • being clear about who the voicemail message is for limiting info
50
Q

Principle #8: Transparency

A

HICs must display or make available a written public statement about their privacy policies and patients/clients’ rights

51
Q

Examples of privacy breaches

A
  • records are seen by someone who should not see them
  • email, text messages or phone messages are sent to wrong person or are intercepted
  • paper records stolen
  • electronic records are accessed by people who should not have access
  • conservations are overheard by people outside the ‘circle of care’
52
Q

Principle #9: Individual access

A

HICs must provide individuals w access to their PHI upon request with rare expections, and a valid request for acess can be oral or in writing

53
Q

Principle #10: Challenging compliance

A

There are multiple powers granted to the Info and Privacy Commissioner of Ontario (IPC-O) and regulatory health colleges to investigate complaints from the public and to enforce penalties on practitioners who fall short of the expectations under the law

KNPE400 (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions