New Canadian, U.S. Privacy Laws Affect Collection, Use and Disclosure of Client Information

A part of the Personal Information Protection and Electronic Documents Act (PIPEDA) that went into effect in Canada on Jan. 1, 2004, requires veterinarians to appoint information officers within their clinics and publish their privacy policies. It has been in effect for the federally-regulated sector (banks, telecommunications and transportation) since Jan. 1, 2001, and affects all personal information about customers and employees that is sold across provincial or territorial boundaries by any organization.

Before the law was enacted, Canadian veterinarians could not disclose confidential information about their clients. Now Canada will regulate the collection and use of client information as well, said Douglas Jack, LLB, who specializes in veterinary law. In Canada, the Office of the Privacy Commissioner handles implementation of the law, though it is a complaint-driven office, said a representative from that office. The commissioner describes PIPEDA as “part of a broader international movement to give individuals better control over their personal information in the hands of business.”

Despite media reports, which “caused veterinarians to overreact to the law,” Jack said, “I don’t think [Canadian] veterinarians will have to change the way they do business very much at all. Veterinarians have always been held to high standards, but they will have to change certain things in order to comply with the law.”

In addition to appointing an information officer, who would manage the collection, use and dissemination of information in a clinic, veterinarians must establish privacy protocols to explain why they collect information, how they will use it and what safeguards they have to protect the information, Jack said. Clinics will have to be able to publish the policy when clients request it, Jack said. Internal publication of the policy is all that is required, he added. 

“There is an increased administrative requirement to develop the policies and procedures required to comply with the legislation,” said Ed Empringham, DVM, director of professional enhancement and member communication for The College of Veterinarians of Ontario. “With this comes increased time spent with clients and increased staff training time.”

This privacy law also applies to U.S. companies operating in Canada. And in the U.S., seven states (including Georgia, Kansas, Mississippi, Illinois, Texas and Oklahoma) have passed privacy or confidentiality statutes for veterinary-patient relationships. The Canadian act was intended to safeguard client information such as addresses, telephone numbers and financial information, Jack said. “It’s arguable that the medical history of an animal would be covered,” he added.

In comparison, several states have passed statutes and regulations that pertain to the confidentiality of animal medical records. And 18 state veterinary medical boards have passed regulations that require veterinarians to maintain patient confidentiality, said Gregory Dennis, JD, immediate past president of the American Veterinary Medical Law Association.

And many of those laws were initiated by veterinarians, Dennis said. In Kansas, veterinarians initiated a statute to prevent animal wardens from arbitrarily reviewing vaccine records, he said. Dennis advises veterinarians to alert clients whenever a third party requests animal medical records. Wrongful disclosure of medical records, he said, can be grounds for disciplinary action by veterinary medical boards.

Some people have likened these new privacy protections for companion animals to those given to humans in the Health Insurance Portability and Accountability Act. Others argue that pets are property and do not have a right to privacy. Both perspectives were represented in a recent Associated Press article.

NEWStat Legislation & regulation