What is PHIPA Training: Consent
The next component of PHIPA training should cover the principles of identifying purposes and obtaining consent. Generally, PHIPA requires that health information custodians obtain consent from an individual to collect, use, or disclose that individual’s personal health information.
PHIPA training should distinguish between the law’s two types of consent. Under PHIPA, there is implied consent, and there is express consent. Implied consent is consent that is implied from the circumstances. PHIPA allows for implied consent to be given, provided that the consenting person knows the purpose of the collection, use, or disclosure, and knows that they have the right to give or withhold consent.
What is PHIPA Training: Implied Consent
Under the concept of implied consent, if a custodian states (such as, in a poster or brochure that is readily available, and that is likely to be viewed by the individual) the purposes for which it seeks to disclose, collect, or use personal health information, the law will then assume that the individual is aware of that purpose.
Under PHIPA, if an individual is aware of the purpose for which PHI disclosure, collection, or use is sought, the person has consented to that disclosure, collection, or use. If the individual objects to the disclosure, collection, or use, the individual must bring the specific objection to the health information custodian’s attention to ensure the disclosure, collection, or use is not made.
What is PHIPA Training: Assuming Consent
The next component of PHIPA training should cover specific instances of when, exactly, in real life, a health information custodian can assume that it has implied consent to collect, use, or disclose personal health information to provide health care.
This assumption can be made if the following conditions are met:
- The information was received by the health information custodian, from either the individual, the individual’s substitute decision-maker, or another health information custodian.
- The information was received to provide healthcare to the individual.
- The information is collected, used, or disclosed to provide healthcare to the individual.
Since each condition above allows for an assumption that there is implied consent, PHIPA refers to these conditions as instances of assumed implied consent.
Individuals in what PHIPA calls an individual’s “Circle of Care” may rely upon the concept of assumed implied consent to conclude that a patient has consented to their collecting, using, or disclosing personal health information for the purpose of providing or assisting in providing healthcare.
What is the PHIPA Circle of Care?
The next PHIPA training concept is the so-called “Circle of Care.” This phrase is nowhere to be found within the text of PHIPA.
It is a fanciful nickname that refers to the following individuals:
- For a physician’s office: The physician, nurses, a specialist, or other healthcare practitioner referred by the physician, and any other healthcare practitioner selected by the patient (i.e., a pharmacist).
- For a hospital: The attending physician and the “treatment team” (i.e., all residents, nurses, clerks, and employees assigned to the patient and who provide care).
Additional examples of custodians who fall within the PHIPA Circle of Care include individuals within long-term care homes and community care access centers, who provide or assist in providing treatment to an individual.
As implied by the name, the PHIPA Circle of Care does not include individuals who do not provide care to a patient. As such, health information custodians who are not part of an individual’s direct or follow-up treatment, and non-custodians, such as insurance companies and employers, stand outside of the circle.
Providing PHIPA training on the concepts of personal health information, consent, and the circle of care gives employees a working knowledge of the ground rules of PHIPA.