Government Notices — Other

Notice of Minister of Health

Notice of Proposed Regulation

Personal Health Information Protection Act, 2004

The Minister of Health on behalf of the Government of Ontario invites public comments on regulations proposed to be made under the Personal Health Information Protection Act, 2004 (PHIPA).

PHIPA came into force on November 1, 2004. Ontario Regulation 329/04, General, made under PHIPA (the PHIPA Regulation) also came into force on November 1, 2004. The Government is proposing amendments to the PHIPA Regulation. PHIPA requires that the Minister publish a notice of the proposed regulation and allow 60 days for public comment, after which the Minister reports to the Lieutenant Governor in Council, who may then finalize the regulation with or without changes.

Content of Proposed Regulation

The proposed regulation would make the following amendments to the PHIPA Regulation:

1. Regulations pertaining to the interoperability of digital systems and assets
   • Establish that Ontario Health shall establish interoperability specifications that pertain to digital health assets, subject to the direction and approval of the Minister.
   • Establish that health information custodians must ensure that the digital health assets that they select, develop or use are compliant with applicable interoperability specifications.
   • Require Ontario Health to establish a certification process by which a list of digital health assets that are compliant with specifications may be published.
   • Require health information custodians to provide Ontario Health with reports upon request, and to cooperate and assist the Agency to support compliance monitoring.
   • Require Ontario Health to establish a compliance monitoring process.
   • Establish that enforcement of the regulation would occur by means of complaint to the Information and Privacy Commissioner, supported by any reports or information collected in the process of compliance monitoring.

Invitation to Provide Comments on Proposed Regulation

The public is invited to provide written comments on the proposed regulation over a 60-day period, commencing on May 23, 2020 and ending on July 22, 2020.

In providing comments, please consider whether the proposed amendments to the PHIPA Regulation should be made, with or without changes. Furthermore, please consider whether any other amendments should be made to the PHIPA Regulation. Please be as specific as possible, and provide a full rationale for any suggested changes or additions.

Written comments may be addressed to:

Mr. Evan Mills
Director, Digital Health Program Branch
Ministry of Health
Digital Health Division
1075 Bay Street, 12^th Floor
Toronto ON M5S 2B1
Email: DigitalHealthSecretariat@ontario.ca

The text of the proposed regulation is set out following this notice in English and French. We welcome your input in either English or French. All comments and submissions received during the comment period will be considered during final preparation of the regulation. The content, structure and form of the proposed regulation is subject to change as a result of the consultation process and is in the discretion of the Lieutenant Governor in Council, who has the final decision on the contents of any regulation.

Information respecting PHIPA and the PHIPA Regulation, and electronic copies of this notice, including the text of the proposed regulation, may be accessed through Ontario’s Regulatory Registry web-site at the following address: https://www.ontariocanada.com/registry.

Copies of PHIPA and the PHIPA Regulation are available at www.e-laws.gov.on.ca.

Please note that all materials or comments received from organizations in response to this Notice will be considered public information and may be used and disclosed by the Ministry to assist the Ministry in evaluating and revising the proposed regulation. This may involve disclosing materials or comments, or summaries of them, to other interested parties during and after the request for public comment process. An individual who provides materials or comments and who indicates an affiliation with an organization will be considered to have submitted those comments or materials on behalf of the organization so identified. Materials or comments received from individuals who do not indicate an affiliation with an organization will not be considered public information unless expressly stated otherwise by the individual. However, materials or comments provided by individuals may be used and disclosed by the Ministry to assist in evaluating and revising the proposed regulation. Personal information of those who do not specify an organizational affiliation, such as an individual’s name and contact details, will not be disclosed by the Ministry without the individual’s consent unless required by law. If you have any questions about the collection of this information, you can contact the Freedom of Information and Privacy Coordinator of the Ministry of Health at 416-327-7040.

The Honourable Christine Elliott
Minister of Health

Caution

This consultation draft is intended to facilitate dialogue concerning its contents. Should the decision be made to proceed with the proposal, the comments received during consultation will be considered during the final preparation of the regulation. The content, structure, form and wording of the consultation draft are subject to change as a result of the consultation process and as a result of review, editing and correction by the Office of Legislative Counsel.

consultation draft

ontario regulation

to be made under the

personal health information protection act, 2004

Amending O. Reg. 329/04

(general)

1. Section 26 of Ontario Regulation 329/04 is revoked and the following substituted:

Interoperability specifications, definitions

26. In sections 27 to 34,

    digital health asset

    means a product or service that uses electronic means to collect, use, modify, disclose, retain or dispose of personal health information and that is selected, developed or used by a health information custodian; (actif de soins de santé numérique)

    interoperability specification

    means a business or technical requirement established by the Agency that applies to a digital health asset or to a digital health asset’s interaction with other digital health assets, and that may include, without being limited to, a requirement related to,

    1. the content of data or a common data set for electronic data,
    2. the format or structure of messages exchanged between digital health assets,
    3. the migration, translation or mapping of data from one digital health asset to another,
    4. terminology, including vocabulary, code sets or classification systems, and
    5. privacy or security. (spécification d’interopérabilité)

