ºÚÁϲ»´òìÈ

The number of apps for managing health information has exploded in recent years. These apps may be useful for tracking personal data such as heart rate and blood pressure, but many can be used to assist with the administration of patient care, including in the hospital setting. For example, a quick search of the online Google and Apple stores shows apps such as Patient Tracker, Inpatient Tracker, Patient Records-EHR, On Call Notes and List Runner, amongst many others. While these apps can be very useful for organizing or providing health services to patients, their use must comply with both privacy laws and ºÚÁϲ»´òìÈ and/or Faculty of Medicine & Dentistry policy.

Privacy Laws
In ºÚÁϲ»´òìÈ, the Health Information Act (HIA) provides the legal framework for how individually identifying health information must be handled and protected. Specifically, the HIA requires that any custodian who wants to use a new information system, including health apps, must first submit a Privacy Impact Assessment (PIA) to the ºÚÁϲ»´òìÈ Office of the Information & Privacy Commissioner (OIPC):

64(1) … each custodian must prepare a privacy impact assessment that describes how proposed administrative practices and information systems relating to the collection, use and disclosure of individually identifying health information may affect the privacy of the individual who is the subject of the information.

(2) … the custodian must submit the privacy impact assessment to the Commissioner for review and comment before implementing any proposed new practice or system described in subsection or any proposed change to existing practices and systems described in subsection (1).

Note that the terms of use of an app provided by the software developer, even if stated to be compliant with United States or Canadian privacy law, may be insufficient in assuring that individually identifying information is adequately protected as required by the HIA. As such, using an app or web-based system without a PIA would be considered a breach of the HIA and therefore potentially subject to investigation and penalties.

University Policy
ºÚÁϲ»´òìÈ Faculty of Medicine & Dentistry members, staff and learners should be familiar with the privacy requirements regarding individually identifying health information, including relevant FoMD policies and procedures and, when applicable, ºÚÁϲ»´òìÈ Health Services (AHS).

 

---

Resources


Faculty of Medicine & Dentistry Privacy Resources Webpage
OIPC Privacy Impact Assessments