PHIPA DECISION 118

Complaint HC17-86

Women's College Hospital

April 20, 2020

Summary: This complaint arises from an allegation that the hospital routinely includes an excessive amount of patient personal health information on its electronically generated prescriptions. In this decision, the adjudicator finds that the hospital’s release of patient personal health information to a pharmacy, through a hospital-issued prescription, is an authorized disclosure of that information under the Personal Health Information Protection Act, 2004  (PHIPA ), made on the basis of a patient’s assumed implied consent. She also finds that the disclosure of the patient information at issue is reasonably necessary for the purpose of the disclosure, and complies with PHIPA . She therefore dismisses the complaint.

Statutes Considered: Personal Health Information Protection Act, 2004 , SO 2004, c 3, Sch A  (as amended), sections 2 (definitions), 18, 19, 20(2) and (3), and 30; General, O Reg 329/04, section 1(3); Narcotics Safety and Awareness Act, 2010 , SO 2010, c 22 ; General, O Reg 381/11.

OVERVIEW:

[1]  This complaint concerns the amount of personal health information appearing on electronically generated prescriptions issued by Women’s College Hospital (the hospital). Specifically, the complainant alleges that the inclusion of excessive personal health information on hospital-issued prescriptions violates the privacy of patients, who ought to be able to decide how much of their information to give to the pharmacies where they fill their prescriptions. The complainant identified particular concerns with the inclusion on her prescriptions of her Ontario Health Insurance Plan (OHIP) number and her Medical Record Number (MRN), a number assigned by the hospital. The complainant explained that, in her case, the OHIP number is not necessary on her prescriptions because she pays for her prescriptions herself, and the prescriptions are not for controlled substances.

[2]  The complainant did not wish to identify herself to the hospital, so the hospital was unable to address the particular data elements that appear on a given prescription issued for the complainant. However, the hospital did not object to responding to this matter as a complaint about its standard practices, and did not suggest at any time that it was unable to fully respond to the issues because of its not knowing the identity of the complainant. To address the complaint, the hospital provided general information about its process for issuing prescriptions, the vast majority of which are generated through the hospital’s electronic patient records system (with the remainder generated in hard copy). The prescription information at issue in this complaint is that which appears on electronically generated prescriptions. The hospital also provided information about the standard types of patient information that appear on these prescriptions, and certain steps that it has taken to address some of the general concerns raised by the complainant, which I will discuss in detail below.

[3]  As the matter could not be resolved through mediation, it was transferred to the adjudication stage of the complaint process, where I decided to conduct a review under the Personal Health Information Protection Act, 2004 (PHIPA). During my review, I sought and received representations on the issues from the hospital and from the complainant. I also received submissions from a number of organizations that represent parties whose interests could be affected by the subject-matter of the complaint. They include: the Canadian Medical Protective Association; the Ontario Pharmacists Association; the Canadian Society of Hospital Pharmacists (Ontario Branch); the Institute for Safe Medication Practices Canada; the Canadian Patient Safety Institute; and the Healthcare Insurance Reciprocal of Canada. The complainant was given an opportunity to address the submissions made by these organizations, and she did.

[4]  In this decision, I conclude that the hospital’s release of patient personal health information to a pharmacy through a hospital-issued prescription is an authorized disclosure of that information, made on the basis of a patient’s assumed implied consent, and that the disclosure in that context of the particular personal health information at issue complies with PHIPA . I am also satisfied that the hospital has in place a process to address a patient’s withholding or withdrawal of consent in respect of the disclosure of her personal health information through a hospital-issued prescription. The hospital has agreed to standardize this process and put it in writing. I dismiss the complaint without issuing any order.

DISCUSSION:

[5]  There is no dispute in this complaint that the operator of the hospital is a “health information custodian” within the meaning of PHIPA  [paragraph 4.i of section 3(1)]. The operator of a pharmacy is also a “health information custodian” [paragraph 4.iii of section 3(1) of PHIPA ].