Agency and specifications

27. 1. The Agency shall, subject to the review and approval of the Minister, establish, maintain and amend interoperability specifications.
    2. The Minister may direct the Agency to establish or amend interoperability specifications, including issuing a direction with respect to,
       1. the subject matter of the interoperability specification to be established;
       2. which health information custodians, or classes of custodians, must select, develop or use digital health assets that comply with the interoperability specification;
       3. the timing within which the specification is required to be established and the timing within which the specification becomes effective so as to require custodians or classes of custodians to comply with the specification; and
       4. the circumstances when a health information custodian may be exempted from the requirement to select, develop or use a digital health asset that complies with a specification
    3. Before issuing a direction under subsection (2), the Minister shall consult with the Agency with respect to the content of the direction and the effect of the direction on the Agency.
    4. If the Minister issues a direction to the Agency under subsection (2), the Agency shall comply with that direction.
    5. Before approving interoperability specifications under subsection (1) that relate to the content of data or a common data set for electronic data or privacy or security, the Minister shall,
       1. submit a draft of the specifications to the Commissioner for the purpose of the Commissioner reviewing and making recommendations on the draft specifications; and
       2. consider the recommendations, if any, made by the Commissioner and amend the specifications if the Minister considers it appropriate to do so.
    6. The Minister shall allow the Commissioner a period of at least 30 days for the purpose of reviewing the draft specifications and providing recommendation under subsection (5), unless the Minister believes that the urgency of the situation requires it, in which case the Minister may abridge the review period for the Commissioner to a period of not less than five business days.

Application of specifications

28. 1. An interoperability specification may be general or specific in its application and may be limited to a custodian’s selection, development or use of particular digital health assets or classes of digital health assets.
    2. The Agency shall ensure that each interoperability specification,
       1. names or describes the health information custodian or class of health information custodians that must select, develop or use the digital health assets that comply with the specification;
       2. describes the types of digital health assets to which it applies;
       3. specifies the date on which the specification becomes effective, and if the specification is amended, specifies the date when an amendment to the specification becomes effective; and
       4. specifies the circumstances, if any, when a health information custodian may be exempted from the requirement to select, develop or use digital health assets that comply with the specification.

Publicly available

29. 1. The Agency shall make the interoperability specifications available to the public by posting them on the Agency’s website or by such other means as the Agency considers advisable.
    2. The Agency shall ensure that the most up-to-date specifications, including any amendments to the specifications, are posted in accordance with subsection (1).

Compliance with specifications

30. 1. A health information custodian shall ensure that every digital health asset that it selects, develops or uses complies with every applicable interoperability specification, as it may be amended from time to time, within the time period set out in the specification.
    2. For greater certainty, compliance with subsection (1) does not relieve a custodian of its obligation to comply with the other provisions of the Act and its regulations.

Certification process

31. 1. The Agency shall establish a process for certifying digital health assets that are compliant with interoperability specifications.
    2. The Agency shall make a list of those digital health assets that have been certified by the Agency and shall make the list available to the public by posting it on the Agency’s website or by such other means as the Agency considers advisable.

Reports

32. 1. Every health information custodian that selects, develops or uses digital health assets shall provide a report to the Agency, upon the request of the Agency, that sets out the custodian’s compliance with the requirement to select, develop or use digital health assets that comply with the applicable specifications.
    2. The custodian shall provide the report to the Agency by the means and in the format determined by the Agency and within the time period set by the Agency.
    3. The report shall not contain personal health information.
    4. Upon receipt of the report, the Agency shall determine, in accordance with the process established under section 33, whether the custodian is in compliance with section 30 and shall advise the custodian of its determination.

Monitoring

33. 1. The Agency shall establish a process for monitoring health information custodians’ compliance with the requirements under section 30.
    2. A health information custodian shall co-operate with and assist the Agency in monitoring its own compliance with the requirements under subsection 30 (1) and, subject to subsection (3), shall provide any information or records to the Agency upon request.
    3. Information and records provided under subsection (2) shall not include personal health information.
    4. If, after reviewing a report provided by a health information custodian under section 32, the Agency has reasonable grounds to believe that the custodian is not in compliance with the requirements under subsection 30 (1), the Agency may consult with the health information custodian and provide advice to the custodian on how compliance may be achieved.

Enforcement

34. For greater certainty, if the Agency has reasonable grounds to believe that a health information custodian has contravened or is about to contravene subsection 30 (1), the Agency may make a complaint to the Commissioner under Part VI of the Act and may provide to the Commissioner any information and records obtained under sections 32 and 33.

Commencement

2. [Commencement]

(153-G165E)

Marriage Act

certificate of permanent registration as a person authorized to solemnize marriage in Ontario have been issued to the following:

May 04, 2020 to May 10, 2020

Re-Registrations

certificate of cancellation of registration as a person authorized to solemnize marriage in Ontario have been issued to the following:

May 04, 2020 to May 10, 2020

Alexandra Schmidt
Deputy Registrar General

(153-G166)