Protecting privacy and maintaining confidentiality is non-negotiable; it is fundamental to who we are as MLTs.
MLTs must handle personal health information (PHI) carefully and responsibly, following the law, ethical standards, and CMLTO’s Standards of Practice and Code of Ethics.
By protecting privacy and confidentiality in all daily work, MLTs can help patients build trust in the healthcare system. Staying up to date on privacy and confidentiality practices helps keep PHI safe.
Privacy Resources for MLTs
Below, you can access resources we have developed and compiled to support MLTs in maintaining privacy and confidentiality in their daily practice.
The CMLTO has prepared a one-page document with key information to know about MLT practice, privacy, and confidentiality. This resource contains key definitions about Circle of Care, privacy breaches and what constitutes a breach, consequences of privacy breaches, and more.
In addition to the requirements set out by the CMLTO, MLTs are required to comply with the Personal Health Information Protection Act, 2004 or “PHIPA”, which is legislation that governs how personal health information may be collected, used, and disclosed within the health sector.
Personal Health Information “PHI” is defined as any identifying information about an individual that relates to their physical or mental health. This information can be verbal, written, or electronic, as long as it relates to a person’s health and can be used to identify them. Examples of PHI include family health history, health card number, test results, health insurance payments, and medications.
Additionally, PHIPA outlines who is considered a health information custodian or “HIC” and describes the individuals and organizations to whom custodians may disclose PHI. A HIC is a person or organization that has custody or control of PHI as a result of their power, duties, or work. MLTs are considered HICs under PHIPA, as they have control of PHI in their practice.
PHIPA provides a framework for protecting PHI which gives patients greater control over how their PHI is collected, used, or disclosed, while balancing their privacy rights with the needs of custodians who require access to provide safe and timely healthcare services. By promoting transparency and accountability between patients and healthcare professionals, PHIPA helps build the trust that is essential in a well-functioning healthcare system.
This policy explains how CMLTO addresses privacy breaches by MLTs, treating them as professional misconduct. It outlines the process for investigating breaches and possible consequences, including education, mentorship, or referral to the committee, to ensure patient confidentiality is protected.
This resource describes the concepts of confidentiality and privacy, including privacy principles, relevant legislation, and a case study for Medical Laboratory Technologists (MLTs) to self-reflect on their practice.
Privacy Resources for members of the public
Please read further for more information about what a privacy breach is, your rights, and what to do if it happens to you.
According to the Personal Health Information Protection Act, 2004, personal health information is defined to include, but not limited to any identifying information about an individual, such as their physical or mental condition, their healthcare services or service plans, health coverage payments or eligibility, health card number, etc.
This information may be in any verbal, written, or electronic form.
It refers to any data that can be used alone or combined with other information to identify an individual.
It is your right to control the collection, use, and disclosure of your personal health information.
Access to your information is restricted to those within your circle of care and must not be accessed by an MLT out of curiosity or interest.
Confidentiality refers to the protection and prevention of sharing personal health information without consent from the patient.
MLTs maintain confidentiality by not discussing patients when patient care is not involved, even if names are not mentioned.
Note that information such as age, gender, or health condition could potentially identify a patient.
The Circle of Care consists of various professionals who provide a service to a patient and may require access to PHI to do so. MLTs access PHI as part of the patient’s care team when the information is needed for conducting lab tests, verifying results, or sharing findings with an authorized healthcare professional.
A privacy breach includes any instance of unauthorized access, use, or disclosure of PHI.
Examples include:
- An MLT outside of a patient’s circle of care accessing or discussing their health records
- MLTs taking photographs in a laboratory where a patient’s personal health information is visible
- An MLT updating or editing a patient’s records or personal health information through improper channels
Institutions, facilities, or health care professionals that are custodians of patients’ personal health information. This may include a hospital or community laboratory, or a private health care facility such as a healthcare practitioner’s office.
You can file a complaint with the Information and Privacy Commissioner of Ontario if you believe there are reasonable grounds that PHIPA has been or will be breached. You can access the Information and Privacy Commissioner website here.
You can also directly file a complaint with the CMLTO.
