Close

Business Practices

Business Practices

 

Providing care in the community, as opposed to a hospital, brings the business side of healthcare much closer to RT practice. The CRTO Standards of Practice states that “RTs must only engage in business practices that are transparent, ethical, and not misleading to the public.” Privacy and confidentiality, security of Personal Health Information (PHI) and ethical, evidenced-informed care are essential in all healthcare settings. However, providing RT services in the community may necessitate that other concerns such things as billing and advertising also be taken into consideration.  This section on business practices endeavors to clarify how these and other aspects need to be managed in community RT practice.

Privacy and Confidentiality

Federal and provincial legislation protects patients’ rights to privacy and confidentiality of their PHI. Therefore, RTs have a legal obligation, as well as a professional and ethical obligation, to ensure that their patients’ PHI remains secure and confidential. The following two agencies have been tasked with enforcing this legislation:

9
1. Office of the Privacy Commissioner of Canada

The mission of the Office of the Privacy Commissioner of Canada (OPC) is to protect and promote privacy rights of individuals by enforcing compliance with  The Personal Information Protection and Electronic Documents Act (PIPEDA). This legislation aims to protect the private sector data of Canadians and gives an individual the right to lodge a complaint with the Privacy Commissioner of Canada about any alleged mishandling of their personal information.

9
2. Information and Privacy Commissioner of Ontario

The Information and Privacy Commissioner of Ontario provides oversight of Ontario’s access and privacy laws, which establish the rules for how Ontario’s public institutions and health care providers may collect, use, and disclose personal information. The Personal Health Information Protection Act (PHIPA) is enforced by the Information and Privacy Commissioner of Ontario and apples to almost all RTs, regardless of where they practice.

Personal Health Information (PHI)

Subject to certain exceptions set out in PHIPA, PHI refers to information about an
individual in oral or recorded form that relates to the:
9

physical or mental health of an individual;

9

provision of health care to the individual;

9

individual’s health card number; or

9

identification of the individual’s substitute decision-maker (if applicable).

Circle of Care

The term “circle of care” is not defined in PHIPA. However, the Information and Privacy Commissioner of Ontario states that it is “a term commonly used to describe the ability of certain health information custodians to assume an individual’s implied consent to collect, use or disclose personal health information for the purpose of providing health care, in circumstances defined in PHIPA”1. The circle of care includes the health care providers who require specific medical information in order to provide care to a particular patient. In most situations, these health care providers may rely on the implied consent of a client to share medical information within the circle of care.

Consent by a client to share information with providers in the circle of care is generally implied. Therefore, a client who accepts a referral to another health care provider implies consent for sharing relevant information.

If a client cannot provide consent, then a Substitute Decision-Maker (SDM) becomes part of the circle of care, and can provide consent on the client’s behalf to allow PHI to be shared within the circle of care.

Expressed consent is required to share information with non-custodians outside the circle of care (e.g., family members who are not a guardian or SDM, police, insurance, etc.).

Example… A physician orders home oxygen for a client and the client agrees with the physician’s plan of care. This means that the client has given implied consent for the RT(s) who will be providing their oxygen to be part of the circle of care. The RT(s) is, therefore, permitted to access the client’s PHI and share that information within the circle of care.

Sharing PHI Outside the Circle of Care

As outlined previously, RTs have a legal and professional obligation to maintain the confidentiality of a patient’s PHI. There are circumstances, however, where health care professionals are either required or permitted to report particular events or clinical conditions to the appropriate government or regulatory agency. In Canada, provincial, territorial and federal statutory requirements mandate that health care providers report to the appropriate agencies when certain conditions apply. RTs who work in the community, particularly those who have established an independent practice, need to be aware of the relevant mandatory reporting requirements. Some examples of circumstances where information either must or can be shared outside the circle of care include:

9
A Child in Need of Protection

The Ontario Child, Youth and Family Services Act stipulates that it is the law to report suspected child abuse or neglect. Therefore, if an RT has reasonable grounds to suspect that a child is or may be in need of protection, they must report it to their local Children’s Aid Society (CAS). It is not necessary to be certain a child is or may be in need of protection to make a report to a CAS, and an RRT must not rely on anyone else to report on their behalf. Any healthcare professional who fails to report a suspicion is liable on conviction to a fine of up to $5,000, if they obtained the information in the course of their professional duties.