[6]  The hospital and any pharmacy that receives a hospital-issued prescription must comply with PHIPA ’s rules governing the collection, use and disclosure of “personal health information.” There is no dispute that the patient information appearing on a hospital- issued prescription is “personal health information” as that term is defined at section 4 of PHIPA . I will begin by describing the particular elements of patient personal health information that appear in the electronically generated prescriptions at the centre of the complaint, before setting out my conclusions on the issues raised by the complainant.

Background

[7]  Hospital prescriptions are issued by certain regulated health professionals, such as physicians and nurse practitioners. Although they can be issued in hard copy, the hospital reports that the vast majority of prescriptions are generated using the hospital’s electronic patient records system. The hospital explains that there are two types of electronically generated prescriptions: those generated in its ambulatory electronic patient record (aEPR), and those generated in its Family Practice electronic medical record (EMR).

[8]  As part of its response to this complaint, the hospital considered whether it could remove some of the data elements appearing on its electronically generated prescriptions. The hospital concluded that it could remove a patient’s Medical Record Number (MRN), as well as the patient’s OHIP number, except where the hospital is required to include the OHIP number for certain types of prescriptions (as described in more detail later in this decision). The hospital also decided to remove the patient’s “sex” data element from its aEPR prescriptions. (I explain below the hospital’s rationale for the different treatment of this data element in its Family Practice EMR prescriptions.) As a result of these developments, the following patient information currently appears on the two different types of electronically generated prescriptions:

• Patient first and last name;
• Address;
• Telephone number;
• Date of birth;
• OHIP number (only for prescriptions for controlled substances—e.g., narcotics, benzodiazepines); and
• Sex (as an element on Family Practice EMR prescriptions only).

[9]  During the course of the review, the hospital provided explanations for the necessity of including each of these data elements in its electronically generated prescriptions. I also received from the additional organizations named above their representations in support of the hospital’s inclusion of certain data elements on its prescriptions. At my request, the hospital also provided representations addressing other matters that I had set out in a Notice of Review, including, namely, the issue of whether the hospital’s transmission of patient information to a pharmacy, in the form of a hospital- issued prescription, complies with PHIPA . The complainant also addressed these issues, and the representations from the hospital and the additional organizations, in her responding representations. I have considered all the parties’ representations in arriving at my findings, below.

[10]  For the reasons that follow, I find that the transmission of patient personal health information on a hospital prescription is a “disclosure” within the meaning of PHIPA , and that this disclosure is authorized to be made on the basis of the patient’s assumed implied consent. I also find that the hospital’s disclosure of the particular elements of patient information that appear on a standard electronically generated hospital prescription complies with PHIPA . I dismiss the complaint.

Findings

The transmission of prescription information from the hospital to a pharmacy is a “disclosure” within the meaning of PHIPA

[11]  The hospital observes that once a prescription is generated at the hospital and is signed by the prescribing health professional, it is given directly to the patient, who might never deliver the prescription to a pharmacy. On that basis, the hospital initially disputed my preliminary assessment that this complaint concerns transactions that qualify as “disclosures” of personal health information within the meaning of PHIPA .

[12]  The term “disclosure” is defined at section 2 of PHIPA  as follows:

“disclose”, in relation to personal health information in the custody or under the control of a health information custodian or a person, means to make the information available or to release it to another health information custodian or to another person, but does not include to use the information, and “disclosure” has a corresponding meaning[.]

[13]  This definition is broad, and includes the making available or the release of personal health information by a health information custodian to another health information custodian or to another person. I observe, however, that by virtue of an exception to the definition, the act of giving a patient a prescription containing her own personal health information would generally not appear to be a “disclosure” of that information by the hospital to the patient. [1]

[14]  In this case, it is clear that the complainant’s concerns do not have to do with the hospital’s providing the complainant with a prescription containing her own personal health information that she never delivers to a pharmacy. Instead, she is concerned about the transmission of an excessive amount of her personal health information, in the form of the data elements appearing on her hospital-issued prescription, to any pharmacy to which she must deliver the prescription in order to fill it. I am satisfied that the release of patient information from the hospital to the pharmacy in this context qualifies as a “disclosure” within the meaning of PHIPA . This is the case whether the personal health information is transmitted directly from the hospital to the pharmacy (as in the case of a hospital’s faxing a prescription to a pharmacy), or indirectly (as in the case of a hospital’s providing a prescription to a patient to carry into a pharmacy). There is no dispute here that the prescription is generated by the hospital using personal health information that is in its custody or under its control, and that the prescription must be made available to or released to a pharmacy in order to fulfill the purpose of the prescription.

