Apr 18, 2001

Today, Manitoba Ombudsman Barry Tuckett raised a number of concerns in releasing his 1999 annual report on access and privacy matters under The Freedom of Information and Protection of Privacy Act (FIPPA) and The Personal Health Information Act (PHIA).

Tuckett said that some of the complaints his office received would have been resolved more quickly and efficiently if the public and organizations holding general information and information on individuals simply had a better understanding of their rights and obligations under the Acts.

"Most people don't spend a great deal of time thinking about the importance of accessing information or protecting their privacy until they become involved in a situation where they feel their rights have been violated," said Tuckett. "Then the cases we investigate can become quite lengthy and complicated. It is always a challenge to balance the needs of those seeking information with those withholding the information as well as those claiming that their personal information has not been protected and those who are obligated to protect information."

The Ombudsman advised there is a need to review personal information sharing practices among public bodies and organizations within and outside Manitoba.

The Ombudsman found, for example, that personal information collected and disclosed by Driver and Vehicle Licensing, a Division of Manitoba Highways and Government Services, had not been protected in the manner required by FIPPA when a computer tape containing personal information about 675,000 Manitobans vanished while in the custody of Elections Canada.

The Ombudsman is concerned that the personal information practices of a number of public bodies and personal health information trustees may not be in compliance with legislation and could compromise personal information rights.

For example, the Ombudsman found that five chiropractors contravened PHIA when they used and disclosed the personal health information of their patients for mailing and telephone solicitation seeking support for a political nominee in 1999. An investigation by the Ombudsman also found that that the chiropractors were not in compliance with security safeguard provisions of the Act.

Some personal health information trustees know too little about their access and privacy obligations under FIPPA and PHIA.

Manitoba's Ombudsman also noted that while provincial departments and agencies have had nearly 30 years' experience dealing with the Ombudsman's Office, health care professionals and most organizations in the private sector covered by The Personal Health Information Act (PHIA) are unaccustomed to oversight activity by an independent office.

"It concerns me that there are health care professionals who know little about the legislation governing health information," said the Ombudsman. "I believe that there are very few personal health information trustees that are in full compliance with The Personal Health Information Act." During 1999, for example;

• An investigation confirmed that patient rights had been violated and personal information was not safeguarded by a health care clinic as required under PHIA when patients files were found in a dumpster behind one of the clinic's locations.
   
• A bill was submitted to the Ombudsman's office by a health care professional for his time spent responding to the Ombudsman's Office on a complaint made against him.

The Ombudsman also warned that increasing federal-provincial activities on the creation of a national electronic health information infrastructure must balance the requirements of such a system with the protection of personal health information under PHIA, Manitoba's vanguard legislation in the area. 

Public bodies and the public need to be better informed of their rights and obligations under FIPPA and PHIA

To better define some of the principles and issues involved in access to information and privacy rights, the Ombudsman prepared "A Privacy Snapshot", a special report for the Legislature regarding the current privacy environment and some of the provincial, national and international issues and challenges related to privacy.

Neither FIPPA nor PHIA elaborates the specific characteristics of meaningful consent involved in obtaining and managing personal information. This fact, combined with a growing demand for guidance in the day-to-day practices of handling personal information by numerous trustees and public bodies, led the Ombudsman to develop "Elements of Consent" during 1999. It provides information on informed consent and serves as a practical guide for trustees and public bodies when collecting, using or disclosing personal information or personal health information.

Drafting began on material that could be widely distributed to help public bodies and trustees self assess their level of compliance with FIPPA and PHIA. Work on these systemic tools remains incomplete as staff and resources deal with the growing volume and complexity of privacy and access complaints.
 

The rising volume of complaint work is undermining the discharge of major compliance duties to investigate, audit, and monitor public bodies and trustees, and to inform the public about PHIA and FIPPA.

Since 1997, when new legislation was introduced, complaints have more than doubled.

In 1999, Ombudsman access and privacy staff investigated 159 complaints, an increase of 35% over the previous year. While a record number of cases (151) were closed in 1999, the number of cases carried over to the year 2000 more than doubled.

About 25% of the complaints received during the year involved issues of privacy. These cases are significantly more labour and time intensive than access cases due to their very intimate, intricate and individualistic nature. For example;

• One complainant expressed concern that her psychiatrist had disclosed reports on her personal health information to Winnipeg Child and Family Services without her consent, resulting in the apprehension of her child. The psychiatrist indicated that the reason for providing the reports was his concern regarding the complainant's ability to properly care for her child. He also noted that he had a statutory duty to report these concerns to CFS under The Child and Family Services Act.
• An employee of the Parking Permit Program, administered by the Society for Manitobans with Disabilities Inc. on behalf of Manitoba Highways and Transportation, faxed copies of a complainant's medical certification to the Workers Compensation Board without written consent.
• A breach of privacy occurred when employees' ages were disclosed in a computer-generated report by Better Methods, a project of Manitoba Finance. Although names were not provided in the report, the information could easily be matched with another report provided at the same time.

Access-to-information applications are becoming more demanding and sophisticated. The number of access applications granted in full or in part by provincial government bodies dipped to 55% this year compared with a rate of 74% or better during the previous 5 years.

In the annual report, the Ombudsman also noted that 90% of all responses for access to information applications by departments and government agencies in 1999 were within the 30-day time requirement, maintaining Manitoba's reputation for having one of the best response times in Canada.