Physicians who are collecting, using or disclosing personal health information on behalf of a health authority are acting as agents of the health authority. Physicians who are agents have specific duties to fulfil.
Custodian’s purposes
Agents must collect, use and disclose the personal health information only for custodian’s purposes and with the same care and diligence as the custodian.
Breach notification
Agents are required to inform the custodian at the first reasonable opportunity if personal health information handled by the agent is stolen, lost or accessed by unauthorized persons.
Scope of authority
Physicians who are agents are only authorized to collect, use, disclose, retain, destroy or dispose of personal health information on the custodian’s behalf if the custodian is permitted to perform these activities. The physician who is an agent cannot perform an action with respect to personal health information if the action is not within the scope of authority of the custodian.
Reporting
Physicians who are agents are required to comply with the legal reporting obligations that apply to them. For example, a physician is required to report suspected child abuse under the Children and Family Services Act. Physicians should refer the guidelines published by the College of Physicians and Surgeons of Nova Scotia for more information on reporting.
Additional duties
PHIA also states that agents must:
- ensure that personal health information held for a custodian or other third parties is retained and destroyed in accordance with the custodian’s retention schedule;
- sign any confidentiality agreements the custodian may require under PHIA; and
- sign any contracts with custodians that ensure compliance with the Act and regulations.