PHIPA DECISION 56

HI16-11

An insurance company

October 10, 2017

Summary: The Office of the Information and Privacy Commissioner of Ontario (the IPC) was advised by representatives of the Ministry of Health and Long-Term Care (the ministry) that individuals’ health numbers (commonly called health card numbers) had been compromised by organized criminal activity. This led to an investigation of the circumstances under which an insurance company collects, uses and discloses health numbers. This decision concludes that the collection, use, and disclosure of health numbers by the insurance company at the time of an emergency medical claim is permitted under section 34 of the Act. The collection and use of health numbers at the time of application for supplementary health insurance plans does not comply with section 34 of the Act but in light of the steps taken by the insurance company to address this contravention of the Act, no review of this matter is warranted.

Statutes Considered: Personal Health Information Protection Act, 2004, s. 2, 4(1)(f), 34, Ontario Regulation 329/04 s. 1(8), 11, 12

BACKGROUND:

[1]  In June 2016, the Office of the Information and Privacy Commissioner of Ontario (the IPC) was advised by representatives of the Ministry of Health and Long-Term Care (the ministry) that individuals’ health numbers (commonly called health card numbers) had been compromised by organized criminal activity. The ministry explained that health numbers were compromised in circumstances involving the filing of fraudulent claims on insurance products offered by an insurance company.

[2]  In making enquiries regarding this matter, the IPC learned that the insurance company was collecting health numbers through its application process for purchasing supplementary health insurance plans. This raised a question about a potential contravention of section 34 of the Personal Health Information Protection Act (the Act), which regulates the collection, use, and disclosure of health numbers.

[3]  After receiving the above information, the IPC opened this file and contacted the insurance company. The insurance company confirmed that it collects and uses health numbers from individuals at the time of application for supplementary health insurance plans. The insurance company explained that supplementary health insurance plans “provide a wide variety of health insurance benefits, including many for which part of the cost is covered by [the Ontario Health Insurance Plan]. Such benefits include, for instance, ambulance services, medical supplies, durable medical equipment, paramedical services, prosthetic appliances, assistive devices and preferred hospital accommodation.” The insurance company asserted that this collection and use of the health numbers was for purposes related to the provision of provincially funded health resources, and therefore was permitted by section 34(2)(a) of the Act.

[4]  The insurance company also indicated that it collects, uses and discloses health numbers where an emergency medical claim is made under a travel insurance plan or an individual health and dental plan that provides for emergency medical travel benefits. The insurance company states that it collects, uses, and discloses health numbers, through its third party administrators, to obtain reimbursement for the portion of an emergency medical claim funded by the Ontario Health Insurance Plan (OHIP) and/or to arrange repatriation of a patient to an Ontario hospital. The insurance company states that health numbers collected at the time of an emergency medical claim are not used or disclosed for any other purposes.

[5]   The IPC raised concerns about whether the collection, use and disclosure of health numbers for health insurance benefits complies with section 34 of the Act. In response, the insurance company has taken a number of steps. As discussed in more detail below, the insurance company has stopped collecting health numbers on application forms, both paper and online. Further, the insurance company has deleted the health numbers previously collected on application forms, except that it retains images of prior application forms (and some paper application forms) to meet record retention requirements.

[6]  In this decision, I conclude that the collection, use, and disclosure of health numbers at the time of an emergency medical claim is permitted by section 34 of the Act. Further, although I conclude that the collection and use of health numbers at the time of application for supplementary health insurance plans does not comply with section 34 of the Act, in light of the steps taken by the insurance company to address this contravention of the Act, no review of this matter is warranted.

DISCUSSION:

[7]  This decision addresses the following issues:

1. Was the collection, use, and disclosure of health numbers by the insurance company in accordance with the Act?
2. Is a review warranted under Part VI of the Act?

Issue 1:   Was the collection, use and disclosure of health numbers by the insurance company in accordance with the Act?

