This blog is for those who own a healthcare mobile app or plan to build one but have doubts regarding PHIPA compliance. <\/p>\n\n\n\n
You can expect to learn more about PHIPA rules and regulations which may apply to your healthcare app. <\/p>\n\n\n\n
And if you still cannot figure it out, you can hire our PHIPA compliance experts who have been dealing with healthcare compliance for more than 7 years. <\/p>\n\n\n\n
So, let\u2019s start. <\/p>\n\n\n\n
1) Does PHIPA apply to my healthcare mobile app?<\/span>\u00a0<\/strong><\/p>\n\n\n\n PHIPA is the dedicated healthcare-specific privacy law imposed by the Ontario provincial government. <\/p>\n\n\n\n So, it does apply to your healthcare mobile app in major two conditions. <\/p>\n\n\n\n 2) How does PHIPA affect my healthcare mobile app?<\/span>\u00a0<\/strong><\/p>\n\n\n\n Well, the motive of PHIPA is to establish rules and regulations for the collection, use and disclosure of personal information of patients. <\/p>\n\n\n\n It sets out the rules which define in which conditions you can save, use and share patient data and which are the privacy measures you must put in place to ensure data privacy and security. <\/p>\n\n\n\n So, if you follow all the regulations of PHIPA, you end up making your healthcare mobile app most private and secure. <\/p>\n\n\n\n But if you practice non-compliance, you would become liable for a hefty fine by the privacy commissioner. <\/p>\n\n\n\n 3) What rights do my app users have under PHIPA?<\/span>\u00a0<\/strong><\/p>\n\n\n\n 4) Which types of patient data my app must handle with regard to the PHIPA act?<\/span>\u00a0<\/strong><\/p>\n\n\n\n PHIPA clearly states that any \u2018identifying information\u2019 about an individual is protected under the act. This identifying information includes, <\/p>\n\n\n\n 5) How long does my healthcare app need to keep personal data of patients?\u00a0<\/span><\/strong><\/p>\n\n\n\n PHIPA requires you to keep patient data in such a manner that you are able to provide data back to the patients if they ask for it – anytime. <\/p>\n\n\n\n However, PHIPA does not include any specific years for how long you must keep patient data. Thus, you must refer to your governing legislation to know applicable record retention requirements. <\/p>\n\n\n\n 6) What do I have to keep in mind if I need to collect, use and share the data of my users?<\/span>\u00a0<\/strong><\/p>\n\n\n\n Well, you can surely store, use and share the personal data of your users – but under some conditions. <\/p>\n\n\n\n The most important condition is you must obtain the consent of users before handling their data. <\/p>\n\n\n\n PHIPA also defines 4 major characteristics of consent. <\/p>\n\n\n\n 7) How must my healthcare app use the personal healthcare data of patients?\u00a0<\/span><\/strong><\/p>\n\n\n\n Your healthcare app must address these 3 conditions to use data legally. <\/p>\n\n\n\n 8) Do I need to save, use and share patient data only in Ontario or Canada?<\/span>\u00a0<\/strong><\/p>\n\n\n\n No, PHIPA does not make it mandatory to save, use and share patient data only in Ontario or Canada. <\/p>\n\n\n\n You can store, use and share it even outside of Ontario and Canada. But you must ensure there are administrative and technical safeguards in place – wherever patient data is stored. <\/p>\n\n\n\n 9) Is PIA (Privacy Impact Assessment) mandatory under PHIPA?<\/span> <\/strong>\u00a0<\/p>\n\n\n\n PIA reveals all privacy vulnerabilities an entire organization has. Under HIA (Health Information Act of Alberta), it is mandatory. <\/p>\n\n\n\n But talking about PHIPA, PIA is not mandatory. However, we would suggest you carry out PIA to eliminate the last-possible privacy vulnerability out of your entire organization. <\/p>\n\n\n\n 10) What if I don\u2019t build a PHIPA-compliant healthcare app in Ontario?<\/span>\u00a0<\/strong><\/p>\n\n\n\n If you commit an offence under PHIPA, you as an organization or startup can be liable for a fine of up to $250,000. <\/p>\n\n\n\n And in some cases, you may be subject to a civil suit for damages for breach of privacy.<\/p>\n\n\n\n \u201cHealthcare compliance isn\u2019t a choice. IT IS THE ONLY CHOICE! Because Canadians are serious about data privacy and security. And the government is even more.\u201d\u00a0<\/em><\/p>\n\n\n\n So, for your understanding of how we help you be compliant with applicable healthcare privacy laws (HIPAA, PHIPA, PIPEDA, HIA or anything), let us share two real case studies. <\/p>\n\n\n\n Case study 1: <\/strong>How we made a healthcare app compliant with HIPAA?<\/u><\/span><\/strong><\/a> <\/strong><\/p>\n\n\n\nOne lesson we\u2019ve learned in our 7+ years of practice as PHIPA experts in Ontario <\/strong><\/h2>\n\n\n\n