Privacy and Health Information

In 2004, Ontario enacted the Personal Health Information Protection Act, 2004 (PHIPA).  PHIPA follows the same principles as the federal Personal Information Protection and Electronic Documents Act, 2000 (PIPEDA), however it provides much more specific guidance about the handling of personal health information.  Below one may find a variety of resources pertaining to assist in understanding and complying with the requirements of PHIPA.    

The Personal Health Information Protection Act, 2004 (PHIPA) and its Regulation (O. Reg. 329/04) have undergone several amendments over the past few years. Some of these amendments pertain to reporting requirement by Health Information Custodians in the event of unauthorized disclosures of Personal Health Information.

Regulated health professionals in Ontario need to be aware of new reporting obligations under the Personal Health Information Protection Act, 2004 (PHIPA). These changes took effect in June 2016. 

As of 2018, it is necessary for health information custodians across Ontario to report their health privacy information breach statistics to the Office of the Information and Privacy Commissioner.  This reporting must be done annually.  Note that health information custodians that have 0 (zero) health privacy breaches to report should not submit a statistical report.

Information from the Privacy Commissioner regarding 2018 Health Privacy Breach Statistics Reporting may be found below.