Business Practices

Providing care in the community, as opposed to a hospital, brings the business side of health care much closer to RRT practice. The CRTO Standards of Practice states that “RRTs must only engage in business practices that are transparent, ethical, and not misleading to the public.” Privacy and confidentiality, security of Personal Health Information (PHI) and ethical, evidenced-informed care are essential in all health care settings. However, providing RT services in the community may necessitate that other concerns such things as billing, sales taxes and advertising also be taken into consideration. Thissection on business practices endeavoursto clarify how these and other aspects need to be managed in community RT practice.

1. Office of the Privacy Commissioner of Canada

The mission of the Office of the Privacy Commissioner of Canada (OPC) is to protect and promote privacy rights of individuals by enforcing compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA). This legislation aims to protect the private sector data of Canadians and gives an individual the right to lodge a complaint with the Privacy Commissioner of Canada about any alleged mishandling of their personal information. More information on how this piece of legislation applies to RT practice in the community can be found in the section Personal Information Protection and Electronic Documents Act (PIPEDA) of this document.

2. Information and Privacy Commissioner of Ontario

The Information and Privacy Commissioner of Ontario provides oversight of Ontario’s access and privacy laws, which establish the rules for how Ontario’s public institutions and health care providers may collect, use, and disclose personal information. The Personal Health Information Protection Act (PHIPA) is enforced by the Information and Privacy Commissioner of Ontario and apples to almost all RRTs, regardless of where they practice.

Privacy and Confidentiality

Federal and provincial legislation protect clients’ rights to privacy and confidentiality of their PHI. Therefore, RRTs have a legal obligation, as well as a professional and ethical obligation, to ensure that their clients’ PHI remains secure and confidential. The following two agencies listed below have been tasked with enforcing this legislation:

1. Office of the Privacy Commissioner of Canada

2. Information and Privacy Commissioner of Ontario

Personal Health Information (PHI)

Subject to certain exceptions set out in PHIPA, PHI refers to information about an
individual in oral or recorded form that relates to the:

physical or mental health of an individual

provision of health care to the individual

individual’s health card number

identification of the individual’s substitute decision maker (if applicable)

Circle of Care

The term “circle of care” is not a defined term in PHIPA. However, the Information and Privacy Commissioner of Ontario states that it is “a term commonly used to describe the ability of certain health information custodians to assume an individual’s implied consent to collect, use or disclose personal health information for the purpose of providing health care, in circumstances defined in PHIPA”1. The circle of care includes the health care providers who require specific medical information in order to provide care to a particular patient. In most situations, these health care providers may rely on the implied consent of a client to share medical information within the circle of care.

Consent by a client to share information with providers in the circle of care is generally implied. Therefore, a client who accepts a referral to another health care provider implies consent for sharing relevant information.

If a client cannot provide consent, then a Substitute Decision-Maker (SDM) becomes part of the circle of care, and can provide consent on the client’s behalf to allow PHI to be shared within the circle of care.

Express consent is required to share information with non-custodians outside the circle of care (e.g., family members who are not a guardian or SDM, police, insurance company, etc.)

More information on the Circle of Care can be obtained from the document published by the Information and Privacy Commissioner of Ontario entitled Circle of Care: Sharing Personal Health Information for Health-Care Purposes.

Example… A physician orders home oxygen for a client and the client agrees with the physician’s plan of care. This means that the client has given implied consent for the RRT(s) who will be providing their oxygen to be part of the circle of care. The RRT(s) is, therefore, permitted to access the client’s PHI and share that information within the circle of care.