[15]  I find, therefore, that PHIPA  applies to the disclosure of patient personal health information from the hospital to a pharmacy that occurs when a patient prescription is provided to the pharmacy. Under the next headings, I consider whether these disclosures comply with PHIPA .

The hospital’s disclosure of personal health information to a pharmacy in the form of a prescription is authorized to be made on the basis of assumed implied consent

[16]  Under PHIPA, disclosures of personal health information can occur only with the consent of the individual to whom the information belongs, unless the disclosures are permitted or required to be made without consent under PHIPA  (section 29). There is no claim in this case that the transmission of a patient prescription from a hospital to a pharmacy, in order to fill the prescription, would be a disclosure made without the consent of the patient. I find that, generally speaking, such transactions are authorized to be made on the basis of patient consent.

[17]  Section 18 of PHIPA  sets out the requirements for a valid consent. Among other requirements, the consent of the individual must be knowledgeable, and must relate to the information at issue [section 18(1)]. Consent is knowledgeable if it is reasonable in the circumstances to believe that the individual knows the purpose of the given collection, use or disclosure, and that she may give or withhold consent [section 18(5)]. Custodians are entitled to assume the validity of consent, and that the individual has not withdrawn consent, unless it is not reasonable to do so [section 20(1)].

[18]  A consent to the disclosure of one’s personal health information may be express or implied, except in certain circumstances where PHIPA  requires express consent [sections 18(2) and 18(3)]. Most relevant to this complaint, PHIPA  permits specified health information custodians to assume an individual’s implied consent to disclose personal health information to another health information custodian for the purposes of providing health care or assisting in providing health care to the individual, where certain conditions are met [sections 18(3) and 20(2)]. [2] Although not a defined term in PHIPA , the phrase “circle of care” has been used to describe the conditions under which PHIPA  permits these specified health information custodians to assume an individual’s implied consent. [3] Section 20(2) states:

A health information custodian described in paragraph 1, 2 or 4 of the definition of “health information custodian” in subsection 3 (1), that receives personal health information about an individual from the individual, the individual’s substitute decision-maker or another health information custodian for the purpose of providing health care or assisting in the provision of health care to the individual, is entitled to assume that it has the individual’s implied consent to collect, use or disclose the information for the purposes of providing health care or assisting in providing health care to the individual, unless the custodian that receives the information is aware that the individual has expressly withheld or withdrawn the consent. [4]

[19]  In order for a health information custodian to rely on assumed implied consent to collect, use or disclose personal health information, the following conditions must be met:

• the health information custodian must fall within a particular category of health information custodian; and
• the health information custodian must receive the personal health information from the individual to whom the information relates, or that individual’s substitute decision-maker or another health information custodian; and
• the health information custodian must receive that information for the purpose of providing health care or assisting in the provision of health care to the individual; and

• the purpose of the health information custodian’s collection, use or disclosure of that information must be for the purposes of providing health care or assisting in providing health care to the individual; and
• in the case of a disclosure, the disclosure of personal health information by the health information custodian must be to another health information custodian [section 18(3)]; and
• the health information custodian that receives the information must not be aware that the individual to whom the personal health information relates has expressly withheld or withdrawn the consent.

