Understanding Trustees/Custodians in Ocean

Summary

When sending a referral to an entity not recognized as a Trustee/Custodian, providers must obtain explicit consent from the patient and minimize the PHI disclosed. This ensures compliance with regional regulations and upholds best practices in patient data protection.

Ocean incorporates the crucial concept of Trustees/Custodians within the Ocean Provider Network. It is essential for healthcare providers to identify whether a referral site qualifies as a Trustee/Custodian of Health Information before sharing any Personal Health Information (PHI). This is especially true in Ontario, where healthcare providers are required to follow specific legislation.

Who is a Health Information Trustee/Custodian?

According to Canada Health Infoway, the term Trustee/Custodian is defined as "an individual or an organization who has custody and control of health records, and is accountable for the protection of PHI." The usage of terms 'Trustee' and ‘Custodian’ may vary by region; however, both terms describe entities with significant responsibilities over PHI.

Legislation and Regional Variations

In Ontario, the Personal Health Information Protection Act (PHIPA) identifies a Health Information Custodian (HIC) as responsible for collecting, using, and disclosing PHI. While this legislative framework is specific to Ontario, the principles of managing PHI responsibly are best practices that apply broadly, ensuring patient privacy and data protection.

Ocean Platform Implementation

Within the Ocean Platform, every clinic or provider that receives eRequests (e.g., eReferrals and eConsults) through the Ocean Healthmap is required to declare if they are a Trustee/Custodian during their Ocean Site configuration. If a healthcare provider does not identify themselves as a Trustee/Custodian, an orange notice will appear on their Directory Listing to alert referring providers of this status, ensuring transparency and compliance in the handling of PHI.

Examples of Health Information Trustees/Custodians

  • Healthcare practitioners and clinics
  • Hospitals and psychiatric facilities
  • Long-term care homes and pharmacies
  • Community care access corporations
  • Laboratories and ambulance services
  • Public health officials and certain governmental bodies

Who is Not a Health Information Trustee/Custodian?

Not all individuals or organizations fall under the category of Trustee/Custodian. Examples of such exceptions include:

  • Faith healers or traditional aboriginal healers
  • Agents or employees of a health information custodian, where the agent does not provide healthcare
  • Providers of non-health related services like fitness or weight management

Conclusion

When sending a referral to an entity not recognized as a Trustee/Custodian, providers should obtain explicit consent from the patient and minimize the PHI disclosed. This ensures compliance with regional regulations and upholds best practices in patient data protection.

Note: This document offers general information and should not be taken as legal advice. Further details are available in the documentation provided by the Information Privacy Commissioner of Ontario (Frequently Asked Questions - Personal Health Information Protection Act) and Canada Health Infoway (Frequently Asked Questions about Personal Health Information and Health Records from Canada Health Infoway).

Have more questions? Submit a request