IPC - Office of the Information and Privacy Commissioner/Ontario | What's New http://www.ipc.on.ca en-us November 1st - 10th Anniversary of PHIPA http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=351 <SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial', 'sans-serif'; COLOR: black"> <P><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri>Of all the information that is collected about us in our increasingly data-driven lives, our health information is perhaps the most intimate and sensitive. While our financial information may say something about our tastes or socioeconomic status, our health information is exceptional because it is distinctly unique to each of us as individuals. While this information is needed by health care professionals to provide us with proper care and treatment, its unauthorized use and disclosure can have devastating consequences. For example, it can be used to discriminate based on an individual’s mental or emotional state, physical disabilities, lifestyle habits, medication, and genetic information, to name but a few. This is why protecting this information is so important. </FONT></SPAN></P> <P><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri></FONT></SPAN></P> <P><FONT face=Calibri><SPAN style="FONT-SIZE: 10pt">The <A href="http://www.ipc.on.ca/english/PHIPA/"><I>Personal Health Information Protection Act</I> (<I>PHIPA</I>)</A> was enacted ten years ago, on November 1, 2004,&nbsp;to establish rules governing the collection, use and disclosure of health information </SPAN><SPAN style="FONT-SIZE: 10pt; BACKGROUND: white">within the health sector. In order to keep this information confidential and secure, while not compromising the effective and efficient delivery of health care. <I>PHIPA</I> is Canada’s first consent-based health statute. It generally requires consent of individuals to be obtained before their health information can be </SPAN><SPAN style="FONT-SIZE: 10pt">collected, used or disclosed and provides individuals the right to prevent their information from being collected, used or disclosed for health care purposes. Further, <I>PHIPA</I> also provides individuals the right to access their records and to require their correction when they are inaccurate or complete in order to enable individuals to become partners in their health care. </SPAN></FONT></P> <P><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri></FONT></SPAN></P> <P><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri>The long road to enacting health privacy legislation<I> </I>in Ontario began in 1980, with the Royal Commission of Inquiry into the Confidentiality of Health Records in Ontario led by Justice Horace Krever. The result was a three-volume report containing 170 recommendations which would serve as the impetus for the enactment of <I>PHIPA</I>. Three decades have passed since the Krever Commission and <I>PHIPA</I> is now recognized as a gold standard for protecting privacy while enabling the effective provision of health care.</FONT></SPAN></P> <P><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri></FONT></SPAN></P> <P><FONT face=Calibri><SPAN style="FONT-SIZE: 10pt">In fact, <I>PHIPA</I> has been viewed as such a success that it has served as a model both here in Canada, and in the United States. </SPAN><SPAN>In 2007, the New Brunswick Task Force on Personal Health Information cited <I>PHIPA</I> “… as the gold standard among personal health information statutes …” The U.S. Institute of Medicine also recommended that <I>PHIPA</I> be used as a model for amending the U.S. <I>Health Insurance Portability and Accountability Act</I>. Having surveyed health privacy legislation around the world, <I>PHIPA</I> was highlighted as a potential model. </SPAN></FONT></P> <P><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri></FONT></SPAN></P> <P><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri>So, what does the next ten years hold for <I>PHIPA</I>? I think the obvious answer is that it will have to adapt to the increasingly rapid changes in information and communications technology, most notably the development of electronic health records and other shared health record systems. There is a growing need for a legislative framework to address health information in an increasingly digital and interconnected world. While <I>PHIPA</I> has served Ontario admirably over the last decade, it must be amended to clarify the rights individuals and the duties and obligations of health care providers in a shared electronic environment.