[20]  I am satisfied that, in the usual case, the disclosure of patient personal health information from the hospital to a pharmacy, in the form of a patient prescription, meets the conditions for assuming the patient’s implied consent to that disclosure. [5] The hospital is a health information custodian of the type entitled to rely on section 20(2). In the usual case, the hospital receives the information that it discloses on a prescription directly from the patient (or from another authorized source), and it receives and discloses that information in order to provide the individual with “health care” as that term is defined in PHIPA  (section 2), including in order to diagnose and to treat a patient. The disclosure is made to a pharmacy, which is also a health information custodian. Finally, I am satisfied that, in the usual course, the hospital will not be aware of a patient’s express withholding or withdrawal of consent to this disclosure of her information. I accept, for example, that in a typical transaction, a prescriber who hands the patient a hospital prescription will not have any reason to believe that the patient objects to the inclusion of any particular data element appearing on the prescription. (I discuss immediately below the limitations on assumed implied consent in that event.)

[21]  In these circumstances, the hospital is entitled to assume a patient’s implied consent to the disclosure of her personal health information to a pharmacy in the form of a prescription. I find, therefore, that in the usual course, this disclosure is authorized to be made on the basis of a patient’s assumed implied consent.

[22]  Of course, there may be specific circumstances in which the hospital cannot rely on a patient’s assumed implied consent for this disclosure. One such circumstance would be where the hospital is aware that a patient has expressly withheld or withdrawn her consent to this disclosure. As noted above, however, the complainant in this case has not provided details of any specific instance in which she made the hospital aware of her express refusal of consent and the hospital nonetheless disclosed her information (on the basis of assumed implied consent), or where the disclosure of her information was unauthorized for other reasons.

[23]  I acknowledge that the complainant states in her representations that no one involved at any level of her health care has ever discussed with her the concept of implied consent. It may be possible to construe this statement as an allegation that the hospital never obtained her valid consent to the disclosure of her information. She might be alleging, for example, that the hospital relied on a consent that was not a “knowledgeable” consent within the meaning of PHIPA . Even if I were to interpret her statement in this way, I have insufficient evidence before me to find any particular instance of unauthorized disclosure on the part of the hospital. Among other reasons, I accept the hospital’s evidence that it has made publicly available a privacy policy that identifies some common uses and disclosures of patient information (including disclosures to provide patients with health care and assistance outside the hospital), and that this policy advises patients of the option of implementing a withdrawal of consent for some uses and disclosures of their information. I note, moreover, that health information custodians (like the hospital) that fulfil the conditions of section 20(2) are entitled to assume the patient’s knowledgeable consent, unless they are aware that the patient has expressly withheld or withdrawn that consent. Again, there is no evidence here that the hospital was aware of any express refusal of consent by the complainant.

[24]  Instead, this complaint is a more general complaint about the hospital’s standard practice of disclosing certain patient personal health information on an electronically generated prescription that is given to a pharmacy in order to be filled. For the reasons given above, I find that these disclosures are generally authorized to be made on the basis of the patient’s assumed implied consent. Later in this decision, I will address the aspect of the complaint alleging that these prescriptions contain an excessive amount of a patient’s personal health information. First, I will briefly discuss the limitations imposed by PHIPA  in the event a patient expressly refuses consent to this disclosure.

Limitation on assumed implied consent [sections 19, 20(2) and 20(3)]

[25]  Section 19 of PHIPA  provides that an individual may withdraw her consent to the collection, use, or disclosure of her personal health information in certain circumstances:

(1) If an individual consents to have a health information custodian collect, use or disclose personal health information about the individual, the individual may withdraw the consent, whether the consent is express or implied, by providing notice to the health information custodian, but the withdrawal of the consent shall not have retroactive effect.

(2) If an individual places a condition on his or her consent to have a health information custodian collect, use or disclose personal health information about the individual, the condition is not effective to the extent that it purports to prohibit or restrict any recording of personal health information by a health information custodian that is required by law or by established standards of professional practice or institutional practice.

