Data sharing for Ontario Health Teams
The provision of health care in Ontario is moving toward the Ontario Health Team model. Under this model, the full continuum of health care in a local area will be aligned within a single “integrated care delivery system” or “ICDS”. The ICDS, or as it is more commonly referred to, Ontario Health Team (“OHT”), is intended to encompass the spectrum of providers from the primary (doctors) and acute care (hospitals) to the community (LHINs, home care providers) and long-term care.
Health care integration – data sharing requirements
Guidance provided by the Ministry of Health emphasizes that adoption of technology tools enabling seamless integration of patient health information will be key to the OHT model. Integration of care and patient information implies data sharing among the members of an OHT. However, it is clear that data sharing with health care providers outside of the OHT, including with other OHTs, will be part of the broader system. More importantly, access to existing provincial and regional provider-facing tools and infrastructure services – which the Ministry is encouraging OHTs to utilize as part of their digitization strategies – will require data sharing between these services and an OHT.
These required data sharing relationships point up important questions – of the structure, or legal form, of an OHT, the legal relationships between theDYL Compliance Bulletin September 2021 OHT and its members, and the legal relationships with external entities including other OHTs and provider-facing resources.
It is clear that irrespective of the structure of an OHT, each health care provider member will continue to be subject to the Personal Health Information Protection Act, 2004 (PHIPA), as a “health information custodian” (or “HIC”). Each such member must ensure that the personal health information (PHI) of its patients is used and shared in accordance with patient consent, is protected with reasonable security provisions, and can be accessed by patients – all in accordance with the PHIPA requirements. Such compliance requirement dictates that OHT members must have in place appropriate legal frameworks for data sharing.
Data sharing among an OHT’s members may be established in a fairly straightforward manner – for example, by way of an agreement or rules framework adopted by all members. This agreement or framework may be encompassed within the OHT’s operating and governance documentation. However data sharing with other OHTs and with external provider-facing resources likely will be more complicated. Further complications will result in the event that data sharing is envisaged between members and their OHT.
Data sharing both internal and external to an OHT, assuming that it will be through an electronic network, will require compliance with PHIPA’s health information network provider (HINP) rules. These rules require agreements between the HINP providing the network and the HICs within the network. In simple terms, all HICs within an OHT network must be parties to a HINP agreement. Furthermore, any two-way data sharing with a provincial or regional provider-facing tool will require a HINP agreement between the OHT, or its members, and the provider of the tool.
How will OHTs structure their interactions with external entities – such as other OHTs, other health care providers outside of their system, and existing provider-facing tools and infrastructure services?
Most importantly, will OHTs interact with external parties as a single entity or will their members be required to interact individually with external parties? In essence, will an OHT operate as a single legal entity or as a collective initiative of its members, each operating as a separate organization?
What will be the legal form and PHIPA status of OHTs?
While the Ministry has provided guidance regarding the functional operations of OHTs, it has not provided insight as to the legal form that they may take.
PHIPA has been amended to provide for certain data sharing activities contemplated for OHTs. Specifically, amendments adopted in December 2019 permit the government to prescribe the circumstances when PHI may be collected, used or shared by an OHT and when persons may disclose PHI to an OHT. These amendments imply that there will be an OHT legal entity that is authorized to collect, use and disclose PHI. However it is not clear what form that entity may take, or the health care-related functions, as distinct from its members, that the OHT will carry out. Of note, it is unclear whether any of the OHTs approved to date by the Ministry are incorporated.
By the recent amendments to PHIPA circumstances may be stipulated for PHI to be collected, used or shared by an OHT. However, in the absence of an incorporated entity, it is difficult to envisage how provision for an OHT to collect, use or disclose PHI would work, unless it is intended that any such collection, use or disclosure is to be conducted by each of the members directly.
Furthermore, having an incorporated OHT entity to enter into an OHT’s required data sharing relationships would be the most straightforward approach. As noted, the OHT – or its members – will need to formalize data sharing relationships with other OHTs (or their members), the OHT’s service providers (such as HINPs), and external provider-facing tools and databases. If the OHT can interact through a single, incorporated, entity, documenting such relationships will be significantly simpler than requiring individual agreements with all OHT members.
The unincorporated OHT
Clearly, OHTs are intended to encompass within their membership a range of health care provider entities including, potentially, individual medical practitioners, as well as persons or organizations that are not “HICs” under PHIPA. The statutory language providing for the designation of OHTs suggests that an OHT could constitute a “group of persons or entities”.  However a group organized for non-business purposes is not a legal entity unless it is incorporated.
An OHT that is formed as a group but is not incorporated poses questions regarding the PHIPA responsibilities of its members as distinct from the OHT. As noted, the members of an OHT continue to be subject to PHIPA. The PHIPA amendments indicate that they may disclose PHI to the OHT. However if the OHT is not incorporated, to whom are they disclosing the PHI? Notionally, they could disclose PHI to all other OHT members who could be characterized as forming the group. However, unless the purpose of the disclosure is for a reason other than health care of a patient, the PHIPA amendments would not be required.
It may be possible to structure external data sharing and provider-facing relationships for an unincorporated group through an agency framework in which a designated legal entity – for example an OHT member, or possibly an OHT service provider – is authorized to enter into these relationships on behalf OHT members. The framework would involve the members granting legal “agent” authority for the designated entity to act on their behalf, in relation to entering into appropriate agreements to document the OHT’s external data sharing relationships. However in this unincorporated OHT model, these relationships remain, from a legal liability perspective, with the members individually, not with any separate OHT entity, even though the “agent” would be the party entering into the external-facing agreements.