</FONT></SPAN></P> <P><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri></FONT></SPAN></P> <IMG style="HEIGHT: 154px; WIDTH: 216px" alt="" src="/site_images/phipa10-sm.jpg" align=right> <P><FONT face=Calibri><SPAN style="FONT-SIZE: 10pt"><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri></FONT></SPAN>Modernizing <I>PHIPA</I> will help to </SPAN><SPAN style="FONT-SIZE: 10pt">facilitate the introduction of electronic health records and pave the way for a smooth and seamless transition toward 21<SUP>st</SUP> century health care while protecting our privacy and the confidentiality of our health information – we deserve no less.</SPAN></FONT></P> </SPAN> Fri, 31 Oct 2014 00:00:00 GMT Toronto Star Agrees with Need for PHIPA Prosecutions http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=350 <P><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri>The </FONT><A href="http://www.thestar.com/opinion/editorials/2014/10/29/charge_hospital_workers_who_violate_privacy_editorial.html"><FONT color=#0000ff face=Calibri>Toronto Star</FONT></A><FONT face=Calibri> editorial board agrees with Acting Commissioner Beamish's call for sterner measures, under the <I>Personal Health Information Protection Act,</I> than a simple disciplinary action or firing for those who access medical records without authorization.</FONT></SPAN></P> <P><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri></FONT></SPAN></P> <P><EM><SPAN style="FONT-SIZE: 10pt"><FONT face=Calibri>“He's right. Hospital staff should be aware that the least of their worries is being disciplined or fired if they invade patient privacy. That's why Beamish plans to meet with health ministry officials to encourage more prosecutions under the act … Beamish should be congratulated for initiating the meeting. Now Health Minister Eric Hoskins and Attorney General Madeleine Meilleur need to listen - and follow up.”</FONT></SPAN> </EM></P> Thu, 30 Oct 2014 00:00:00 GMT Acting Commissioner Brian Beamish calls for more prosecutions under PHIPA http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=348 <FONT style="FONT-SIZE: 10pt"> <P style="TEXT-ALIGN: justify"><FONT face=Calibri>Acting Commissioner Brian Beamish has called for tougher measures by calling for more prosecutions against those who commit serious breaches under Ontario’s <I>Personal Health Information Protection Act</I><SPAN>. In an interview with the <A href="http://www.thestar.com/life/health_wellness/2014/10/29/hospital_privacy_violations_rife_in_ontario.html"><FONT color=#0000ff>Toronto Star</FONT></A>, the Commissioner said that, <EM>“People know generally they shouldn’t be doing this. They need to know they will be found out and that there will be consequences … this would send a strong message to health professionals that this is not okay.”</EM></SPAN></FONT><EM> </EM></P> </FONT> Wed, 29 Oct 2014 00:00:00 GMT New terror laws must respect privacy http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=349 Canada's Information and Privacy Commissioners issued a <A href="http://www.ipc.on.ca/english/Resources/News-Releases/News-Releases-Summary/?id=1429">statement</A> this morning urging&nbsp;the federal Conservatives to balance any new national security laws against Canadians’ fundamental right to privacy.&nbsp;<BR> <BR> “We acknowledge that security is essential to maintaining our democratic rights. At the same time, the response to such events must be measured and proportionate, and crafted so as to preserve our democratic values,”<BR> <SPAN style="FONT-FAMILY: 'Arial', 'sans-serif'; COLOR: #484848; FONT-SIZE: 8.5pt">&nbsp;</SPAN><BR> The <A href="http://globalnews.ca/news/1642645/dont-trample-on-civil-liberties-in-fighting-terrorism-privacy-czars/">Canadian Press</A>, the <A href="http://www.theglobeandmail.com/news/politics/any-changes-to-police-powers-after-terror-attacks-must-be-measured-watchdogs-say/article21361965/?cmpid=rss1#dashboard/follows/">Globe and Mail</A> and the&nbsp;<A href="http://www.thestar.com/news/canada/2014/10/29/new_terror_laws_must_respect_privacy_watchdogs_warn_federal_government.html">Toronto Star</A> covered the statement's release and&nbsp;examined the&nbsp;current status of potential legislation.<BR> Wed, 29 Oct 2014 00:00:00 GMT IPC launches inquiry into alleged TDSB report tampering http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=346 The <A href="http://www.thestar.com/yourtoronto/education/2014/10/17/toronto_trustee_document_tampering_prompts_probe_by_privacy_commissioner.html">Toronto Star</A> spoke with Commissioner Brian Beamish yesterday about the IPC inquiry into the alleged tampering of TDSB documents by school board trustees and staff:&nbsp;<BR> <BR> <EM>"Any allegation of tampering is something we take very seriously,” Beamish said. "We were very concerned” when we saw the article, Beamish added. “We knew that we needed to act quickly to investigate.”