[26]  Where a patient’s refusal of consent limits the amount of personal health information that a custodian can disclose for health care purposes on the basis of assumed implied consent, section 20(3) sets out an obligation to notify on the part of the disclosing custodian:

If a health information custodian discloses, with the consent of an individual, personal health information about the individual to a health information custodian described in paragraph 1, 2 or 4 of the definition of “health information custodian” in subsection 3 (1) for the purpose of the provision of health care to the individual and if the disclosing custodian does not have the consent of the individual to disclose all the personal health information about the individual that it considers reasonably necessary for that purpose, the disclosing custodian shall notify the custodian to whom it disclosed the information of that fact. [6]

[27]  As I indicate above, the hospital’s privacy policy advises patients of the option of implementing a withdrawal of consent for some uses and disclosures of their information. During the course of my review, the hospital described to me how it implements these provisions in the context of issuing prescriptions. It has agreed to document these practices in a written policy. It has also agreed to review its privacy training materials to ensure that its staff are educated about its obligation under section 20(3). In addition, although PHIPA  does not prescribe the form or content of the notice required to be given under section 20(3), I recommend that the hospital adopt a standard approach to documenting any refusals of patient consent and any resulting notifications given under section 20(3), and to consider adopting a standard form of notice under section 20(3).

The hospital’s disclosure of the personal health information at issue in this review complies with section 30 of PHIPA

[28]  Under this heading, I consider the complainant’s allegation that electronically generated hospital prescriptions contain an excessive amount of a patient’s personal health information. This aspect of the complaint raises a question about the hospital’s compliance with PHIPA ’s requirement that, where possible, health information custodians minimize the amount of personal health information that they collect, use, or disclose. Section 30 of PHIPA  states:

(1) A health information custodian shall not collect, use or disclose personal health information if other information will serve the purpose of the collection, use or disclosure.

(2) A health information custodian shall not collect, use or disclose more personal health information than is reasonably necessary to meet the purpose of the collection, use or disclosure, as the case may be.

(3) This section does not apply to personal health information that a health information custodian is required by law to collect, use or disclose.

[29]  For ease of reference, I reproduce again here the data elements that currently appear on the two types of electronically generated hospital prescriptions at issue:

• Patient first and last name;
• Address;
• Telephone number;
• Date of birth;
• OHIP number (only for prescriptions for controlled substances—e.g., narcotics, benzodiazepines); and
• Sex (as an element on Family Practice EMR prescriptions only).

[30]  In my Notice of Review to the hospital, I asked it to explain how each element of patient personal health information currently included on these prescriptions is “reasonably necessary to meet the purpose” of the disclosure, within the meaning of section 30 of PHIPA , and, specifically, to define the purpose of the disclosure. I also asked the hospital to explain the reason for any differences in the data elements appearing on the two types of prescriptions that are electronically generated at the hospital (the aEPR prescriptions and the Family Practice EMR prescriptions). As noted above, I received representations on this topic from the hospital, and from a number of affected party organizations who addressed the necessity of particular data elements on hospital-issued prescriptions. The complainant also provided representations in response.

[31]  Below, I set out the parties’ representations and my findings for each of the data elements at issue. For the reasons that follow, I conclude that the hospital’s disclosure of these data elements in the form of electronically generated patient prescriptions complies with PHIPA .

Purpose of disclosure

[32]  The hospital begins by identifying that the purpose of disclosing patient personal health information on a hospital-issued prescription is to provide health care to the patient named on the prescription. More specifically, the information on a prescription is required to authorize a pharmacist to dispense a particular medication, in a particular dose, to a particular patient, and to ensure that the prescriber’s instructions to the patient on the safe and appropriate use of the medication are communicated to the correct patient.

[33]  Each data element at issue in this review fulfills this purpose, the hospital says, by contributing to the accurate identification of the patient. Accurate patient identification is crucial to the effectiveness of any interventional health service, and is a legal and regulatory requirement as well as a best practice. Prescribers consider a number of factors about a patient before determining the appropriate prescription, so accurately identifying the patient for whom a prescription is intended is essential. The hospital also notes that accurately identifying the patient for whom the medication is intended is necessary to prevent medication fraud, including “double-doctoring,” by which patients attempt to obtain medication for themselves or for others that is not authorized or is not appropriate. The hospital submits that the rise of health information identity fraud has increased the risk of wrongly identifying a patient.