Sharing PHI Outside the Circle of Care

As outlined previously, RRTs have a legal and professional obligation to maintain the confidentiality of client’s PHI. There are circumstances, however, where health care professionals are either required or permitted to report particular events or clinical conditions to the appropriate government or regulatory agency. In Canada, provincial, territorial and federal statutory requirements mandate that health care providers report to the appropriate agencies when certain conditions apply. RRTs who work in the community, particularly those who have established an independent practice, need to be aware of the relevant mandatory reporting requirements. Some examples of circumstance where information either must or can be shared outside the circle of care include:

A Child in Need of Protection

The mission of the Office of the Privacy Commissioner of Canada (OPC) is to protect and prThe Ontario Child and Family Services Act stipulates that it is the law to report suspected child abuse or neglect. Therefore, if an RRT has reasonable grounds to suspect that a child is or may be in need of protection, they must report it to their local Children’s Aid Society (CAS). It is not necessary to be certain a child is or may be in need of protection to make a report to a CAS, and an RRT must not rely on anyone else to report on their behalf. Any health care professional who fails to report a suspicion is liable on conviction to a fine of up to $5,000, if they obtained the information in the course of their professional duties.

Concerns about a Client’s Fitness to Operate a Motor
Vehicle

In Ontario, certain health care practitioners are required by law to report clients who may be medically unfit to drive. Under the Ontario Highway Traffic Act (s. 302), mandatory reporting requirements for high risk medical conditions, vision conditions and functional impairments that make it dangerous for a person to drive apply only to physicians, optometrists and nurse practitioners (NP). If, as part of their professional interactions, an RT becomes concerned about a client’s fitness to operate a motor vehicle they are encouraged to share their suspicions with the client’s primary care physician/nurse practitioner.

Clients with Certain Communicable Diseases

Under the authority of the Health Protection and Promotion Act (HPPA), (s.25), a specified list of diseases must be reported to the local Public Health Unit by certain health care professionals. The following are examples of communicable diseases that must be reported to the local Medical Officer of Health:

Chickenpox (Varicella)
Measles
Meningitis
Severe Acute Respiratory Syndrome (SARS)

RRTs are not one of the practitioners listed in HPPA who have a legal duty to report disease. However, because such reports are in the public interest, RTs are encouraged to communicate any concerns of a communicable disease to the client’s primary care physician/nurse practitioner. The complete list of reportable communicable diseases is available from each local Public Health Unit.

In addition, HPPA (s.38) now requires all health care professionals (including RRTs) who provide immunizations to report Adverse Event Following Immunization Report (AEFIs) to the medical officer of health of the health unit where the immunization took place.

Disclosures Related to Risks

PHIPA permits Health Information Custodians (HICs) to disclose confidential personal health information to relevant authorities “if the custodian believes on reasonable grounds that the disclosure is necessary for the purpose of eliminating or reducing a significant risk of serious bodily harm to a person or group of persons”².

Security of Personal Health Information

Unique challenges to the privacy and confidentiality of PHI can arise in a community care setting, particularly when PHI is being transported to and communicated in an unsecure location. The risk of information being lost or stolen is greater when it is being taken out of a more secure location (e.g., a home care company office) to an outpatient clinic or client’s home. In addition, sharing PHI in a less secure location runs a greater risk of disclosing sensitive information to individuals who are outside the circle of care (e.g., relatives, neighbours).

Information Privacy and Access Legislation

The specific legislation that applies to RRTs depends, to some degree, on the practice setting and the nature of the RT services being provided. Relevant legislation to community RT practice may include the:

Freedom of Information and Protection of Privacy Act

Personal Information Protection Act

Personal Information Protection and Electronic Documents Act

Freedom of Information and Protection of Privacy Act (FIPPA)

FIPPA applies to most provincial agencies, Local Health Integration Networks (LHIN) and public hospitals. It gives individuals in Ontario access to government health information, including general records and records containing their own personal information. If an individual feels their privacy has been compromised by a public institution governed by the Act, they may lodge a complaint to the Information and Privacy Commissioner of Ontario (IPC) who may investigate the complaint.