&nbsp; The IPC contacted the board Thursday, and is now “gathering some documents (Thursday and Friday) and we plan on meeting with staff early next week,” Beamish said. </EM> Fri, 17 Oct 2014 00:00:00 GMT Toronto police ordered to release records http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=342 The Toronto police have been ordered by IPC adjudicator Colin Bhattacharjee to release documents pertaining to an "unusually significant police response" as there is a "compelling public interest" in the documents' disclosure.&nbsp; <BR> <BR> The <A href="http://www.thestar.com/news/crime/2014/10/13/toronto_police_assigned_18_officers_to_probe_windsor_rd_breakin.html">Toronto Star</A> reports that 18 officers were assigned to investigate a break-in and assault at a Windsor Road home days after the media had reported that the Mayor of Toronto was filmed using drugs in the house.&nbsp; <BR> <BR> View the full <A href="http://www.ipc.on.ca/english/Decisions-and-Resolutions/Decisions-and-Resolutions-Summary/?id=9622">order</A>. Tue, 14 Oct 2014 00:00:00 GMT Right to Know Week: Improving Access to Information in Ontario http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=341 <EM>Acting Commissioner Brian Beamish shares his thoughts on the future of access to information in Ontario:</EM><BR> <BR> This week in Canada, we recognize <A href="http://www.freedominfo.org/regions/global/rtk-day/">Right to Know Day</A> on September 28th and celebrate <A href="http://www.oic-ci.gc.ca/rtk-dai-eng/">Right to Know Week</A>. Since 2002, approximately 40 countries have marked the occasion in order to raise awareness of an individual’s right to access government-held information, while promoting freedom of information (FOI) as essential to both democracy and good governance. The week presents us with an excellent opportunity to highlight recommendations to improve accessibility to government-held information. <BR> <BR> In Ontario, it has now been more than 25 years since the <EM><A href="http://www.e-laws.gov.on.ca/html/statutes/english/elaws_statutes_90f31_e.htm">Freedom of Information and Protection of Privacy Act </A></EM>and the <EM><A href="http://www.e-laws.gov.on.ca/html/statutes/english/elaws_statutes_90m56_e.htm">Municipal Freedom of Information and Protection of Privacy Act</A></EM> were passed in order to form the foundation of our access to information infrastructure. For the most part, the <EM>Acts</EM> have served the province well; however, there is still room for improvement. <BR> <BR> The following recommendations distinguish between two key concepts: the formal FOI system, as set out in our provincial and municipal <EM>Acts</EM>, and the other means of fostering access to government-held information – both are necessary to improve access to information in Ontario. <BR> <BR> <STRONG>Recommendations for Modernizing FOI Laws <BR> </STRONG><BR> In terms of the formal process, my office has called upon the government to re-examine the <EM>Acts</EM> and modernize the legislation, most recently in our <A href="http://annualreport.ipc.on.ca/commissioners-message/commissioners-recommendations-2/">2013 annual report</A>. The IPC was also one of the many information and privacy commissioners and ombudspersons’ offices to sign a resolution which outlined a vision for modernizing Canada’s access and privacy laws. The resolution, <EM><A href="https://www.priv.gc.ca/media/nr-c/2013/res_131009_e.asp">Modernizing Access and Privacy Laws for the 21st Century</A></EM>, contained a number of ideas on how FOI legislation should be updated. Some of the key recommendations included:<BR> <UL> <LI>Increasing the ability of institutions, and the IPC, to exercise the “public interest override” – when records can be released, even if exempt from disclosure under the Act because of an overriding public interest.<BR> <BR> <LI>Creating minimum standards of proactive disclosure – categories and classes of documents that must be made&nbsp;available in usable format.<BR> <BR> <LI>Establishing a requirement that for any new systems, government institutions must create them with access to&nbsp;information in mind. </LI> </UL> <P>Another concept in this resolution that dovetails with the work of our office is the necessity of creating a legislated duty to document. This would require all public entities to document their deliberations, actions and decisions. <BR> <BR> The need for a legislated duty to document was highlighted by an investigation conducted by our office last year, relating to a government decision to relocate two gas plants prior to the 2011 provincial election. Our report, <EM><A href="http://www.ipc.on.ca/English/Decisions-and-Resolutions/Decisions-and-Resolutions-Summary/?id=9181">Deleting Accountability: Record Management Practices of Political Staff</A></EM> found that the expectations for recordkeeping must be raised across the government. We also called on the government to create a legislated duty to document to ensure that the decision-making process is available