9
Concerns about a Client’s Fitness to Operate a Motor Vehicle

The Ontario Child, Youth and Family Services Act stipulates that it is the law to report suspected child abuse or neglect. Therefore, if an RT has reasonable grounds to suspect that a child is or may be in need of protection, they must report it to their local Children’s Aid Society (CAS). It is not necessary to be certain a child is or may be in need of protection to make a report to a CAS, and an RT must not rely on anyone else to report on their behalf. Any healthcare professional who fails to report a suspicion is liable on conviction to a fine of up to $5,000, if they obtained the information in the course of their professional duties.

9
Clients with Certain Communicable Diseases

Under the authority of the Health Protection and Promotion Act (HPPA), (O.Reg 135/18, s.25)), a specified list of diseases must be reported to the local Public Health Unit by certain healthcare professionals. The following are examples of communicable diseases that must be reported to the local Medical Officer of Health:

  • Chickenpox (Varicella)
  • Measles
  • Meningitis
  • Novel Influenza Viruses

 

RTs are not one of the practitioners listed in HPPA who have a legal duty to report disease. However, because such reports are in the public interest, RTs are encouraged to communicate any concerns of a communicable disease to the client’s primary care physician/nurse practitioner. The complete list of reportable communicable diseases is available from each local Public Health Unit.

In addition, HPPA (s.38) now requires all healthcare professionals (including RTs) who provide immunizations to report Adverse Event Following Immunization Report (AEFIs) to the medical officer of health of the health unit where the immunization took place.

9
Disclosures Related to Risks

PHIPA permits Health Information Custodians (HICs) to disclose confidential personal health information to relevant authorities “if the custodian believes on reasonable grounds that the disclosure is necessary for the purpose of eliminating or reducing a significant risk of serious bodily harm to a person or group of persons”².

Security of Personal Health Information

Unique challenges to the privacy and confidentiality of PHI can arise in a community care setting, particularly when PHI is being transported to and communicated in an unsecure location. The risk of information being lost or stolen is greater when it is being taken out of a more secure location (e.g., a home care company office) to an outpatient clinic or client’s home. In addition, sharing PHI in a less secure location runs a greater risk of disclosing sensitive information to individuals who are outside the circle of care (e.g., relatives, neighbours).

Information Privacy and Access Legislation

The specific legislation that applies to RTs depends, to some degree, on the practice setting and the nature of the RT services being provided. Relevant legislation to community RT practice may include the:

9

Freedom of Information and Protection of Privacy Act

9

Personal Information Protection Act

9

Personal Information Protection and Electronic Documents Act

9
Freedom of Information and Protection of Privacy Act (FIPPA)

FIPPA applies to most provincial agencies, Ontario Health atHome  and public hospitals. It gives individuals in Ontario access to government health information, including general records and records containing their own personal information. If an individual feels their privacy has been compromised by a public institution governed by the Act, they may lodge a complaint to the Information and Privacy Commissioner of Ontario (IPC) who may investigate the complaint.

9
Personal Health Information Protection Act (PHIPA)

PHIPA establishes the rules in relation to the collection, use and disclosure of PHI. These rules apply to all HICs and to individuals and organizations that receive PHI on behalf of the HIC (Agents of HICs) . The Act defines HIC and Agents of HICs as follows:

9
Health Information Custodian

A HIC is the person or organization who has custody of PHI on behalf of clients, such as:

9

Health Care Practitioners who operate a health care practice

  • Includes anyone who provides health care services for payment, regardless of whether or not the services are publicly funded. PHIPA defines “health care” as any assessment, care, service or procedure that is done for a health-related purpose.
9

Community Health Facility

  • Includes diagnostic facilities (e.g., sleep studies, pulmonary function testing) and surgical/therapeutic facilities (e.g., anaesthetic services for out-of-hospital surgical procedures).
9

Service Providers who provide a community service (as defined by the Home Care and Community Services Act)

  • Includes long term care homes, retirement homes or homes for special care HICs are responsible for implementing and following information practices that comply with PHIPA.

HICs are responsible for implementing and following information practices that comply with PHIPA.

Example… If an RT is working independently (e.g., is a sole practitioner; has established their own company), they are considered to be the HIC. This means that the RT is responsible for setting the privacy standards for handling and securing PHI in their organization and for making sure that any agents of the HIC working for them understand what is expected of them.