Personal Health Information Protection Act (PHIPA)

PHIPA establishes the rules in relation to the collection, use and disclosure of PHI. These rules apply to all HICs and to individuals and organizations that receive PHI on behalf of the HIC3 (Agents of HICs) . The Act defines HIC and Agents of HICs as follows:

Health Information Custodian

A HIC isthe person or organization who has custody of PHI on behalf of clients, such as:

Health Care Practitioners who operate a health care practice

Includes anyone who provides health care services for payment, regardless of whether or not the services are publicly funded. PHIPA defines “health care” as any assessment, care, service or procedure that is done for a health-related purpose⁴.

Community Health Facility (as defined by the Oversight of Health Facilities and Devices Act)⁵

Includes diagnostic facilities (e.g., sleep studies, pulmonary function testing) and surgical/therapeutic facilities (e.g., anaesthetic services for out-of-hospital surgical procedures).

Service Providers who provide a community service (as defined by the Home Care and Community Services Act)

“Respiratory Therapy Services” is listed as a professional service in the Provision of Community Services Regulation (s. 3.1(4) – O. Reg. 386/99) which was created under the Home Care and Community Services Act.

HICs are responsible for implementing and following information practices that comply with PHIPA.

Example… If an RRT is working independently (e.g., is a sole practitioner; has established their own company), they are considered to be the HIC. This means that the RRT is responsible for setting the privacy standards for handling and securing PHI in their organization and for making sure that any agents of the HIC working for them understand what is expected of them.

PLEASE NOTE:

As of March 1, 2019, RRTs and all other regulated health professionals who are Health Information Custodians (HICs) will be required to provide an annual reportto the Information and Privacy Commissioner (IPC). The annual report must identify the number of times, in the preceding calendar year, personal health information in the HIC’s custody or control was stolen, lost, used without authority, and/or disclosed without authority (examples include: loss of paper client records, misdirected fax or emails, a health professional who does not provide care to a client reading the client’s record).

Agents of Health Information Custodians (HIC)

An agent of a HIC includes anyone who is authorized by the HIC to provide services on behalf of the custodian with respect to PHI. Examples include:

Employees of the health information custodian

Volunteers or students who have any access to personal health information

All client medical records must be stored securely to ensure the integrity and confidentiality of their PHI. Paper records must be stored in:

Restricted access areas; and/or

Locked filing cabinets

Example…If an RRT is working as an employee for an organization (e.g., home care company, FHT), they are considered to be an “agent of the HIC”. This means that the RRT must comply with the PHIPA policies put in place by the HIC (their employer).

Retention of Electronic

Medical Records Electronic Medical Records (EMR) must be backed-up on a routine basis and back-up copies stored in a physically secure environment separate from where the original data is normally stored. All PHI contained on an EMR, external storage media, or a mobile device must be strongly encrypted.

Transporting Personal Health Information (PHI)

When PHI is being moved from one location to another (e.g., from an office to a client’s home), all reasonable steps must be taken to ensure they are protected from theft, loss and unauthorized access.

Under PHIPA, if a HIC is in the custody of a client’s PHI that is lost, stolen or used or disclosed without proper authority, the HIC must notify the individual at the first reasonable opportunity⁶.

Transfer of PHI

A HIC may transfer a client’s PHI records to the custodian’s successor, provided the HIC makes reasonable efforts to give notice to the patient(s) before transferring the records or, if that is not reasonably possible, as soon as possible after transferring the records.

Disposal of PHI

RRTs who are a HIC have a legal requirement to retain client’s PHI for the following time periods:

Adult clients: records must be kept for 10 years from the date of the last
entry in the record.

Clients who are children: records must be kept until 10 years after the day on which the client reached or would have reached the age of 18 years.

If an RRT ceases to practise or act in the capacity of a HIC, the PHI must be retained for the periods outlined above unless complete custody and control of the records are transferred to the custodian’s successor.

When the obligation to retain medical records outlined above comes to an end, the PHI may be destroyed, provided that this occurs in a manner that is in keeping with the obligation of maintaining confidentiality and requirements of PHIPA.

