Compliance with the “Personal Information Protection and Electronic Documents Act” (PIPEDA), is currently a “hot” topic for Canadian dentists. (This law now applies to the practice of dentistry effective January 1, 2004.)
PIPEDA essentially “establishes a right to the protection of personal information collected, used or disclosed in the course of commercial activities…” The Statute sets out 10 principles to govern this right (a good starting point for dentists is the “kit” created by the Royal College of Dental Surgeons of Ontario, which includes a copy of the statute itself).
Start by taking a few minutes to read the legislation (as painful as this may be!). Remember, the essential objective is to respect your patient’s privacy of personal information (the “forest”). The 10 principles (the “trees”) indicate how you are to respect such privacy. As one lawyer aptly put it, understand the legislation and act reasonably.
Determine what you “must” do and what you “should” do. This can give you a hint as to what discretion you have. Seek advice but don’t jump at everything you hear. For the greatest peace of mind (which may be fragile at best) retain a lawyer and get legal advice. Be cognizant of what your provincial regulatory body is recommending. However, remember, this is federal not provincial legislation and your accountability under PIPEDA is to the federal Privacy Commissioner. Presumably if you comply with the Privacy Commissioner’s requirements, the likelihood of regulatory body liability for PIPEDA related issues should be minimal or non-existent.
Creating your office privacy policy, drafting and executing patient consent forms and third party confidentiality agreements undoubtedly all require your attention. However, simply relying on “forms” to inform your patient is analogous to focusing only on the trees and not the forest. It seems to me that talking to your patients will be the most effective manner of letting your patients know you respect their privacy and will maintain same when you collect, use and disclose their personal information.
One of the hallmarks of excellent dentistry has and always will be, good communication with your patient. Complying with PIPEDA by using your same time-tested chairside manner should be no exception.
One should not overlook the importance and value of taking just a few moments to personally discuss with your patient (and note in your chart that you did so) your privacy policy, consent forms and steps you will take to maintain his or her privacy of personal information. Doing this as part of your usual and customary procedure with your patients will be more “patient friendly” and have a higher likelihood of the patient knowing about and consenting to your collection, use and disclosure of their personal information as a matter of course. In addition, this could also help to reinforce or perhaps reduce the amount of detail you need to put in, for instance, any written patient consent form you want the patient to sign.
From a risk management perspective, the appropriate combination of verbal communication with the patient (which is also noted in the patient’s chart) along with the documentation as contemplated by the statute should help immeasurably in avoiding and defending against disputes arising from any alleged breach of PIPEDA.
Dr. Matsui is both a lawyer and a dentist and acts as legal counsel for dentists on various matters including complaint and discipline proceedings before the RCDSO. He is also the Executive Director of the Canadian Dental Protective Association (CDPA).
DISCLAIMER: The comments provided herein are of a general nature only and are not to be taken as legal advice upon which you can rely. Appropriate legal advice should be obtained from your own lawyer prior to taking action.
