a hand holding a guitar



Quality of Care Information Protection Act Toolkits

On July 1, 2017, the Quality of Care Information Protection Act, 2004 ("QCIPA 2004") was repealed and replaced by the Quality of Care Information Protection Act, 2016 ("QCIPA 2016"). This followed a review of QCIPA 2004 by a committee established by the Minister of Health which delivered a report recommending changes to the legislation.1 QCIPA 2016 continues the protections of QCIPA 2004, allowing for confidential quality of care reviews with key changes to how critical incidents are to be reviewed and disclosed to patients and their substitute decision-makers.


QCIPA 2004 was originally enacted to provide protection from disclosure in legal proceedings for certain types of quality of care review information. This statutory protection was similar to protections in other provincial legislation. The Act was designed to encourage health care professionals to share information and have open discussions about improving the quality of health care within an environment that protected the discussions and prevented them from being used in legal proceedings against the health care professional or institution.

Over time, there was criticism about the use of QCIPA 2004. There was concern that it was being used to prevent patients and families from being fully informed about what had happened and what went wrong in their care. There was also a feeling that it was being used inconsistently in hospitals and that there were no standards on when and how the protections were to be invoked.

As a result, in 2014, the Minister of Health established a QCIPA review committee to review the current practice in the interpretation and implementation of QCIPA and to advise the Minister on potential improvements. The review committee's report recommended that a modified version of the legislation should be retained to continue to allow for protected reviews, but also to mandate disclosure of the results of investigations into critical incidents so that patients and families are appropriately informed. These recommendations led to the enactment of QCIPA 2016 by the legislature.

QCIPA 2016

The new legislation came into force on July 1, 2017. Complementary amendments were also made to the Hospital Management Regulation under the Public Hospitals Act ("PHA") for critical incident reporting and review.

QCIPA 2016 starts with a preamble which sets out the purposes of the new legislation. The preamble highlights the balance between openness and transparency with patients and the need to sometimes hold confidential quality of care reviews:

The people of Ontario and their Government …

Believe that quality health care and patient safety is best achieved in a manner that supports openness and transparency to patients and their authorized representatives regarding patient health care;

Recognize that health care providers and other staff in health facilities sometimes need to hold confidential discussions to identify and analyze errors affecting patients, systemic problems and opportunities for quality improvement in patient health care;

QCIPA 2016 maintains the same basic protection that was in QCIPA 2004 for quality of care reviews conducted by a QCIPA-designated committee. Quality of care information from these reviews cannot be used or disclosed in legal proceedings and is not subject to disclosure under the Freedom of Information and Protection of Privacy Act ("FIPPA").2

The definition of "quality of care information" remains mostly the same, but some important changes have been made where the quality of care review relates to a "critical incident" as defined in the PHA:

“quality of care information” means information that,

(a) is collected or prepared by or for a quality of care committee for the sole or primary purpose of assisting the committee in carrying out its quality of care functions,

(b) relates to the discussions and deliberations of a quality of care committee in carrying out its quality of care functions, or

(c) relates solely or primarily to any activity that a quality of care committee carries on as part of its quality of care functions, including information contained in records that a quality of care committee creates or maintains related to its quality of care functions.

“Quality of care information” does not include any of the following:

1. Information contained in a patient record.

2. Information contained in a record that is required by law to be created or to be maintained.

3. Information relating to a patient in respect of a critical incident that describes,

i. facts of what occurred with respect to the incident,

ii. what the quality of care committee or health facility has identified, if anything, as the cause or causes of the incident,

iii. the consequences of the critical incident for the patient, as they become known,

iv. the actions taken and recommended to be taken to address the consequences of the critical incident for the patient, including any health care or treatment that is advisable, or

v. the systemic steps, if any, that a health facility is taking or has taken in order to avoid or reduce the risk of further similar incidents.

4. Information that consists of facts contained in a record of an incident involving the provision of health care to a patient.

5. Information that a regulation specifies is not quality of care information and that a quality of care committee collects or prepares after the day on which that regulation comes into force.3

While worded slightly differently, the definition of "quality of care information" in QCIPA 2016 is essentially the same for non-critical incident reviews as it was in QCIPA 2004.

For critical incident reviews however, there are some specific exclusions from "quality of care information" which mirror the requirements for disclosure to patients or substitute decision makers ("SDMs") under the PHA. Under the previous regulation under the PHA, following a critical incident, patients or SDMs had to be advised of parts (i), (iii), (iv) and (v) as outlined above. This has now been made part of QCIPA 2016, with an important new requirement in part (ii) that the disclosure include "what the quality of care committee or health facility has identified, if anything, as the cause or causes of the incident". This is an important new requirement for additional disclosure to patients/SDMs where the committee has identified cause(s) of a critical incident.

QCIPA 2016 and the PHA Regulations for critical incidents also now include requirements that a hospital committee review critical incidents as soon as practicable after they occur, that a member of the hospital's staff responsible for patient relations or providing patient perspectives participate in all critical incident reviews and that the critical incident review include an offer to interview the patient or authorized representative.4


QCIPA 2016 makes some key changes to QCIPA 2004. While it confirms the principle that sometimes quality of care reviews need to be conducted in confidence, the importance of adequate disclosure to patients and SDMs is also affirmed.

The enactment of QCIPA 2016 should prompt hospitals to review their quality of care review systems, and particularly the terms of reference and mandates for committees established under QCIPA 2004. The new requirements for critical incident reviews will need to be implemented.

1QCIPA Review Committee Recommendations, submitted December 23, 2014

2 QCIPA 2016, ss. 3, 10 and 11.

3 QCIPA 2016, ss. 2(2) and (3); emphasis added. With respect to #5, the regulations under QCIPA 2016 set out that the fact that a quality of care committee conducted a review and when the review took place are not "quality of care information" (which is the same as the regulation under QCIPA 2004).

4 QCIPA 2016, s. 4; Hospital Management Regulation, s. 2(3.1) — (3.3).