IPC - Office of the Information and Privacy Commissioner/Ontario | What's New http://www.ipc.on.ca en-us IPC orders Rouge Valley to implement significant changes to protect patient health information http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=354 The <A href="http://www.thestar.com/life/health_wellness/2014/12/16/ontario_privacy_commissioner_slams_rouge_valley_hospital.html">Toronto Star</A> spoke with Acting Commissioner Brian Beamish yesterday about the investigation into the two significant privacy breaches at Rouge Valley Health System and the <A href="http://www.ipc.on.ca/images/Findings/ho-013.pdf">Order</A> released yesterday: <BR> <BR> “This kind of behaviour, whether it’s snooping out of curiosity or taking information for financial gain, is unacceptable, and staff should be clear that if they do it, there’s a good chance they’ll get caught,” Beamish told the Star. “But there’s also a message out to the health care profession that they have an obligation to make sure that there are safeguards in place to prevent and to detect this kind of activity.” <BR> Wed, 17 Dec 2014 00:00:00 GMT Ontario passes legislation that makes it illegal to destroy government records http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=353 <FONT style="BACKGROUND-COLOR: #ffffff" color=#000000>Based on some of the recommendations of the IPC report,&nbsp;<SPAN style="TEXT-DECORATION: underline"><A href="http://www.ipc.on.ca/English/Decisions-and-Resolutions/Decisions-and-Resolutions-Summary/?id=9181">Deleting Accountability: Record Management Practices of Political Staff - A Special Investigation Report</A></SPAN>,&nbsp;the <A href="http://www.cp24.com/news/ontario-passes-legislation-that-makes-it-illegal-to-destroy-government-records-1.2140070">Ontario govenment yesterday passed Bill 8</A>,&nbsp;<A href="http://news.ontario.ca/tbs/en/2014/12/province-passes-legislation-to-strengthen-accountability.html?utm_source=ondemand&amp;utm_medium=email&amp;utm_campaign=p">The Public Sector and MPP Accountability and Transparency Act</A>.&nbsp;The legislation makes it an offence to alter, conceal or destroy records with intent to deny an access request, with a penalty of up to $5,000. <BR> <BR> </FONT> Wed, 10 Dec 2014 00:00:00 GMT Acting Commissioner Beamish concerned that patient information was found scattered around Toronto neighbourhood. http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=352 In an interview with <A href="http://globalnews.ca/news/1664109/dentists-patient-information-found-scattered-on-toronto-street/">Global News</A>, Ontario’s acting Privacy Commissioner, Brian Beamish, expressed concern that documents containing personal patient information were found scattered across a Toronto neighbourhood clearly showing patient names, addresses, phone numbers and social insurance numbers The Commissioner said that, <EM>“It’s critical to realize that disposal does not mean putting them in the garbage, putting them in the recycling bin. It is the health professional who is ultimately responsible for how these records are disposed of. That’s why it’s critical that there’s an understanding with a third party provider like a cleaning company in terms of how the records will be securely destroyed.”</EM> Mon, 10 Nov 2014 00:00:00 GMT November 1st - 10th Anniversary of PHIPA http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=351 <SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial', 'sans-serif'; COLOR: black"> <P><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri></FONT></SPAN><IMG alt="" src="/site_images/phipa10-web.jpg" align=right>Of all the information that is collected about us in our increasingly data-driven lives, our health information is perhaps the most intimate and sensitive. While our financial information may say something about our tastes or socioeconomic status, our health information is exceptional because it is distinctly unique to each of us as individuals. While this information is needed by health care professionals to provide us with proper care and treatment, its unauthorized use and disclosure can have devastating consequences. For example, it can be used to discriminate based on an individual’s mental or emotional state, physical disabilities, lifestyle habits, medication, and genetic information, to name but a few. This is why protecting this information is so important. </FONT></SPAN></P> <P><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri></FONT></SPAN></P> <P><FONT face=Calibri><SPAN style="FONT-SIZE: 10pt">The <A href="http://www.ipc.on.ca/english/PHIPA/"><I>Personal Health Information Protection Act</I> (<I>PHIPA</I>)</A> was enacted ten years ago, on November 1, 2004,&nbsp;to establish rules governing the collection, use and disclosure of health information </SPAN><SPAN style="FONT-SIZE: 10pt; BACKGROUND: white">within the health sector. In order to keep this information confidential and secure, while not compromising the effective and efficient delivery of health care. <I>PHIPA</I> is Canada’s first consent-based health statute. It generally requires consent of individuals to be obtained before their health information can be </SPAN><SPAN style="FONT-SIZE: 10pt">collected, used or disclosed and provides individuals the right to prevent their information from being collected, used or disclosed for health care purposes. Further, <I>PHIPA</I> also provides individuals the right to access their records and to require their correction when they are inaccurate or complete in order to enable individuals to become partners in their health care. </SPAN></FONT></P> <P><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri>The long road to enacting health privacy legislation<I> </I>in Ontario began in 1980, with the Royal Commission of Inquiry into the Confidentiality of Health Records in Ontario led by Justice Horace Krever. The result was a three-volume report containing 170 recommendations which would serve as the impetus for the enactment of <I>PHIPA</I>. Three decades have passed since the Krever Commission and <I>PHIPA</I> is now recognized as a gold standard for protecting privacy while enabling the effective provision of health care.</FONT></SPAN></P> <P><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri></FONT></SPAN></P> <P><FONT face=Calibri><SPAN style="FONT-SIZE: 10pt">In fact, <I>PHIPA</I> has been viewed as such a success that it has served as a model both here in Canada, and in the United States. </SPAN><SPAN>In 2007, the New Brunswick Task Force on Personal Health Information cited <I>PHIPA</I> “… as the gold standard among personal health information statutes …” The U.S. Institute of Medicine also recommended that <I>PHIPA</I> be used as a model for amending the U.S. <I>Health Insurance Portability and Accountability Act</I>. Having surveyed health privacy legislation around the world, <I>PHIPA</I> was highlighted as a potential model. </SPAN></FONT></P> <P><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri></FONT></SPAN></P> <P><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri>So, what does the next ten years hold for <I>PHIPA</I>? I think the obvious answer is that it will have to adapt to the increasingly rapid changes in information and communications technology, most notably the development of electronic health records and other shared health record systems. There is a growing need for a legislative framework to address health information in an increasingly digital and interconnected world. While <I>PHIPA</I> has served Ontario admirably over the last decade, it must be amended to clarify the rights individuals and the duties and obligations of health care providers in a shared electronic environment.</FONT></SPAN></P> <P><FONT face=Calibri><SPAN style="FONT-SIZE: 10pt"><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri></FONT></SPAN>Modernizing <I>PHIPA</I> will help to </SPAN><SPAN style="FONT-SIZE: 10pt">facilitate the introduction of electronic health records and pave the way for a smooth and seamless transition toward 21<SUP>st</SUP> century health care while protecting our privacy and the confidentiality of our health information – we deserve no less.</SPAN></FONT></P> </SPAN> Fri, 31 Oct 2014 00:00:00 GMT Toronto Star Agrees with Need for PHIPA Prosecutions http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=350 <P><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri>The </FONT><A href="http://www.thestar.com/opinion/editorials/2014/10/29/charge_hospital_workers_who_violate_privacy_editorial.html"><FONT color=#0000ff face=Calibri>Toronto Star</FONT></A><FONT face=Calibri> editorial board agrees with Acting Commissioner Beamish's call for sterner measures, under the <I>Personal Health Information Protection Act,</I> than a simple disciplinary action or firing for those who access medical records without authorization.</FONT></SPAN></P> <P><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri></FONT></SPAN></P> <P><EM><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri>“He's right. Hospital staff should be aware that the least of their worries is being disciplined or fired if they invade patient privacy. That's why Beamish plans to meet with health ministry officials to encourage more prosecutions under the act … Beamish should be congratulated for initiating the meeting. Now Health Minister Eric Hoskins and Attorney General Madeleine Meilleur need to listen - and follow up.”</FONT></SPAN> </EM></P> Thu, 30 Oct 2014 00:00:00 GMT Acting Commissioner Brian Beamish calls for more prosecutions under PHIPA http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=348 <FONT style="FONT-SIZE: 10pt"> <P style="TEXT-ALIGN: justify"><FONT face=Calibri>Acting Commissioner Brian Beamish has called for tougher measures by calling for more prosecutions against those who commit serious breaches under Ontario’s <I>Personal Health Information Protection Act</I><SPAN>. In an interview with the <A href="http://www.thestar.com/life/health_wellness/2014/10/29/hospital_privacy_violations_rife_in_ontario.html"><FONT color=#0000ff>Toronto Star</FONT></A>, the Commissioner said that, <EM>“People know generally they shouldn’t be doing this. They need to know they will be found out and that there will be consequences … this would send a strong message to health professionals that this is not okay.”