Disposal of Electronic Medical Records (EMRs)

There are basically two ways to securely destroy digital information:

Physically destroy the storage media;

Overwrite the information stored on the media

The best method to securely destroy personal information will vary depending on the type of media (e.g., hard drives, USB flash drives). Note that some devices, such as printers, fax machines, and smart phones, may contain multiple types of storage media, with each type requiring a different information destruction method⁷.

Personal Information Protection and Electronic Documents
Act (PIPEDA)

The Office of the Privacy Commissioner of Canada oversees compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), which is federal legislation relating to data privacy in the private sector. Therefore, PIPEDA generally only applies to RRTs working in private practice.

Privacy Breaches

A privacy breach involves the improper or unauthorized collection, use, disclosure, retention or disposal of personal information. A privacy breach may occur within an institution or off-site and may be the result of inadvertent errors or malicious actions by employees, third parties, partners in information-sharing agreements or intruders.

Regardless of the nature of the breach, they must be reported by the HICs to the Information and Privacy Commissioner of Ontario. No actual harm has to have happened to the client as a result of the breach for reporting to be required. More information of reporting privacy breaches can be found in the Reporting a Privacy Breach to the Commissioner Fact Sheet.

RRTs are subject to persecution for breaches of PHIPA. An RRT found guilty of committing an offence under PHIPA can be liable for a fine of up to $100,000, while an organization/institution can be liable for a fine of up to $500,000⁸.

Privacy breeches can occur in a number of different ways.

unguarded conversations

lost/misdirected documents (e.g., a client’s file being left on public transit, PHI being sent to the wrong patient)

use or disclosure without authority (i.e., accessed by someone who is outside of the circle of care)

stolen information (e.g., paper records or laptop being taken from the RT’s car; ransomware or other malware attack on a Family Health Team’s (FHT) computer system)*

* NOTE that the HIC does not need to notify the Commissioner if the stolen information was de-identified or properly encrypted.

PLEASE NOTE:

As of November 1, 2018, organizations subject to PIPEDA will be required to:

(a) report privacy breaches to the Office of the Privacy Commissioner of Canada and others in certain circumstances;
(b) notify affected individuals about those breaches;
(c) keep records of all privacy breaches.

Generally, this requirement only applies to RRTs working in private practice who are Health Information Custodians.

Professional Incorporation

The CRTO has processes in place to issue Certificates of Authorization for health profession corporations. RRTs who independently practice Respiratory Therapy are not currently required by the CRTO to do so through a health profession corporation.

More information on Professional Incorporation can be found on the CRTO website in the section entitled Guide to an Application for a Certificate of Authorization for Health Professional Corporations.

Fees and Billing

Not all services or equipment that a client in the community requires may be covered by OHIP. As a result RRTs, or their employers, may have to deal with fees, billing and payment for care that is covered by the client directly, or a third party payer such as the Assistive Devices Program (ADP) or private insurer. RTs should understand that money often changes individuals’ expectations regarding services being provided as they perceive themselves to be consumersⁱ. This shift alone can alter the power imbalance between health care provider and client, at least at the time money is changing hands. RRTs have a professional obligation to ensure that their business practices are transparent, ethical and not misleading to the publicⁱⁱ.

Communicating Fees and Billing to Clients

RRTs are expected to clearly and accurately inform clients of all required fees for products and services, ensuring that there are no hidden costs, prior to the initiation of careⁱⁱⁱ. Doing so will help avoid conflicts with clients as long as the information is communicated in a thoughtful manner, taking into consideration the broad spectrum of financial circumstances that clients bring. RRTs should be sensitive to the personal situations and ensure they convey that the client’s care and well-being are paramount.

Avoiding fee conflicts

The CRTO recommends that RRTs consider implementing a checklist or consent form that clients would sign, outlining fee schedules and clearly describing billing procedures including:

any penalties for missed or cancelled appointments,
late payment of fees,
the facility’s policy regarding the use of collection agencies to collect unpaid fees, and
third party fee payments (e.g., private insurers).