[8]  Broadly speaking, the Act applies to personal health information in the custody or control of health information custodians as that term is defined in section 3 of the Act. However, there are some situations in which the Act applies to non-health information custodians. This case addresses one of those situations.

[9]  The Act contains specific rules relating to the collection, use, and disclosure of health numbers by a person who is neither a health information custodian nor acting as an agent of a health information custodian. A “health number” is a subcategory of “personal health information” [1] and is defined in section 2 of the Act as: “the number, the version code or both of them assigned to an insured person within the meaning of the Health Insurance Act by the General Manager within the meaning of that Act”. The Act also limits when a person (including a health information custodian) may require the production of another person’s health card.

[10]  The rules regulating health numbers and health cards are set out in section 34 of the Act. Section 34(2) permits collection and use of health numbers by a person who is not a health information custodian for purposes related to the provision of provincially funded health resources:

Health cards and health numbers

34(1) In this section,

“provincially funded health resource” means a service, thing, subsidy or other benefit funded, in whole or in part, directly or indirectly by the Government of Ontario, if it is health related or prescribed.

Collection or use

(2) Despite subsection 49 (1), a person who is neither a health information

custodian nor acting as an agent of a health information custodian shall not collect or use another person’s health number except,

(a) for purposes related to the provision of provincially funded health resources to that other person;

[11]  Section 34(3) contains a prohibition against disclosure of a health number by a non-health information custodian:

Disclosure

(3) Despite subsection 49 (1) and subject to the exceptions and additional requirements, if any, that are prescribed, a person who is neither a health information custodian nor acting as an agent of a health information custodian shall not disclose a health number except as required by law.

[12]  Ontario Regulation 329/04 provides, as an exception to the non-disclosure rule in section 34(3), that a person who is not a health information custodian may disclose a health number for a purpose related to the provision of provincially funded health resources: section 12.1.

Representations

[13]  In this file, the insurance company takes the position that it collects, uses, and discloses health numbers for purposes related to the provision of provincially funded health resources.

[14]  In relation to supplementary health insurance plans, the insurance company initially submitted that it collects health numbers in order to co-ordinate payments with the provincial health plan:

Where the number is collected at the time of application, it is used for the purpose of facilitating the co-ordination of payments with the provincial health plan, as we are normally second payor in relation to such plans. …

...

Section 34(1) defines a "provincially funded health resource" as "a service, thing, subsidy or other benefit funded, in whole or in part, directly or indirectly by the Government of Ontario, if it is health related or prescribed."

While the Government of Ontario may be funding part of a given health resource, [the insurance company], through the providing of health insurance coverage, supplements the portion of the health resource not funded by the Government of Ontario. In doing so, [the insurance company] collects and uses the Ontario health number "for purposes related to the provision of provincially funded health resources" in accordance with section 34(2)(a). …

[15]  After receiving this submission, the IPC sought clarification from the insurance company and asked:

With respect to each benefit you have identified above (i.e. ambulance services, medical supplies, durable medical equipment, paramedical services, prosthetic appliances, assistive devices, preferred hospital accommodation and prescription drug fees) and any additional benefits covered by supplementary health insurance plans offered by [the insurance company], please:

i. Explain, with specific examples, how the Ontario Health Number is used and/or disclosed to facilitate the coordination of payments with the "provincial health plan."

…

[16]  The insurance company responded:

i. We do not require Ontario health numbers to co-ordinate supplementary health insurance plan payments. However, with respect to [ambulance services, medical supplies, durable medical equipment, paramedical services, prosthetic appliances, assistive devices, preferred hospital accommodation and prescription drug fees], other than paramedical services and prescription drugs, in certain cases we require confirmation that [the Ontario Health Insurance Plan] has paid its portion before we pay the balance to the insured, subject to the policy limits. An example of where we would pay the portion is under the Assistive Devices Program, which includes a wide variety of benefits such as durable medical equipment, hearing aids and prosthetic appliances. For greater clarity, coordination depends on the government funding. In addition, the adjudication practices are different per benefit.

