Digital health interoperability - proposed amendments to O. Reg. 329/04
O. Reg. 329/04
Regulation - LGIC
Bill or Act:
Personal Health Information Protection Act, 2004
Summary of Decision:
New direct administrative costs to business resulting from proposed regulation are expected to be marginal to ordinary costs of doing business. Ministry estimates that ~1,500 custodians annually might be asked to report to Ontario Health (OH) about their compliance, and that most of these custodians could respond with a simple 'nil' report. It is expected that micro- and small-sized custodians that were selected for reporting would be required to spend no more than two hours of administrative effort.
The ministry's analysis was based on the following facts and assumptions:
- There is no general reporting requirement for HICs under proposed regulation; however, on occasion HICs may be required to provide reports about technology selections to OH.
- These reports are expected to be simple documentation about types of technologies that have been developed, procured, licensed etc. over preceding 12 months (e.g. software name, vendor, version number and date of procurement) that can be easily obtained from business records. Based on frequency of technology procurements, ministry would expect that a majority of HICs would have a 'nil' report in any given year.
- It is assumed that medium and large health enterprises deploy more, and more complex health technologies than micro- or small-sized enterprises. As a result, it is reasonable that OH would monitor compliance by requesting reports from a larger proportion of medium and large enterprises on an annual basis, and that these enterprises would require more time to assemble reports.
In contrast, it is expected that outcomes of ministry's interoperability strategy, enabled by means of proposed regulation, will - in time - result in significant efficiencies that can be realized by health information custodians and solution vendors. These efficiencies would more than offset minor administrative costs.
Analysis of Regulatory Impact:
Work is currently underway analyzing possible administrative and compliance costs to businesses and professionals that may result from this regulatory proposal. To inform this analysis we encourage you to provide your feedback.
May 23, 2020
Summary of Proposal:
The proposed regulation would make the following amendments to the PHIPA Regulation:
• Establish that Ontario Health shall establish interoperability specifications that pertain to digital health assets, subject to the direction and approval of the Minister.
• Establish that health information custodians must ensure that the digital health assets that they select, develop or use are compliant with applicable interoperability specifications.
• Require Ontario Health to establish a certification process by which a list of digital health assets that are compliant with specifications may be published.
• Require health information custodians to provide Ontario Health with reports upon request, and to cooperate and assist the Agency to support compliance monitoring.
• Require Ontario Health to establish a compliance monitoring process.
• Establish that enforcement of the regulation would occur by means of complaint to the Information and Privacy Commissioner, supported by any reports or information collected in the process of compliance monitoring.
Digital Health Division
1075 Bay Street, 12th Floor
Toronto ON M5S 2B1
January 1, 2021