[34]  For these reasons, the hospital says, general principles and best practices established by Canadian and international organizations recommend the use of multiple approved identifiers for accurate patient identification before dispensing prescription medication. The hospital cites guidance provided by a number of these authorities, including Accreditation Canada, the World Health Organization (WHO), the Joint Commission on Accreditation of Healthcare Organizations, and the College of Physicians and Surgeons of Ontario (CPSO), as well as a number of other organizations who made representations directly to me on this topic, whose submissions I will summarize below.

[35]  The hospital and some affected party organizations also cite studies on patient identification errors and the effectiveness of various techniques for reducing such errors, and a survey of patient identification standards incorporated in Required Organizational Practices (“ROPs”) of healthcare organizations. [7] These various sources indicate that the use of a minimum of two identifiers, including the patient’s name and date of birth, is a common standard for care activities that have the potential of causing harm if administered to the wrong person. Since receiving notice of this complaint, the hospital has also conducted its own research of standards of patient identification and best practices adopted by a number of health care organizations in Ontario. Based on this research, the hospital reports that the use of a minimum of two identifiers is common, and that, in fact, the guidance surveyed suggests that the inclusion of more information on prescriptions (rather than less) is recommended in order to prevent medication errors and fraud.

[36]  In view of this background, the hospital discusses the specific data elements appearing on the electronically generated prescriptions at issue in this review.

Patient first and last name

[37]  A patient’s first and last name is one of the essential identifiers cited in most of the guidance canvassed by the hospital—including, among others, guidance from the Institute for Safe Medicine Practices (IMSP), [8] the WHO/Joint Commission, [9] and the CPSO. [10] The hospital notes that without the patient’s name, a prescription could be used by anyone. The hospital also describes specific circumstances in which the inclusion of both first and last names (and not just one) is reasonably necessary, such as in the case of married or related patients (i.e., patients with the same surname) residing at the same address. For this reason, hospital policy cites patient name as a required element of medication orders. [11]

[38]  I accept that the inclusion of a patient’s first and last name on a prescription is reasonably necessary to meet the purpose of the disclosure, being the safe and effective delivery of health care to the correct patient, and complies with section 30 of PHIPA . I note that the complainant does not appear to object to the inclusion of this data element on a hospital prescription.

Address and telephone number

[39]  The hospital submits that the inclusion of a patient’s address as an additional identifier is reasonably necessary to avoid confusion in the not uncommon circumstance of there being more than one patient with the same first and last name. The hospital notes that certain first and last names may be common within a particular patient demographic. There may also be other circumstances—such as when patients use nicknames rather than their legal names, or where there is a name change (including upon marriage or adoption)—where the inclusion of an address as an additional identifier can help to identify the patient.

[40]  The hospital submits that a telephone number is reasonably necessary as the prescriber or pharmacist may need to contact the patient in regard to a prescription. The hospital notes that not all patients attend a pharmacy in person, and that not having a means of immediately contacting a patient could result in delays in dispensing a prescription or in communicating important information to a patient, such as information about a drug recall.

[41]  I accept that the inclusion of these data elements complies with section 30. The complainant does not appear to take issue with the inclusion of these particular identifiers on the prescription.

Date of birth

[42]  By contrast, the complainant expresses a particular concern about the inclusion on her prescription of her date of birth, and the consequent disclosure of this information to any pharmacy where she fills a prescription. She notes, for example, that the CPSO’s “Prescribing Drugs” policy to which the hospital refers does not mandate that prescribers include the patient’s date of birth on prescriptions.

[43]  The hospital notes that while the CPSO does not include the patient’s date of birth as a required element on every prescription, it recommends that physicians consider, on a case-by-case basis, whether including that information on a prescription would assist in confirming the patient’s identity. [12] The hospital maintains that inclusion of the date of birth is reasonably necessary for the effective provision of health care to the appropriate patient. Unlike names, addresses and telephone numbers, the date of birth is an immutable identifier, and for this reason is recommended as a preferred patient identifier by bodies such as Accreditation Canada and the WHO. The hospital submits that the use of an immutable identifier is particularly important in its case, as an inner-city hospital that serves a significant number of homeless and immigrant patients for whom mutable identifiers (such as addresses) may be unreliable, and in which populations there may be higher than average rates of shared first and last names. The inclusion of the date of birth is also important for clinical purposes, since a patient’s age may be relevant for dosing decisions by the prescriber, and for the identification and prevention of prescribing errors, including by the dispensing pharmacist. The hospital observes that the pharmacist may not be aware of a patient’s date of birth unless it is included on a prescription.