When we referenced paramedical services and prescription drugs in our initial response to question #3 of the IPC Letter, we were referring to examples of benefits that are generally covered under our health and dental plans.

…

We believe that any collection, use and disclosure of Ontario health numbers in relation to supplementary health insurance plans complies with section 34(2) of the Act as such collection, use and disclosure has been carried out "for purposes related to the provision of provincially funded health resources" as permitted in subsection (a).

[17]  The insurance company also advised the IPC that it collected the health number at the time of application for supplementary health insurance plans in order “to ensure that an individual has provincial healthcare coverage” and further that it does not collect the health number at the time a claim is made for a supplementary health insurance benefit. The insurance company further advised the IPC that health numbers have “also been used at the time of application to validate duplicate provincial health numbers and to ensure the applicant did not have prior coverage with [the insurance company] in the past 24 months.”

[18]  In relation to emergency medical travel claims, over the course of several rounds of questions by the IPC, the insurance company submitted, in part, as follows:

Where the number is collected at the time of claim, it is used for co-ordinating and administering travel insurance benefit claims. For example, where an insured is being repatriated from another country (often by air ambulance) and arrangements first need to be made to have a bed ready for the insured in an Ontario hospital, the receiving hospital will not accept the insured without first having the insured's Ontario health number.

…

In terms of coordinating and administering travel insurance benefit claims, the Ontario health number is only collected where there is an emergency medical claim under a travel insurance plan or an individual health and dental plan that provides for an emergency medical travel benefit.

[The insurance company] is secondary payor, which means that it will pay any excess portion that OHIP does not cover. In the case of a bed-to-bed repatriation, [the insurance company] must collect, use and disclose the Ontario health number at the time of claim to pay the claim and recover the excess portion from OHIP directly.

…

…[The insurance company], through its third party administrator, collects the Ontario health number at the time of claim and discloses it to the Ministry to obtain reimbursement for the portion of the claim that OHIP would fund and/or to an Ontario hospital to arrange for repatriation of beds.

The OHIP numbers collected in relation to emergency medical claims are not used or disclosed for any other purposes.

[19]  The insurance company provided the IPC with copies of its agreements with its third party administrators, and between the third party administrators and the ministry.

Analysis

[20]  In this decision, I first consider whether the collection and use of health numbers by the insurance company at the time of application for supplementary health insurance plans was done “for purposes related to the provision of provincially funded health resources” in accordance with section 34(2)(a) of the Act. In this case, the insurance company claims that, by supplementing a portion of the cost of provincially funded health resources, its activities are “related to the provision of provincially funded health resources”.

[21]  In interpreting section 34(2)(a) of the Act, I will apply the modern approach to statutory interpretation as articulated by Ruth Sullivan in Sullivan on the Construction of Statutes, [2] and adopted by the Supreme Court of Canada in Re Rizzo & Rizzo Shoes Limited, [3] which provides:

Today there is only one principle or approach, namely, the words of an Act are to be read in their entire context, in their grammatical and ordinary sense harmoniously with the scheme of the Act, the object of the Act, and the intention of Parliament.

[22]  The words of section 34(2)(a), in their grammatical and ordinary sense, are capable of two different interpretations. On the one hand, the phrase “related to the provision of provincially funded health resources” could apply even where the purpose of the collection or use of the health number has no relationship to the “provision” of funds by the province. In this interpretation, the collection or use of the health number need only be “related to” a resource that is, in whole or in part, funded by the province, and need not be collected or used for the purpose of seeking that funding or obtaining that resource. Under this interpretation, the actions of the insurance company with respect to supplementary health insurance plans in this case would be permitted. The health number is collected and used for the purpose of a benefit that is funded, in part, by both the province and the insurance company, even though the health number is only collected and used for the purposes of the funding provided by the insurance company.