9
Agents of Health Information Custodians (HIC)

An agent of a HIC includes anyone who is authorized by the HIC to provide services on behalf of the custodian with respect to PHI. Examples include:

9
Employees of the health information custodian
9
Volunteers or students who have any access to personal health information

All client medical records must be stored securely to ensure the integrity and confidentiality of their PHI. Paper records must be stored in:

9

Restricted access areas; and/or

9

Locked filing cabinets

Example…If an RT is working as an employee for an organization (e.g., home care company, FHT), they are considered to be an “agent of the HIC”. This means that the RRT must comply with the PHIPA policies put in place by the HIC (their employer).

Retention of Electronic

Electronic Medical Records (EMR) must be backed-up on a routine basis and back-up copies stored in a physically secure environment separate from where the original data is normally stored. All PHI contained on an EMR, external storage media, or a mobile device must be strongly encrypted. Various enterprise solutions (e.g., patient portals) can provide encryption, and an increasing number of encryption applications are available for use on personal devices such as smartphones. RTs considering using unsecured or unencrypted email or text messaging should do so only for information that does not include identifiable personal health information (e.g., scheduling, reminders).

Under PHIPA, if a HIC is in the custody of a client’s PHI that is lost, stolen or used or disclosed without proper authority, the HIC must notify the individual at the first reasonable opportunity.

9
Transfer of PHI

A HIC may transfer a client’s PHI records to the custodian’s successor, provided the HIC makes reasonable efforts to give notice to the patient(s) before transferring the records or, if that is not reasonably possible, as soon as possible after transferring the records.

9
Disposal of PHI

RTs who are a HIC have a legal requirement to retain client’s PHI for the following time periods:

9

Adult clients: records must be kept for 10 years from the date of the last
entry in the record.

9

Clients who are children: records must be kept until 10 years after the day on which the client reached or would have reached the age of 18 years.

If an RT ceases to practise or act in the capacity of a HIC, the PHI must be retained for the periods outlined above unless complete custody and control of the records are transferred to the custodian’s successor.

When the obligation to retain medical records outlined above comes to an end, the PHI may be destroyed, provided that this occurs in a manner that is in keeping with the obligation of maintaining confidentiality and requirements of PHIPA.

Disposal of Electronic Medical Records (EMRs)

There are basically two ways to securely destroy digital information:

9

Physically destroy the storage media; and

9

Overwrite the information stored on the media

The best method to securely destroy personal information will vary depending on the type of media (e.g., hard drives, USB flash drives). Note that some devices, such as printers, fax machines, and smart phones, may contain multiple types of storage media, with each type requiring a different information destruction method.

9
Personal Information Protection and Electronic Documents
Act (PIPEDA)

The Office of the Privacy Commissioner of Canada oversees compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), which is federal legislation relating to data privacy in the private sector. Therefore, PIPEDA generally only applies to RTs working in private practice.

Privacy Breaches

A privacy breach involves the improper or unauthorized collection, use, disclosure, retention or disposal of personal information. A privacy breach may occur within an institution or off-site and may be the result of inadvertent errors or malicious actions by employees, third parties, partners in information-sharing agreements or intruders.

Regardless of the nature of the breach, they must be reported by the HICs to the Information and Privacy Commissioner of Ontario. No actual harm has to have happened to the client as a result of the breach for reporting to be required. 

RTs are subject to prosecution for breaches of PHIPA. An RT found guilty of committing an offence under PHIPA can be liable for a fine of up to $50,000, while an organization/institution can be liable for a fine of up to $500,000.

Privacy breeches can occur in a number of different ways.

9

unguarded conversations;

9

lost/misdirected documents (e.g., a client’s file being left on public transit, PHI being sent to the wrong patient);

9

use or disclosure without authority (i.e., accessed by someone who is outside of the circle of care); or

9

stolen information (e.g., paper records or laptop being taken from the RT’s car; ransomware or other malware attack on a Family Health Team’s (FHT) computer system)*.

* NOTE that the HIC does not need to notify the Commissioner if the stolen information was de-identified or properly encrypted.

Professional Incorporation

The CRTO has processes in place to issue Certificates of Authorization for health profession corporations. RTs who independently practice Respiratory Therapy are not currently required by the CRTO to do so through a health profession corporation.