In addition to helping to guide you, or your employees’ discussions with clients, if there is a dispute later you will both have a record of the information communicated. RRTs are also expected to establish processes for detailing fee or billing discrepancies and errors in a timely manner. Making these processes transparent will further reduce conflicts.

Overcharging or Excessive Fees

Charging a fee that is excessive for the. services or equipment provided is a form of dishonesty. While there may not always be a fixed amount that an RRT must charge, or a maximum fee that can be charged, at some point a high fee becomes excessive. Similarly, requiring a client to purchase upgraded equipment or additional services without their prior knowledge or ability to opt out is unethical and unprofessional.

Offering Discounts

Actions that may be perceived to lessen the value of the professional, the profession or health care as a whole is not allowed. For example, the use of Groupon™ or other bulk-purchase websites is strictly prohibited⁹. It is permissible for an RRT to offer discounts for their services as longs as certain provisions are in place; discount advertisements must not state anything false or misleading, and the RRT must not try to recoup the discounted fee by raising fees for other services.

Offering a reduction in cost for prompt payment is not allowed as it gives preferential treatment to those who have the financial resources to take advantage of this discount, while essentially penalizing those who don’t have the means to. This does not prevent RRTs from being able to implement additional charges for late payments; the terms of late payment charges should be clearly outlined for clients in advance.

Payment Options

Respiratory Therapists should explain all payment options available to their clients. This includes explaining coverage through ADP and inquiring as to whether the client has private insurance coverage, and the limitations of that, if known. RRTs should be cognisant of clients who are financially vulnerable and communicate sensitively regarding billing.

Dealing with Third Party Payers

Many services and equipment required by clients of RTs will be covered by OHIP or, at least in part, by the ADP under the Ministry of Health and Long-Term Care. The balance of fees not paid directly by one of these two entities may be covered by private health insurance or may require payment directly from the client. Respiratory Therapists may not charge a higher fee for insured clients than those who pay directly. To do so would be considered dishonest, inappropriate and unprofessional.

RRTs should become familiar with the insurance requirements of their clients in order to ensure their billing or invoicing practices will result in the claim being processed. Billing to third-party payers must reflect a true account of services/equipment provided and collected by your practice

Professional Advertising

Professional advertising relates to any material that is used to promote an RRT’s professional practice.

RRTs can use various mediums for advertising their services such as:

business cards,

websites, and

newsletters (electronic or paper-based)

Regardless of the advertising method, there are some common considerations when advertising RT services.

An RRTs professional advertising must not:

contain false or misleading statements (e.g., stating that your services are “CRTO endorsed”);

it must not contain statements that cannot be verified (e.g., stating that your services are “the best in the region”);

demean another member of your own profession or another profession (e.g., stating that they “…provide superior home care services when compared to all other health care providers”);

advertise products and services that the RT does not have the competence to provide;

contain a name different than the name that the RT has registered with the CRTO (i.e., the public has to be able to find the RT on the public Register of Members on the CRTO website)

The RHPA grants regulatory Collegesthe authority to develop a regulation governing advertising. RTs in Ontario must adhere to all the advertising parameters set out in the CRTO Advertising Regulation. In addition, the performance requirements for RTsregarding advertising and marketing are articulated in the CRTO Standards of Practice (Standard 1 – Business Practice).

Business Ethics

Solicitation of Clients

Solicitation involves contacting individuals directly, either face-to-face, over the telephone or other direct means of communication, to encourage them to use an RRT’s services. Directly soliciting an individual to become a client is not permitted because it places the RRT’s personal interest above the interest of the patient.

The CRTO Advertising Regulation (s. 5) states that an RRT must not initiate contact with any persons for the purpose of soliciting business.

Testimonials

It is a conflict of interest to contact a client for personal testimonials. The CRTO Advertising Regulation [s.23(2)(e)] and the CRTO Standards of Practice states that RRTs must not include testimonials in their advertising. Therefore, RRTs are not allowed to use a testimonial by a patient, former client or by a friend/relative of a client/former client in any promotional material, regardless of the medium.