</EM></SPAN></FONT><EM> </EM></P> </FONT> Wed, 29 Oct 2014 00:00:00 GMT New terror laws must respect privacy http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=349 Canada's Information and Privacy Commissioners issued a <A href="http://www.ipc.on.ca/english/Resources/News-Releases/News-Releases-Summary/?id=1429">statement</A> this morning urging&nbsp;the federal Conservatives to balance any new national security laws against Canadians’ fundamental right to privacy.&nbsp;<BR> <BR> “We acknowledge that security is essential to maintaining our democratic rights. At the same time, the response to such events must be measured and proportionate, and crafted so as to preserve our democratic values,”<BR> <SPAN style="FONT-FAMILY: 'Arial', 'sans-serif'; COLOR: #484848; FONT-SIZE: 8.5pt">&nbsp;</SPAN><BR> The <A href="http://globalnews.ca/news/1642645/dont-trample-on-civil-liberties-in-fighting-terrorism-privacy-czars/">Canadian Press</A>, the <A href="http://www.theglobeandmail.com/news/politics/any-changes-to-police-powers-after-terror-attacks-must-be-measured-watchdogs-say/article21361965/?cmpid=rss1#dashboard/follows/">Globe and Mail</A> and the&nbsp;<A href="http://www.thestar.com/news/canada/2014/10/29/new_terror_laws_must_respect_privacy_watchdogs_warn_federal_government.html">Toronto Star</A> covered the statement's release and&nbsp;examined the&nbsp;current status of potential legislation.<BR> Wed, 29 Oct 2014 00:00:00 GMT IPC launches inquiry into alleged TDSB report tampering http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=346 The <A href="http://www.thestar.com/yourtoronto/education/2014/10/17/toronto_trustee_document_tampering_prompts_probe_by_privacy_commissioner.html">Toronto Star</A> spoke with Commissioner Brian Beamish yesterday about the IPC inquiry into the alleged tampering of TDSB documents by school board trustees and staff:&nbsp;<BR> <BR> <EM>"Any allegation of tampering is something we take very seriously,” Beamish said. "We were very concerned” when we saw the article, Beamish added. “We knew that we needed to act quickly to investigate.”&nbsp; The IPC contacted the board Thursday, and is now “gathering some documents (Thursday and Friday) and we plan on meeting with staff early next week,” Beamish said. </EM> Fri, 17 Oct 2014 00:00:00 GMT Toronto police ordered to release records http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=342 The Toronto police have been ordered by IPC adjudicator Colin Bhattacharjee to release documents pertaining to an "unusually significant police response" as there is a "compelling public interest" in the documents' disclosure.&nbsp; <BR> <BR> The <A href="http://www.thestar.com/news/crime/2014/10/13/toronto_police_assigned_18_officers_to_probe_windsor_rd_breakin.html">Toronto Star</A> reports that 18 officers were assigned to investigate a break-in and assault at a Windsor Road home days after the media had reported that the Mayor of Toronto was filmed using drugs in the house.&nbsp; <BR> <BR> View the full <A href="http://www.ipc.on.ca/english/Decisions-and-Resolutions/Decisions-and-Resolutions-Summary/?id=9622">order</A>. Tue, 14 Oct 2014 00:00:00 GMT Right to Know Week: Improving Access to Information in Ontario http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=341 <EM>Acting Commissioner Brian Beamish shares his thoughts on the future of access to information in Ontario:</EM><BR> <BR> This week in Canada, we recognize <A href="http://www.freedominfo.org/regions/global/rtk-day/">Right to Know Day</A> on September 28th and celebrate <A href="http://www.oic-ci.gc.ca/rtk-dai-eng/">Right to Know Week</A>. Since 2002, approximately 40 countries have marked the occasion in order to raise awareness of an individual’s right to access government-held information, while promoting freedom of information (FOI) as essential to both democracy and good governance. The week presents us with an excellent opportunity to highlight recommendations to improve accessibility to government-held information. <BR> <BR> In Ontario, it has now been more than 25 years since the <EM><A href="http://www.e-laws.gov.on.ca/html/statutes/english/elaws_statutes_90f31_e.htm">Freedom of Information and Protection of Privacy Act </A></EM>and the <EM><A href="http://www.e-laws.gov.on.ca/html/statutes/english/elaws_statutes_90m56_e.htm">Municipal Freedom of Information and Protection of Privacy Act</A></EM> were passed in order to form the foundation of our access to information infrastructure. For the most part, the <EM>Acts</EM> have served the province well; however, there is still room for improvement. <BR> <BR> The following recommendations distinguish between two key concepts: the formal FOI system, as set out in our provincial and municipal <EM>Acts</EM>, and the other means of fostering access to government-held information – both are necessary to improve access to information in Ontario. <BR> <BR> <STRONG>Recommendations for Modernizing FOI Laws <BR> </STRONG><BR> In terms of the formal process, my office has called upon the government to re-examine the <EM>Acts</EM> and modernize the legislation, most recently in our <A