[44]  A number of affected party organizations who made representations to me in this review also specifically addressed the importance of this particular identifier. These include the Canadian Medical Protective Association (CMPA) and the Healthcare Insurance Reciprocal of Canada (HIROC), which support the inclusion of a patient’s date of birth as a best practice for their physician members to ensure patient safety by aiding in patient identification and reducing prescribing and dispensing errors. Both the CMPA and HIROC note, for example, that the date of birth on a prescription can alert a pharmacist to the need for a particular administration or dosage for the patient based on her physiology due to age (as in the case of children or the elderly).

[45]  Both bodies also referred to guidance on this topic provided by the Institute for Safe Medication Practices Canada (ISMP Canada). [13] In its own submission to me, made jointly with the Canadian Patient Safety Institute, ISMP Canada takes the position that every prescription should include a patient’s date of birth to ensure patient safety, including by reducing the risk of medication errors. ISMP Canada notes, for example, that 29% of medication errors have been found to be directly associated with inadequate patient information. [14] The Ontario Pharmacists Association also supports the inclusion of the date of birth for patient safety reasons, noting additionally that the date of birth is required on prescriptions for patients receiving coverage through the Ontario Drug Benefit program (because eligibility is related to a patient’s age). The Canadian Society of Hospital Pharmacists takes the position that removing a patient’s date of birth from a prescription increases the risk for misidentification errors, as well as medication errors, because safe and appropriate medication management for patients is often heavily dependent on patient age.

[46]  In response, the complainant asserts that the patient’s date of birth is not necessary on a prescription because, in Ontario, a patient’s OHIP card (which contains information including her name, birth date, photograph and signature) must be presented and validated at every physician visit before any prescription is ever written. In addition, she says, patients who qualify for prescription coverage under government programs (she names the Ontario Drug Benefit and Trillium programs) must provide an OHIP card at a pharmacy in order to obtain their medications. The complainant appears to take the position that because a patient’s identity is already verified through presentation of the OHIP card before any prescription is written (and, for some patients, at the pharmacy before the receipt of any medication), it is not necessary to include the birth date on a hospital prescription. She also states that different pharmacies have asked her for different kinds of identification before providing her with a prescription, and that there does not appear to be any standardization to the patient identification practices adopted by different pharmacies.

[47]  I do not agree that these circumstances eliminate the patient safety rationale for including the date of birth on hospital prescriptions. For instance, the fact that a patient typically presents her OHIP card to hospital staff before seeing a physician at the hospital has no bearing on the data elements that the prescribing physician may deem reasonably necessary to include on a prescription to ensure that his patient is accurately identified by the pharmacist who fills it. Similarly, the fact that pharmacies may, in some circumstances, require presentation of a patient’s OHIP card for the purpose of ensuring drug program eligibility does not make it inappropriate for the hospital to provide the pharmacy with the patient’s date of birth for patient safety purposes relating to the proper administration of medication. I also accept the complainant’s observation that pharmacies do not always require a patient to provide a form of identification that contains her date of birth. In my view, however, this supports (rather than diminishes) the hospital’s argument for the inclusion of the patient’s date of birth on the prescription.

[48]  In all, I am satisfied that the hospital’s inclusion of a patient’s date of birth on a prescription complies with section 30 of PHIPA .

OHIP number (only for prescriptions for controlled substances)

[49]  The hospital reports that prescribers are required by law [15] to include an approved identifying number in prescriptions for controlled substances. The OHIP number is an approved unique identifier under the provincial government’s Narcotics Strategy. [16] Through discussions with this office during earlier stages of the complaint process, the hospital has confirmed that a patient’s OHIP number now appears only on prescriptions for controlled substances (for example, narcotics and benzodiazepines) covered by this legal requirement.

