QCIPA tries to balance confidentiality, right to information

Significant changes to transparency and accountability in the province’s hospitals could be on the horizon, if legislation under the Quality of Care Information Protection Act is approved later this year.

Impending changes to the act are based on a series of 12 recommendations released last September by a special committee of health-care and legal professionals.

The committee, co-chaired by Dr. Andreas Laupacis, executive director of the Li Ka Shing Knowledge Institute of St. Michael’s Hospital, was tasked with finding ways to improve the act, first passed in 2004, and health sector legislation related to critical incident reviews and investigations.

“We did think that the principle of being able to investigate critical incidents in confidence should be maintained, so the principle of QCIPA should be retained, but our feeling was QCIPA should only be used if absolutely necessary,” says Laupacis, explaining a critical incident is an “unexpected and serious” event that leads to patient harm.

He says the QCIPA allows for health-care employees a confidential route to provide information and speculation for an investigation without fear those speculations may be used against them in court.
Laupacis says one of the main concerns in the public eye and legal community was that the QCIPA was being used “to hide actual findings” of investigations, leaving patients or their families in the dark about the results of a critical incident investigation.

Proposed changes to the act will be the subject of a professional development and continuing education program hosted by the Medico Legal Society of Toronto Jan. 26 at the Doubletree by Hilton.

Patrick Hawkins, partner in the Health Law Group of Borden Ladner Gervais LLP and a member of the QCIPA review committee, will be part of a panel with Laupacis to discuss the legal implications of the changes.

Hawkins says it has long been recognized in common law that in certain circumstances peer and quality assurance reviews are an appropriate method to investigate incidents where some information might need to remain confidential.  

He says the difficulty in creating policy is finding the balance between the right to confidentiality and the right to access information. He says that while the current version of the act includes those balanced principles, the recommended changes make a far more clear emphasis on striking that balance.

“If you go back to the original QCIPA, I think the balance was there, but it’s more expressly stated in the preamble to the new bill,” Hawkins says. “The balance is that you need to be open and transparent with patients or their representatives but health-care providers and staff sometimes need to hold confidential discussions to identify and analyze errors, systemic problems, and opportunities for improvements.”

Laupacis says elements key to the legal profession include a strengthened process to prosecute offences under the Personal Health Information Protection Act by removing a requirement that prosecutions must be commenced within six months of when an alleged offence occurs and new provisions that make it mandatory for hospitals to report privacy breaches to the Information and Privacy Commissioner or to relevant regulatory colleges.

Maximum fines will also double for offences to $100,000 from $50,000 for individuals and to $500,000 from $250,000 for organizations. Recommendations include an affirmation of the rights of patients to access information about their own health care and a clarification that certain information and facts about critical incidents cannot be withheld from affected patients and their families with a requirement that the Ministry of Health and Long-Term Care review the QCIPA for effectiveness every five years. To improve transparency in investigating critical incidents, the committee recommends assurances that patients or their representatives are interviewed as part of a critical incident investigation and that they are informed of the cause, if that is ultimately determined.

Laupacis said one of the surprising findings by the committee in reviewing the legislation is that there was far too varied use of the QCIPA in critical incident investigations.

“We found QCIPA was used with incredible variability across hospitals in this province, from some hospitals saying ‘we almost never use QCIPA when we investigate a critical incident because our staff is willing to talk about it or we just feel we don’t need it’ to hospitals that said ‘we put 100 per cent of our investigations under QCIPA.’” Laupacis says.

“That surprised us; we figured there would be some variation but not that great. We consulted quite seriously a number of patients and family members who had been involved in investigations and they said to us that it looks suspicious or odd to have this great variability across the province.”

He says because of that the committee strongly recommends a standardized use of the QCIPA across Ontario.

“We also emphasized that whether QCIPA was used or not, at the end of the investigation the patients and the family, whoever the patient wants told, have to be told what happened, why, and what the hospital intends to do to prevent it from happening again,” Laupacis says, adding that under the current structure of the QCIPA, there is no requirement for hospitals to share the outcomes of an investigation and how the hospital is responding to ensure it is not repeated.

Laupacis says the recommendations include a provision that the investigation results, while protecting patient information, should be shared to help eliminate the potential for repeated errors in other facilities.

“As the health-care sector transitions to shared electronic health records, the privacy of patients and the confidentiality of their personal health information must be protected to ensure public confidence,” said Brian Beamish, the information and privacy commissioner of Ontario, in a press release from the Ministry of Health and Long-Term Care announcing the committee recommendations.

“The introduction of mandatory breach reporting to my office and strengthening the consequences for those who violate patient privacy will bring increased accountability and transparency as well as instill trust in the health system.”

The act is in the second reading process and will be due for approval later in 2016. Registration for the professional development event running Jan. 26 from 6 to 8 p.m. is available through the Medico Legal Society’s web page at mlst.ca.