[23]  On the other hand, the phrase “the provision of provincially funded health resources” in section 34(2)(a) could be interpreted to apply only where the purpose of the collection or use relates to the provision of government funds for the health resource. Under this interpretation, the number would have to be collected or used for the purposes of obtaining funding from the provincial government for a health resource, or for directly obtaining that health resource (such as where a health number is collected by a school board so that it can be provided to a hospital if, and when, a student on a field trip requires health care).

[24]  With these two interpretations in mind, I turn to the scheme of the Act, the object of the Act, and the intention of Parliament. One of the stated purposes in section 1 of the Act is “to establish rules for the collection, use and disclosure of personal health information about individuals that protect the confidentiality of that information and the privacy of individuals with respect to that information, while facilitating the effective provision of health care”. In considering the meaning to be given to section 34(2)(a), I should seek the interpretation that best advances that purpose.

[25]  There is no suggestion that the health number, in the hands of the insurance company, facilitates the effective provision of health care in relation to supplementary health insurance plans. The collection, use, and disclosure of health numbers creates significant privacy concerns. Even more than a name and date of birth (which may be common to several individuals in Ontario), a health number relates uniquely to one individual and could be used to link disparate pieces of information about an individual to create a comprehensive picture of an individual’s health status. [4] Section 34 of the Act plainly attempts to address a concern that health numbers and health cards could become ubiquitous identifiers by being collected, used, disclosed and produced outside of the context in which they are assigned to an insured person, namely, the provincial funding of health resources.

[26]  Having regard to the above, I find the proper interpretation of section 34(2)(a) is that a collection or use of a health number will only be “related to the provision of provincially funded health resources” where the health number is collected or used for the purposes of the provincial funding of health resources, or directly obtaining those health resources. In this case, there is no suggestion that the health number, in relation to supplementary health insurance benefits, is collected or used, in any way, in relation to the portion of the health resource that is funded by the province.

[27]  I note that the insurance company’s original submission was that “[w]here the number is collected at the time of application, it is used for the purpose of facilitating the co-ordination of payments with the provincial health plan, as we are normally second payor in relation to such plans.” However, when asked to explain how the health number is used to facilitate the coordination of payments with the provincial health plan, the insurance company appeared to withdraw this statement, indicating “[w]e do not require Ontario health numbers to co-ordinate supplementary health insurance plan payments.”

[28]  The insurance company also stated that “we require confirmation that OHIP has paid its portion before we pay the balance to the insured” and further that the health number has been used to validate duplicate provincial health numbers [5] and ensure the applicant did not have prior coverage with the insurance company in the past 24 months. Based on this submission, it is clear that this collection and use of the health number does not relate to provincial funding of the health resource, but relates to the portion of the health resource paid for by the individual (and their insurer). This falls squarely outside of the proper interpretation of section 34(2)(a).

[29]  In any event, the insurance company provided no explanation for how the collection of the health number relates to whether OHIP has paid “its portion”. There is no evidence to suggest that an individual’s health number would assist with proving that OHIP paid its portion of any claim. Further, the insurance company states that it does not collect health numbers at the time a supplementary health insurance claim is made (rather it collects health numbers at the time of application). In short, the evidence suggests that, even where an individual has received a provincially funded health resource, and is attempting to claim a portion of the expense of that resource from the insurance company, the individual would not need to submit their health number. This suggests that the collection and use of health numbers does not provide evidence that OHIP has paid its portion of a claim (because the health number is apparently not collected as part of proving that OHIP has paid “its portion”).

[30]  At best, a valid health number could be evidence that an individual is insured under OHIP, and therefore eligible to receive OHIP benefits. In other portions of its submissions, the insurance company states that this is a purpose of the collection of the health number. However, there is no evidence that the insurance company validates the number that is provided by communicating with the provincial government to ensure an applicant is covered under OHIP. Further, the insurance company states it has developed an alternate method to confirm an individual has provincial health coverage: a simple 'yes' or 'no' answer.

