CCO Council has approved minor amendments to Guideline G-010: Mandatory and Permissive Reporting.
This guideline outlines the various legal and professional reporting requirements of members. These include the reporting of sexual abuse of a patient by a regulated health professional to the appropriate regulatory college, child abuse to the children’s aid society and abuse of a resident of a nursing home or retirement home to the Registrar of the Retirement Homes Regulatory Authority. Please review the guideline for details on these reporting requirements.
In addition to minor wording amendments, CCO Council has approved amendments to the guideline which summarize legal reporting requirements for breaches of patient privacy. Members who act as “health information custodians” or employers of other regulated health professionals have additional reporting obligations when it comes to suspected breaches of privacy in their office. A “health information custodian” means a person or organization who has custody or control of personal health information as a result of or in connection with performing the person’s or organization’s power or duties.
In accordance with the Personal Health Information Protection Act, 2004 (PHIPA), a member acting as a health information custodian is required to report the following:
- notify affected individuals and patients and the Information and Privacy Commissioner if patient personal health information is stolen, lost or used or disclosed without authority; and
- notify the appropriate regulatory body if a regulated health professional that is employed by the member has committed a breach of patient personal health information.
Please review the guideline for details on these reporting requirements.
How this Affects Members
Members who are health information custodians or employers of other regulated health professionals should review their privacy practices and ensure there are policies and procedures in place to protect the privacy of patient personal health information and report suspected breaches of privacy.
Members who employ other regulated health professionals should ensure they understand their reporting obligations if any employee who is a regulated health professional is suspected to have breached patient privacy. For example, a member who has terminated, suspended or disciplined a massage therapist under their employment for a breach of privacy, is required to report this incident to the College of Massage Therapists of Ontario. This reporting obligations also applies when the member has reasonable grounds to believe that an employee has resigned from their position due to a breach of patient privacy.
Additional Resources Related to Privacy
Please see the following links to additional resources related to patient privacy and the collection, use and disclosure of personal health information.