New Guidelines from the Office of the Information and Privacy Commissioner of Ontario
Despite all of our wishes for a return to “normal” service provision, there continues to be a need to provide services via technology, or “virtual care” whenever it is clinically appropriate to do so.
The College Standards of Professional Conduct, 2017 set out members’ responsibilities and obligations in providing telepsychological services. These are found in Principle 15, Use of Technology in the Provision of Psychological Services
In February 2021, the Office of the Information and Privacy Commissioner (IPC) released new guidelines for the health care sector in order to support the safe and secure use of virtual care: Privacy and Security Considerations for Virtual Health Care Visits (PDF).
In addition to reminding health information custodians of their obligations under the Personal Health Information Protection Act, 2004, the Guidelines provide advice on the steps to enhance privacy and cybersecurity risks in virtual health care. According to the Guidelines, members should:
- Conduct privacy impact assessments to identify and manage specific privacy and information security risks associated with providing virtual care;
- Develop and implement virtual health care policies and notify clients about these virtual care policies;
- Ensure employees and other agents participate in ongoing privacy and security training; including training on the organization’s virtual health care policies;
- Develop an information security management framework to regularly monitor, assess, and mitigate any security risks that may arise while using the virtual platform. The framework must include all of the required administrative, technical, and physical safeguards.
The IPC Fact Sheet also provides information to assist practitioners in choosing virtual visit solutions. Ontario Health (OTN) has established a Virtual Visit Solution Standard and Verification Process. According to the Fact Sheet, this provincial standard was developed to assist custodians and vendors deliver secure virtual health care by using “safe, secure and interoperable platforms”. The Virtual Visit Solution Standard provides general requirements of systems to be used for virtual service provision. OTN has developed a verification process to ensure telehealth platform vendors meet the privacy and security criteria laid out in its Standard. A list of Verified Virtual Visit Solutions, to be updated regularly, is provided.
Please note that neither the College nor Ontario Health endorse any technological solution or vendor listed. Ontario Health advises health care providers to conduct their own due diligence to determine that any solution meets their requirements and needs.