[50]  It is not evident to me whether the complainant specifically objects to the inclusion on a prescription of a patient’s OHIP number in this limited circumstance. In any event, I find that the hospital’s disclosure of this data element in this circumstance complies with PHIPA . I also note that the data minimization principles in section 30 do not apply to personal health information that a custodian is required by law to collect, use, or disclose [section 30(3)], and that PHIPA  may permit or require the disclosure of personal health information without consent in some circumstances, including where required by law [section 43(1)(h)].

Sex (as an element on Family Practice EMR prescriptions only)

[51]  A patient’s sex originally appeared as a data element on both types of prescriptions generated electronically by the hospital: its ambulatory electronic patient record (aEPR) prescriptions and its Family Practice EMR prescriptions. As part of its response to this complaint, the hospital removed the “sex” data element from its aEPR prescriptions, and committed to exploring the feasibility of removing this data element from its Family Practice EMR prescriptions.

[52]  In my Notice of Review to the hospital, I asked it to explain the rationale for this different treatment in the two different types of electronically generated prescriptions, and to advise me of the status of the hospital’s consultations on this topic.

[53]  The hospital explains that a patient’s sex is relevant for dosing decisions, as well as for patient identification, and for this reason was originally included in both types of electronically generated prescriptions. In response to the concerns raised by the complainant, the hospital modified the information appearing on prescriptions generated by its aEPR system by removing this data element.

[54]  The hospital was unable to make the same immediate modification to the prescriptions generated through the Family Practice EMR system, however, because that system is provided to the hospital by a third-party vendor and hosted by another custodian on behalf of the hospital and a number of other parties (other hospitals). As a result, there are a number of technical issues involved in determining the feasibility of modifying the EMR to permit a prescriber to remove patient sex as a data element on EMR prescriptions. These include questions around whether and how any such modification would affect the functionality of other parts of the EMR, or its functionality for other users. Any modification to the hospital’s EMR-generated prescriptions will require greater consultation with the vendor, the hosting services provider and potentially other bodies, including the Ministry of Health and OntarioMD (a subsidiary of the Ontario Medical Association that develops and implements EMR systems and other digital health tools for physician practices). As a result, while the hospital’s family practice group is now considering the issue, the hospital’s understanding is that such a modification to its EMR prescribing function is not one that can be implemented by or at the direction of the hospital alone.

[55]  Moreover, the hospital maintains its position that patient sex is a relevant factor in dosing decisions, as well as for patient identification purposes. As such, the hospital continues to assess the effects of the removal of this data element from its aEPR prescriptions, and will consider these findings before recommending any similar removal for its Family Practice EMR prescriptions. For instance, if the hospital determines that the removal of this data element from its aEPR prescriptions has resulted in an increase in medication errors, the hospital will revisit its decision to modify its aEPR prescriptions.

[56]  I find this to be a reasonable explanation for the hospital’s different treatment of the “sex” data element on its electronically generated prescriptions. In addition, without commenting on the hospital’s decision to remove this data element from its aEPR prescriptions, I am prepared to accept that the disclosure of this data element on its Family Practice EMR prescriptions is reasonably necessary for the patient safety purposes discussed above. It is not evident to me that the complainant takes exception to the inclusion of this particular data element on the hospital’s Family Practice EMR prescriptions, but she (and any other patient who does) may avail themselves of the hospital’s consent directive process to request removal of this data element (or any of the others discussed above, with the exception of the OHIP number) from their prescriptions. The hospital’s process permits prescribers to decide, on a case-by-case basis, whether they can honour the patient’s request while complying with their legal and professional obligations.

[57]  In consideration of all the above, I am satisfied that the hospital’s disclosure of certain patient personal health information on a standard electronically generated prescription complies with PHIPA .

NO ORDER:

For all the foregoing reasons, no order is issued. I dismiss the complaint.

Original Signed by:		April 20, 2020
Jenny Ryu
Adjudicator