FIPPA and PHIA – Protecting your privacy or denying you access?

posted by Carolyn @ 5:19 PM

W e heard from four individuals regarding the two sides of Manitoba’s FIPPA (Freedom of Information and Privacy Protection Act) and PHIA (Personal Health Information Act). At stake is the essential nature of the legislation and its impact on people’s lives. Do FIPPA and PHIA protect your privacy or do they deny you access to important information?

First, Mimi Raglan shared the story of how her mother died 18 days after being admitted to hospital. The family applied for access to her medical records and treatment plan, but did not receive them until after her death because of the 30 days that hospital staff have before they must comply with a request for access to information. When the records were finally received, the family requested an investigation of the way the case was handled. After the results of the investigation were made public in a severely shortened format, Mimi Raglan spent the next 3 years appealing at the office of the ombudsman again and again to have the full investigation report made public. Finally, just prior to former ombudsman Mr. Tucker's retirement, a mostly intact version of the report was made available.

Raglan feels that PHIA was used to protect sensitive information in both her mother's treatment plan and in the investigation report afterwards.

Blake Taylor advocates on behalf of families and caregivers of elderly patients. He shared his concerns that people are not being educated properly about their access rights or those of their loved ones. For example, while many caregivers have power of attorney, this only gives them financial authority and does not affect other types of personal information such as health care records.

Taylor called for a reform of both FIPPA and PHIA to make sure that the access and disclosure side of the legislation is as tough as the protection of privacy side. He suggested that hospital privacy officer should have their title changed to "access and privacy officer" in order to raise awareness about patients' disclosure rights, and that the position should have nothing to do with protecting hospital staff. Also that the penalties for the wrongful denial of information should be as strict as those for wrongful release of information.

As an example of openness and transparency in personal health information, Taylor pointed to France where patients are responsible for their own medical records. Finally, he mentioned the term, coined by recently appointed ombudsman Irene Hamilton, PHIA-noia to describe the state of vigilance that many health professionals maintain over health information.

Conway Fraser has been called an abuser of FIPPA for the numerous times he has “filed a FIPPA” (over 200 times in one year), or in other words, made a request for information under FIPPA. He claims that he is merely acting on behalf of the public, as an investigative journalist for CBC's I-Team, finding (and reporting on) information that the rest of use do not have time to look for. He shared stories of many requests for basic information in which he was required to file a FIPPA request, at great cost to taxpayers for the administration costs. One example he gave was of being denied access to health inspectors’ reports on restaurants. He also told of being refused access to a document which he then found available in the public library.

There was one naysayer in the audience who spoke with me after the session and pointed out that Fraser would better serve the taxpaying public by doing his research first to see if information is available through a library before filing a FIPPA. My naysaying friend was also concerned that people stop victimizing their lack of information about access to information rights, and start taking responsibility for educating themselves about situations such as power of attorney.

Finally, we heard from Gail Perry, representing the office of the ombudsman. She chose not to respond to the experiences of the other three panelists with FIPPA and PHIA, nor did she feel the need to apologize for the legislation which her office had nothing to do with creating. While she acknowledged that her office is struggling with how to respond to complaints about denied access rights, she wanted to represent the other half of the legislation which is charged with protecting privacy. She also pointed out that the legislation, although establishing some "limited restrictions" on access rights, also establishes a duty to assist and to support routine disclosure of information. I think this would be more encouraging if it was accompanied, as Blake Taylor suggests, by stiffer penalties for the wrongful denial of access.

In support of the privacy aspect of the legislation, Perry ended on an appropriate note of bureaucratic stuffiness. Describing the important functions of privacy protection (the collection, use, and disclosure of information), she added yet another acronym to the list, CUD, and then mentioned the safeguarding of information as another function. The "S", however, has bee excluded from the acronym because "cud" cannot be plural.

Perry made it clear that FIPPA and PHIA have important roles to play in protecting privacy. However, with such strong cases against the access to information side of the legislation, it is clear that some changes are necessary. Both pieces of legislation have been under review in the last year and reportedly still are, although I can't find any current information on this. Each of the participants in today's panel spoke of the need for more awareness and involvement from the public.

Links:

Ombudsman's Office