More information on Professional Incorporation can be found on the CRTO website in the section entitled Guide to an Application for a Certificate of Authorization for Health Professional Corporations.

Fees and Billing

Not all services or equipment that a client in the community requires may be covered by OHIP. As a result, RTs, or their employers, may have to deal with fees, billing and payment for care that is covered by the client directly, or a third-party payer such as the Assistive Devices Program (ADP) or private insurer. RTs should understand that money often changes individuals’ expectations regarding services being provided as they perceive themselves to be consumersⁱ. This shift alone can alter the power imbalance between health care provider and client, at least at the time money is changing hands. RTs have a professional obligation to ensure that their business practices are transparent, ethical and not misleading to the publicⁱⁱ.

9
Communicating Fees and Billing to Clients

More information on Professional Incorporation can be found on the CRTO website in the section entitled Guide to an Application for a Certificate of Authorization for Health Professional Corporationsⁱⁱⁱ. 

Avoiding fee conflicts

The CRTO recommends that RTs consider implementing a checklist or consent form that clients would sign, outlining fee schedules and clearly describing billing procedures including:

  • any penalties for missed or cancelled appointments;
  • late payment of fees;
  • the facility’s policy regarding the use of collection agencies to collect unpaid fees; and
  • third party fee payments (e.g., private insurers).

In addition to helping to guide you, or your employees’ discussions with clients, if there is a dispute later you will both have a record of the information communicated. RRTs are also expected to establish processes for detailing fee or billing discrepancies and errors in a timely manner. Making these processes transparent will further reduce conflicts.

9
Overcharging or Excessive Fees

Charging a fee that is excessive for the services or equipment provided is a form of dishonesty.  Similarly, requiring a patient/client to purchase upgraded equipment or additional services without their prior knowledge or ability to opt out is unethical and unprofessional.

9
Offering Discounts

Actions that may be perceived to lessen the value of the professional, the profession or health care as a whole is not allowed.  It is permissible for an RT to offer discounts for their services as longs as certain provisions are in place; discount advertisements must not state anything false or misleading, and the RT must not try to recoup the discounted fee by raising fees for other services.

Offering a reduction in cost for prompt payment is not allowed as it gives preferential treatment to those who have the financial resources to take advantage of this discount, while essentially penalizing those who don’t have the means to. This does not prevent RRTs from being able to implement additional charges for late payments; the terms of late payment charges should be clearly outlined for clients in advance.

9
Payment Options

Respiratory Therapists should explain all payment options available to their clients. This includes explaining coverage through ADP and inquiring as to whether the client has private insurance coverage, and the limitations of that, if known. RRTs should be cognisant of clients who are financially vulnerable and communicate sensitively regarding billing.

9
Dealing with Third Party Payers

Many services and equipment required by clients of RTs will be covered by OHIP or, at least in part, by the ADP under the Ministry of Health. The balance of fees not paid directly by one of these two entities may be covered by private health insurance or may require payment directly from the client. Respiratory Therapists may not charge a higher fee for insured clients than those who pay directly.

RTs should become familiar with the insurance requirements of their clients in order to ensure their billing or invoicing practices will result in the claim being processed. Billing to third-party payers must reflect a true account of services/equipment provided and collected by your practice

 

 

 

Professional Advertising

Professional advertising relates to any material that is used to promote an RRT’s professional practice.

Regardless of the advertising method, there are some common considerations when advertising RT services.

An RTs professional advertising must not:

9

contain false or misleading statements (e.g., stating that your services are “CRTO endorsed”);

9

it must not contain statements that cannot be verified (e.g., stating that your services are “the best in the region”);

9

demean another member of your own profession or another profession (e.g., stating that they “…provide superior home care services when compared to all other health care providers”);

9

advertise products and services that the RT does not have the competence to provide; and

9

contain a name different than the name that the RT has registered with the CRTO (i.e., the public must be able to find the RT on the public Register of Members on the CRTO website)

The RHPA grants regulatory Collegesthe authority to develop a regulation governing advertising. RTs in Ontario must adhere to all the advertising parameters set out in the CRTO Advertising Regulation. In addition, the performance requirements for RTsregarding advertising and marketing are articulated in the CRTO Standards of Practice (Standard 1 – Business Practice).

