Opening up the vault

In the fall of 2011 Alan Belaiche was general counsel at St. Michael’s Hospital in Toronto when he was co-chairman of the hospital’s Freedom of Information and Protection of Privacy Act readiness task force.
As of Jan. 1 hospitals in Ontario would formally fall under the legislation. Requests could be made for information that came into the custody or control of a hospital on or after Jan. 1, 2007. That’s not to say Ontario hospitals never complied with requests for information, but it means there is now a formal regulatory regime in place for them to follow. It also put a framework around specifically what information could be accessed and for how long.

Given that requests made under FIPPA would require the hospitals to react quickly and comply within a framework of exemptions and exceptions, Belaiche decided to champion a records-retention policy.

“I wanted to consider the in-house capacity to manage and respond to freedom-of-information requests and to initiate an education and training process for staff including physicians,” he says.

Belaiche, who left St. Mike’s earlier this year to start his own practice, Belaiche Law, says he received some pushback from the senior executive. It was an example of how hospitals in Ontario have been largely able to escape the formal governance process required for information requests unlike other institutions in the province and around the country.

It wasn’t the only issue senior executive management at Ontario hospitals would have with increased disclosure of personal information. In an attempt to encourage further transparency the Ontario Hospital Association issued advice suggesting top executive team compensation packages be disclosed on the individual hospital web sites, along with board minutes and financial plans.

“We agreed in the big picture this was something the public was going to be interested in and that there was a benefit of putting it on our web site in a way everyone could have access to it rather than just waiting for individual requests,” says Megan Evans, chief legal officer and risk officer with the Hospital for Sick Children in Toronto.

This would be information above and beyond what the Public Sector Salary Disclosure Act in Ontario requires in terms of disclosure of compensation information of any public employee earning more than $100,000. In light of the Drummond report issued in February of this year, which highlighted the province’s projected $30 billion deficit by 2017, and need to cut costs across almost every area of government including health care, it was somewhat of a pre-emptive strike to provide greater transparency on health-care spending.

Some in-house counsel at Ontario hospitals argue the OHA’s push to have full executive compensation packages published online went further than what freedom-of-information legislation would typically permit, but it was all in an effort to strip away any question about where dollars were going.

When it came to preparing for information requests, for many Ontario hospitals it meant they had to create policies to determine who would handle FOI requests, how the information would be accessed and generally make it clear to all employee groups that such information would now need to be available to the public and that in future, items once thought confidential might one day be asked for by the public.

“We like to think that we have historically been a very transparent organization and accountable to our stakeholders including the public but it was informal up until Jan. 1. People would call in and ask for something and we would think about the reasonableness of the request and when it made sense we would work with them and when it didn’t we wouldn’t. Now it’s much more formal,” says Evans.

But Evans stresses it meant educating a workforce of 8,000 people on what was a fundamental change in the way in which the hospital operated when it came to requests for information.

Kristin Taylor of the Centre for Addiction and Mental Health in Toronto says the process involved making it clear to staff and management at that facility the time had come to update governance policies around information management.

“I felt we really needed to get the message out that we’re changing our culture in this area so although we were getting records-retention policies up to speed to make sure we were keeping things for as long as they needed we weren’t keeping them longer than needed. It was a great joint effort amongst most of the hospitals in the province to come up with like-minded retention periods,” she says.

Taylor said communicating the new policy objectives around records retention was a delicate dance. “We wanted to be careful about how we did this because we didn’t want the perception to be ‘FIPPA’s coming, purge!’ — that would be the wrong impression. What we needed to know was what records do we have and what do we need to keep.”

It became an important activity especially considering Taylor said staff was not specifically educated about exemptions or exclusions because she says, “that doesn’t help us to have battles going on between our FIPPA office, our FOI office, and the executives who are saying I’m not giving it to you because there’s an exclusion.”

Essentially, under the act, every person has a right to access a record or part of a record in the custody of a hospital unless it falls within an exemption, the institution concludes on reasonable grounds that the request is frivolous or vexatious, or it falls within an exclusion.

Records associated with research, including clinical trials, are also exempt, except the subject matter and amount of funding received by a hospital for research.

Hospitals have always disclosed information but the big shift is that with FIPPA it has created a statutory and regulatory regime for requests, setting out exclusions and a time period for processing requests, a way of calculating costs, and an independent body in the form of the information privacy commissioner reviewing decisions made by hospitals.

“This legislation was passed at a time when people didn’t generate the kind of data we do today,” says Bonnie Freedman, regional leader of Borden Ladner Gervais LLP’s privacy and access-to-information group.

Overall, the process of creating a formal policy for handling information requests has been a positive step forward, says Evans.

“A lot of the time we’re our own worst enemies because we have lots of great records in the organization that describe all the great things we’re doing and this is an opportunity to think more proactively about getting it out to the public,” says Evans. “Often we don’t think about the public and what they should have access to. I think when the dust settles and we get rolling on a system this notion of proactive disclosure to the public will move holistically across the organization.”