Complaint
An individual requested a copy of their ultrasound and were told that they could only access the information through the PocketHealth app. When they logged into the app, they were prompted to sign up for a recurring payment of roughly $50 per year. The individual had concerns with this fee and the fact that the app contained their medical imaging information dating back to 2014.
Investigation
Our office investigated whether the Custodian’s use of PocketHealth complied with the Health Information Privacy and Management Act (HIPMA) regarding disclosure of personal health information (PHI) to a third-party vendor and the fees being charged to access the records.
Decision
We found that the Custodian met its obligations regarding disclosure of PHI to PocketHealth, including an information manager agreement with the vendor. Also, the app provides individuals with three options to access their PHI, including a free option that allows records to be downloaded to a computer.
However, the Custodian was non-compliant regarding access to PHI because they only provided one option for the patient to access their information. The HIPMA requires that custodians provide individuals access to their own PHI and there should be an option that doesn’t require going through a digital third-party vendor— not everyone has a computer or a smart phone.
Recommendations
Accepted. The Custodian accepted our recommendation to respond to access requests for medical images by providing either a printed copy or, upon request, on-site via a digital terminal. As well, the Custodian agreed to train medical imaging staff to advise patients that in addition to accessing their records via PocketHealth, they may also make a written request for their records in accordance with HIPMA.