href="http://annualreport.ipc.on.ca/commissioners-message/commissioners-recommendations-2/">2013 annual report</A>. The IPC was also one of the many information and privacy commissioners and ombudspersons’ offices to sign a resolution which outlined a vision for modernizing Canada’s access and privacy laws. The resolution, <EM><A href="https://www.priv.gc.ca/media/nr-c/2013/res_131009_e.asp">Modernizing Access and Privacy Laws for the 21st Century</A></EM>, contained a number of ideas on how FOI legislation should be updated. Some of the key recommendations included:<BR> <UL> <LI>Increasing the ability of institutions, and the IPC, to exercise the “public interest override” – when records can be released, even if exempt from disclosure under the Act because of an overriding public interest.<BR> <BR> <LI>Creating minimum standards of proactive disclosure – categories and classes of documents that must be made&nbsp;available in usable format.<BR> <BR> <LI>Establishing a requirement that for any new systems, government institutions must create them with access to&nbsp;information in mind. </LI> </UL> <P>Another concept in this resolution that dovetails with the work of our office is the necessity of creating a legislated duty to document. This would require all public entities to document their deliberations, actions and decisions. <BR> <BR> The need for a legislated duty to document was highlighted by an investigation conducted by our office last year, relating to a government decision to relocate two gas plants prior to the 2011 provincial election. Our report, <EM><A href="http://www.ipc.on.ca/English/Decisions-and-Resolutions/Decisions-and-Resolutions-Summary/?id=9181">Deleting Accountability: Record Management Practices of Political Staff</A></EM> found that the expectations for recordkeeping must be raised across the government. We also called on the government to create a legislated duty to document to ensure that the decision-making process is available for public scrutiny. <BR> <BR> Although the Ontario government has not yet followed up on that specific recommendation, it has taken significant and praiseworthy steps to comply with the other recommendations of our report as part of the introduction of <A href="http://www.ontla.on.ca/web/bills/bills_detail.do?locale=en&amp;Intranet=&amp;BillID=3000"><EM>Bill 8, the Public Sector and MPP Accountability and Transparency Act</EM></A>. If passed, this bill would strengthen transparency and accountability in the broader public sector. Specifically, the bill would amend the Acts to require that all institutions ensure reasonable measures are in place to preserve records in their custody or control in accordance with recordkeeping and retention requirements, rules or policies that apply to the institution. The <EM>Acts</EM> would also be amended to create an offence for altering, concealing or destroying a record with the intention of denying a right to access to the record. <BR> <BR> <STRONG>Fostering Greater Access to Government Information <BR> </STRONG><BR> We have seen great strides in the Open Data movement and the future holds tremendous promise. I think it is fair to say that some of our largest cities, such as Ottawa and Toronto, have become leaders in this field and the province also is actively pushing out information in a wide range of searchable data sets. However, there are a variety of ways to move forward in this area and foster greater access to information. A report released this spring, <EM><A href="https://www.ontario.ca/government/open-default-new-way-forward-ontario">Open by Default: A New Way Forward for Ontario</A></EM>, made a number of strong recommendations which my office firmly supports, including: </P> <UL> <LI>Publishing all government data in commonly accepted open standards, unless there are privacy, security or legal reasons for not doing so. The release of this data should be done in a timely manner, be available free of charge to&nbsp;the public, and ensure that no data is destroyed in the process.<BR> &nbsp; <LI>Give Ontarians the information they need to understand the government’s plans and&nbsp;priorities by proactively publishing key documents online, in an open format.&nbsp; </LI> </UL> <P></P> <UL> <LI>Restructuring the fees that institutions can charge to respond to FOI requests. An example, if an institution fails to&nbsp;respond to a request within 30 days, it could not impose a fee, but would be responsible for the cost of answering&nbsp;&nbsp;the request. Similarly, on a go-forward basis, fees could not be charged for responding to FOI requests for&nbsp;information held on new IT systems. In other words, those systems would need to be designed from the start with&nbsp;access to information in mind. </LI> </UL> <P>I strongly believe that following these recommendations would not only bring more transparency and accountability to government, but also lead to substantial cost savings and improved customer service. I hope that the provincial government will implement these recommendations and take a close look at further modernizing our access to information legislation. </P> Fri, 26 Sep 2014 00:00:00 GMT