Designation as a single custodian
A possible structure for an OHT is provided by the PHIPA provision enabling the Minister of Health to designate two or more HICs to act as a single custodian. The Ministry has pointed to this provision in its guidance regarding privacy compliance for OHTs.  However it is difficult to envisage how a group could constitute a single custodian on behalf of an OHT’s members unless it is incorporated. While it might be possible for a small number of HICs act in this manner, with appropriate legal arrangements providing for the PHI that the single custodian is responsible for, it is much more difficult to contemplate how an unincorporated OHT with as many as 60 members could operate efficiently and with clarity as to their respective responsibilities for PHI and PHIPA compliance.
A further question is whether an OHT would qualify as a provider of health care and therefore be a HIC, subject to all the requirements of PHIPA. The PHIPA amendments suggest that HIC status may not be contemplated. If an OHT were a HIC it would have implied consent to provide care within the “circle of care” and the proposed authorizations likely would not be required. If the single custodian model were adopted, the OHT would be a HIC with respect to the functions provided for in the Minister’s order.
Alignment of databases
The Ministry’s draft guidance emphasizes the objective of aligning OHT technology specifications.  However the guidance does not appear to set as an objective the alignment, or rationalization, of databases. Typically, the service provider/HINP hosts (and provides) the electronic medical record (EMR) database for the HIC network that it serves. While the Ministry’s guidance addresses the need for OHT technology to be inter-operative – understood to mean that OHT data systems can “talk” to each other – it appears to assume that at least on an initial basis each OHT will be served by its own EMR system/network, and therefore, potentially by different HINPs. On this basis, the OHT model, province-wide, may contemplate as many as 70 or more separate EMR systems.
The potential proliferation of OHT databases and their need to interact with each other will be complicated by the need for OHTs to interact with provincial and regional provider-facing tools, which for the most part are supported by separate service provider/HINP databases.
Ontario’s planned integration of health care services within Ontario Health Teams poses the question of how the members of an OHT will interact with each other and with entities external to the OHT. In particular, how will they formalize their sharing of personal health information, necessary to enable the continuum of care that the Ministry of Health’s alignment of care objective implies? Clearly, an OHT will involve data sharing – both among its members and with external parties. However, in order to formalize these relationships, issues regarding the structure and the PHIPA status of the OHT must be resolved. Furthermore, even if streamlining of the OHT structure is adopted by, for example, requiring incorporation of OHTs, at least in the near term formalizing these relationships is likely to involve a significant level of contract documentation both among OHTs and with external provider-facing tools and databases.
For more information please contact:
David Young 416-968-6286 firstname.lastname@example.org
Note: The foregoing does not constitute legal advice. Readers are cautioned that for application to specific situations, legal advice should be obtained.
© David Young Law 2020
 The Connecting Care Act, 2019, under which this integration will proceed, gives the Minister the authority to designate “a person or entity, or group of persons or entities”, as an ICDS, if it has the ability to deliver at least three categories of services, which in addition to those noted, may include mental health, addiction, palliative care and any other services prescribed by regulation.
 The guidance document, Ontario Health Teams: Guidance for Health Care Providers and Organizations, indicates that, at maturity, all OHTs will be expected to have the capability to digitally and securely share information necessary to providing coordinated care.
 The Ministry’s Ontario Health Teams: Digital Health Playbook (August 2019) contains a compendium of these “digital health assets” in a section titled “Digital Health Service Catalogue”. Examples include the Connecting Ontario and Clinical Connect clinical viewers, Ontario Health (Shared Services)’s CHRIS system, and the Novari and Ocean eReferral/eRequest solutions.
 O. Reg. 329/04
 Schedule 30 to Bill 138, the Plan to Build Ontario Together Act, 2019 (budget implementation act).
 Assuming that the ultimate authority for a HIC member to collect, use and disclose PHI for purposes of providing care within the OHT will result from being within a circle of care, any such authority to act directly with respect to PHI would exist already.
 The Ontario Information and Privacy Commissioner, in comments to the Ministry regarding the Bill 138 amendments to PHIPA, indicated his concern regarding any provision permitting PHI to be collected by a non-HIC member of an OHT (thus rendering it outside of the PHIPA protections). The Commissioner recommended that any such provision for collection of PHI by an OHT should be limited to its HIC members. No such limitation was adopted in the final form of the amendments to PHIPA.
 Subs. 29(1), Connecting Care Act, 2019.
 An unincorporated group (or “association” as it is sometimes referred to) is essentially a collective of all its members, who are directly responsible for the group’s liabilities and have an undivided interest in all of its assets. By contrast, a for-profit group of persons or entities may be a partnership which has certain legal status separate from its members although the direct liability and asset ownership rules are similar to those for a group.
 Distinct from “PHIPA agent” authority although the entity also may serve in that, more restrictive, role (PHIPA, s. 17).
 One aspect of an “agency” framework is that it likely could not serve as the vehicle for authorizing an OHT to collect, use and disclose PHI, as proposed by the PHIPA amendments. The “agent” entity would not have any separate legal status or responsibility under PHIPA, distinct from the OHT’s members on whose behalf it acts. As noted above, if the OHT is not incorporated, the likely characterization of any such authorization would need to relate directly to the members themselves as opposed to their “OHT agent” entity.
 PHIPA, subs. 3(7).
 Digital Health Policy Guidance Document.
 It is not clear whether there is any initiative to align, or consolidate, HINPs that provide OHT networks. A consolidation of networks provided by a single HINP would enable a unified database for all participating OHTs and a streamlining of the HINP agreement requirement. It would facilitate data sharing between OHTs since even though notionally each OHT would have its own distinct network, within the unified database, communications between networks should be straightforward.