Example… If a client is asked for a testimonial, they may be concerned that refusing could negatively affect their relationship with the RT. This can also be true for former clients, who may feel uncomfortable in returning for treatment in the future.

How this Guide Links to the Professional Misconduct Regulation

1. BUSINESS PRACTICES

19. Submitting an account or charge for services that a member knows is false or misleading.

20. Charging a fee that is excessive in relation to the service rendered.

21. Failing to disclose the fee schedule or payment structure prior to delivery of services or failing to provide the patient or patient with sufficient time to refuse the treatment and arrange for alternative services.

22. Failing to itemize an account for fees charged by the member for professional services rendered,
i. if requested to do so by the patient or patient or the person or agency who is to pay, in whole or in part, for the services, or
ii. if the account includes a commercial laboratory fee.

23. Selling any debt owed to the member for professional services; this does not include the use of credit cards to pay for professional services.

i How changing patient expectations will impact your practice. http://practicemanagement.dentalproductsrepoRT.com/aRTicle/how-changing-patient-expectations-will-impact-your-practice?page=0,1 (July, 2018)

ii CRTO Standards of Practice, Standard 1 – Business Practices

iii Ibid.

How this Guide Links to the Advertising Regulation

(1) In this Part, an advertisement with respect to a member’s practice includes an advertisement for gases used for medical purposes, equipment, supplies or services that includes a reference to the member’s name.

(2) An advertisement with respect to a member’s practice must not contain,
(a) anything that is false or misleading;
(b) anything that, because of its nature, cannot be verified;
(c) a claim of expertise in any area of practice, or with respect to any procedure or treatment, unless the advertisement discloses the basis of the expertise;
(d) an endorsement other than an endorsement by an organization that is known to have expertise relevant to the subject-matter of the endorsement;
(e) a testimonial by a patient or patient or former patient or patient or by a friend or relative of a patient or patient or former patient or patient; or
(f) anything that promotes or is likely to promote excessive or unnecessary use of services.

(3) An advertisement must be readily comprehensible to the persons to whom it is directed.

(4) A member must not permit his or her name to be used in an advertisement that contravenes subsection (2) or (3).

(5) A member must not advertise by initiating contact, or causing or allowing any person to initiate contact, with potential patients or patients or their personal representatives either in person or by telephone, in an attempt to solicit business.

(6) Despite subsection (5), a member may advertise by initiating contact with a potential patient or a personal representative of a potential patient if the potential patient does not personally use or consume the gases, equipment, supplies or services that are the subject of the advertisement.

(7) A member must not appear in, or permit the use of his or her name in, an advertisement that implies, or could reasonably be interpreted to imply, that the professional expertise of the member is relevant to the subject-matter of the advertisement if it is not relevant. O. Reg. 596/94, s. 23.

Information and Privacy Commissioner of Ontario. (August 2015). Circle of Care Sharing Personal Health Information for Health-Care Purposes. Retrieved from https://www.ipc.on.ca/wp-content/uploads/Resources/circle-of-care.pdf
PHIPA [s. 40(1)].
Information and Privacy Commissioner of Ontario. (December 2004). A Guide to the Personal Health Information Protection Act. Retrieved from https://www.ipc.on.ca/wp-content/uploads/Resources/hguide-e.pdf
Personal Information Protection Act. (2004).
Oversight of Health Facilities and Devices Act has not been proclaimed, however is intended to replace the
Independent Health Facilities Act.
PHIPA [s.12(2)]
Information and Privacy Commissioner of Ontario. Disposing of Your Electronic Media
Information and Privacy Commissioner of Ontario. https://www.ipc.on.ca/health/breach-repoRTing-2/potential-consequences-of-a-breach-under-phipa/
CRTO Standards of Practice – Standard 1 – Business Practices.

Business Practices