Business Ethics

9
Solicitation of Patients

Solicitation involves contacting individuals directly to encourage them to use an RT’s services and is not permitted. The CRTO Advertising Regulation (s. 5) states that an RT must not initiate contact with any persons for the purpose of soliciting business.

9
Testimonials

It is a conflict of interest to contact a patient/client for personal testimonials. The CRTO Advertising Regulation [s.23(2)(e)] and the CRTO Standards of Practice states that RTs must not include patient/client or patient/client family/friends testimonials in their advertising.

Example… If a client is asked for a testimonial, they may be concerned that refusing could negatively affect their relationship with the RT. This can also be true for former clients, who may feel uncomfortable in returning for treatment in the future.

How this Guide Links to the Professional Misconduct Regulation

1. BUSINESS PRACTICES

19. Submitting an account or charge for services that a member knows is false or misleading.

20. Charging a fee that is excessive in relation to the service rendered.

21. Failing to disclose the fee schedule or payment structure prior to delivery of services or failing to provide the patient or patient with sufficient time to refuse the treatment and arrange for alternative services.

22. Failing to itemize an account for fees charged by the member for professional services rendered,
i. if requested to do so by the patient or patient or the person or agency who is to pay, in whole or in part, for the services, or
ii. if the account includes a commercial laboratory fee.

23. Selling any debt owed to the member for professional services; this does not include the use of credit cards to pay for professional services.

i How changing patient expectations will impact your practice. http://practicemanagement.dentalproductsrepoRT.com/aRTicle/how-changing-patient-expectations-will-impact-your-practice?page=0,1 (July, 2018)

ii CRTO Standards of Practice, Standard 1 – Business Practices

iii Ibid.

How this Guide Links to the Advertising Regulation

(1) In this Part, an advertisement with respect to a member’s practice includes an advertisement for gases used for medical purposes, equipment, supplies or services that includes a reference to the member’s name.

(2) An advertisement with respect to a member’s practice must not contain,
(a) anything that is false or misleading;
(b) anything that, because of its nature, cannot be verified;
(c) a claim of expertise in any area of practice, or with respect to any procedure or treatment, unless the advertisement discloses the basis of the expertise;
(d) an endorsement other than an endorsement by an organization that is known to have expertise relevant to the subject-matter of the endorsement;
(e) a testimonial by a patient or patient or former patient or patient or by a friend or relative of a patient or patient or former patient or patient; or
(f) anything that promotes or is likely to promote excessive or unnecessary use of services.

(3) An advertisement must be readily comprehensible to the persons to whom it is directed.

(4) A member must not permit his or her name to be used in an advertisement that contravenes subsection (2) or (3).

(5) A member must not advertise by initiating contact, or causing or allowing any person to initiate contact, with potential patients or patients or their personal representatives either in person or by telephone, in an attempt to solicit business.

(6) Despite subsection (5), a member may advertise by initiating contact with a potential patient or a personal representative of a potential patient if the potential patient does not personally use or consume the gases, equipment, supplies or services that are the subject of the advertisement.

(7) A member must not appear in, or permit the use of his or her name in, an advertisement that implies, or could reasonably be interpreted to imply, that the professional expertise of the member is relevant to the subject-matter of the advertisement if it is not relevant. O. Reg. 596/94, s. 23.

FOOTNOTES

  1. Information and Privacy Commissioner of Ontario. (August 2015). Circle of Care Sharing Personal Health Information for Health-Care Purposes. Retrieved from https://www.ipc.on.ca/wp-content/uploads/Resources/circle-of-care.pdf

  2. PHIPA [s. 40(1)].

  3. Information and Privacy Commissioner of Ontario. (December 2004). A Guide to the Personal Health Information Protection Act. Retrieved from https://www.ipc.on.ca/wp-content/uploads/Resources/hguide-e.pdf

  4. Personal Information Protection Act. (2004).

  5. Oversight of Health Facilities and Devices Act has not been proclaimed, however is intended to replace the
    Independent Health Facilities Act.

  6. PHIPA [s.12(2)]

  7. Information and Privacy Commissioner of Ontario. Disposing of Your Electronic Media

  8. Information and Privacy Commissioner of Ontario. https://www.ipc.on.ca/health/breach-repoRTing-2/potential-consequences-of-a-breach-under-phipa/

  9. CRTO Standards of Practice – Standard 1 – Business Practices.