[31]  Even if I were to accept that health numbers were collected by the insurance company at the time of application for the purpose of confirming that an individual has provincial health coverage, this still does not comply with section 34(2)(a) of the Act. In light of my interpretation of section 34(2)(a), above, the purpose of this collection requires some connection to the provision of provincial funds for the health resource. There is no evidence that the collection and use of the health number at the time of application relates to this purpose. Rather, the evidence suggests that the collection and use of health numbers relates solely to the portion of the health resource funded by the insurance company.

[32]  For the foregoing reasons, I find that the collection and use of the health number on application forms for supplementary health insurance plans by the insurance company contravenes section 34(2)(a) of the Act.

[33]  However, the above conclusion does not apply to the collection of health numbers at the time of claim in relation to emergency medical travel claims, and their use and disclosure to obtain reimbursement for the portion of the claim that OHIP funds and/or to arrange for a patient to be repatriated to an Ontario hospital. The insurance company states that this collection and use complies with section 34(2)(a) of the Act, and the disclosure complies with paragraph 1 of section 12 of Ontario Regulation 329/04, quoted above.

[34]  As discussed above, it is my view that a collection or use of a health number will only be “related to the provision of provincially funded health resources” under 34(2)(a) where the health number is collected or used for the purposes of the provincial funding of health resources, or directly obtaining those health resources. I reach the same conclusion with respect to a disclosure under paragraph 1 of section 12 of Ontario Regulation 329/04.

[35]  The insurance company has indicated that health numbers are collected, used, and disclosed in relation to emergency medical travel claims for the purposes of obtaining provincial funds from OHIP and/or for the purposes of arranging a bed-to-bed repatriation of an insured patient to an Ontario hospital. In the case of obtaining provincial funds, the insurance company has explained that its third party administrators would have already paid the claim and would be collecting from OHIP the portion of that claim that is OHIP funded. In the case of bed to bed repatriations, the insurance company explained that an insured person would be transported, often by air ambulance, back to Ontario and that arrangements would need to be made to have a bed ready at an Ontario hospital. These collections, uses, and disclosures are plainly done for the purposes of the provincial funding of the health resource, or for directly obtaining that resource.

Issue 2:   Is a review warranted under Part VI of PHIPA? 

[36]  Even though I have found that the insurance company’s collection and use of health numbers at the time of application for supplementary health insurance plans does not comply with section 34 of the Act, I must still decide whether a review of this matter is warranted.

[37]  As noted above, in response to inquiries during the investigation by the IPC, the insurance company has taken significant steps to address this contravention of the Act. The insurance company has discontinued the collection of health numbers on both paper and electronic applications, and has deleted all health numbers from its administrative system.

[38]  The insurance company has advised, however, that it does keep images of prior versions of application forms containing health numbers for record retention purposes because these application forms are the official record of purchase for the insurance product. The insurance company also advised that original application forms are securely destroyed once imaged and that these images are retained in an electronic imaging database and on microfiche. The insurance company also stated that there are some instances where paper applications are retained in a secure storage facility, also for records retention purposes. The insurance company has stated that both the images of prior application forms, and the paper forms themselves, will be destroyed after the expiry of the 15-year record retention period.

[39]  While I do not agree that the insurance company had the authority to collect and use health numbers at the time of application for supplementary health insurance plans, I conclude that a review of this matter is not warranted. The insurance company has discontinued this practice and has deleted or destroyed the health numbers collected on application forms, except to the extent they are contained on images or original application forms retained for records retention purposes. In light of the steps taken by the insurance company to address this breach of the Act going forward, I conclude that a review is not warranted.

DECISION:

Section 58(1) of the Act states the following:

Commissioner’s self-initiated review

58 (1) The Commissioner may, on his or her own initiative, conduct a review of any matter if the Commissioner has reasonable grounds to believe that a person has contravened or is about to contravene a provision of this Act or its regulations and that the subject-matter of the review relates to the contravention

[40]  For the foregoing reasons, no review will be conducted pursuant to Part VI of the Act.

Original Signed by:		October 10, 2017
Alanna Maloney
Investigator