With the onset of COVID-19, and the requirement to adhere to social distancing guidelines, virtual health care has become a convenient alternative for custodians to connect with, and care for, their patients. Virtual health care includes digital communications such as secure messaging, telephone consultation, and videoconferencing.
Ontario’s health privacy law, the Personal Health Information Protection Act (PHIPA), applies to virtual care as it does to in-person care. Health care providers must comply with the provisions of PHIPA, all other applicable laws and regulations, and any guidance issued by relevant professional regulators.
The IPC has guidance for professionals in the health care sector, Privacy and Security Considerations for Virtual Health Care Visits. The guide outlines some of the key requirements in PHIPA relevant to all health care providers, including those who operate in a virtual health care context. It also provides practical steps they should take to protect personal health information, particularly as they plan and deliver virtual health care.
My health care provider is only taking appointments virtually, but I am concerned about my privacy using teleconferencing apps. Do I have to have a virtual appointment or can I request an in-person visit?
The delivery of virtual health care has become an integral part of Ontario’s health system, especially since the start of pandemic.
It’s important to know that Ontario’s health privacy law, the Personal Health Information Protection Act (PHIPA), applies to virtual care as it does to in-person care. The IPC has published guidance on the steps health care providers should take to protect personal health information as they plan and deliver virtual health care.
Different forms of digital communication can offer significant convenience for health care providers and their patients when physical distance or the need to socially distance poses a challenge to providing in-person care. However, virtual health care also raises certain privacy and security concerns because it depends on technologies, communication infrastructures, and remote environments.
Some of the risks involved in using virtual care technologies include the potential for privacy breaches resulting from physical or electronic eavesdropping, hacking and software exploits, technical failures, and configuration errors.
If you are unsure if virtual health care is appropriate for you, you should reach out to your health care provider to discuss your needs and concerns. They are in the best position to determine when and how you can access in-person care. Our guidance to health care providers is to determine, before booking a virtual visit, whether a virtual visit is appropriate, considering their patient’s needs, computer, and technical requirements, the purpose of the visit, and relevant regulatory guidance.
In addition, they must consider the risks and benefits of holding the visit virtually rather than in person, including patient consent, safeguards to protect the privacy and security of the patient’s personal health information in a virtual setting, and other factors.
Does my health care provider need my consent before setting up a virtual visit?
Using plain language, health care providers must inform their patients of the limitations and risks of virtual care visits, including potential privacy breaches resulting from physical or electronic eavesdropping, hacking and software exploits, technical failures, and configuration errors.
Health care providers must have the patient’s consent to collect, use, and disclose personal health information through virtual care technologies and services. The patient should not feel coerced into using virtual health care, as Ontario’s privacy law requires that their consent be given voluntarily, without coercion, to be valid.
The patient should also be informed that they can withdraw this consent at any time.