for public scrutiny. <BR> <BR> Although the Ontario government has not yet followed up on that specific recommendation, it has taken significant and praiseworthy steps to comply with the other recommendations of our report as part of the introduction of <A href="http://www.ontla.on.ca/web/bills/bills_detail.do?locale=en&amp;Intranet=&amp;BillID=3000"><EM>Bill 8, the Public Sector and MPP Accountability and Transparency Act</EM></A>. If passed, this bill would strengthen transparency and accountability in the broader public sector. Specifically, the bill would amend the Acts to require that all institutions ensure reasonable measures are in place to preserve records in their custody or control in accordance with recordkeeping and retention requirements, rules or policies that apply to the institution. The <EM>Acts</EM> would also be amended to create an offence for altering, concealing or destroying a record with the intention of denying a right to access to the record. <BR> <BR> <STRONG>Fostering Greater Access to Government Information <BR> </STRONG><BR> We have seen great strides in the Open Data movement and the future holds tremendous promise. I think it is fair to say that some of our largest cities, such as Ottawa and Toronto, have become leaders in this field and the province also is actively pushing out information in a wide range of searchable data sets. However, there are a variety of ways to move forward in this area and foster greater access to information. A report released this spring, <EM><A href="https://www.ontario.ca/government/open-default-new-way-forward-ontario">Open by Default: A New Way Forward for Ontario</A></EM>, made a number of strong recommendations which my office firmly supports, including: </P> <UL> <LI>Publishing all government data in commonly accepted open standards, unless there are privacy, security or legal reasons for not doing so. The release of this data should be done in a timely manner, be available free of charge to&nbsp;the public, and ensure that no data is destroyed in the process.<BR> &nbsp; <LI>Give Ontarians the information they need to understand the government’s plans and&nbsp;priorities by proactively publishing key documents online, in an open format.&nbsp; </LI> </UL> <P></P> <UL> <LI>Restructuring the fees that institutions can charge to respond to FOI requests. An example, if an institution fails to&nbsp;respond to a request within 30 days, it could not impose a fee, but would be responsible for the cost of answering&nbsp;&nbsp;the request. Similarly, on a go-forward basis, fees could not be charged for responding to FOI requests for&nbsp;information held on new IT systems. In other words, those systems would need to be designed from the start with&nbsp;access to information in mind. </LI> </UL> <P>I strongly believe that following these recommendations would not only bring more transparency and accountability to government, but also lead to substantial cost savings and improved customer service. I hope that the provincial government will implement these recommendations and take a close look at further modernizing our access to information legislation. </P> Fri, 26 Sep 2014 00:00:00 GMT Survey generates privacy concerns http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=340 Questions&nbsp;in a&nbsp;survey for tenants of the London Municipal Housing Corporation sparked&nbsp;the&nbsp;<A href="http://www.lfpress.com/2014/09/24/mental-health-questions-cause-concern">London Free Press </A>to ask questions about&nbsp;the potential privacy implications.&nbsp; The questions which caused concern related to mental health and addiction. The survey was&nbsp;intended to be voluntary and&nbsp;anonymous; however, it was&nbsp;not clearly indicated. Acting Commissioner Brian Beamish suggested&nbsp;that if tenants don’t like the questions, “they should exercise their right to stop, tear up the form and walk away. The fact it is not compulsory and there are no identifiers gives me some comfort level, but I really hope the organization makes it really clear this is a voluntary survey.” Thu, 25 Sep 2014 00:00:00 GMT Peterborough Hospital PHIPA Lawsuit http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=339 <P style="TEXT-ALIGN: justify"><SPAN style="FONT-FAMILY: 'Arial', 'sans-serif'; FONT-SIZE: 12pt"><FONT style="FONT-SIZE: 10pt">The </FONT><A href="http://www.thestar.com/news/gta/2014/09/03/peterborough_lawsuit_to_set_precedent_for_ontario_patient_privacy_rights.html"><FONT style="FONT-SIZE: 10pt" color=#0000ff>Toronto Star</FONT></A><FONT style="FONT-SIZE: 10pt"> has reported on a lawsuit&nbsp;involving a&nbsp;Peterborough hospital that could have wide-ranging implications for patient privacy in all of Ontario’s hospitals. At issue, is whether </FONT></SPAN><SPAN style="FONT-FAMILY: 'Arial', 'sans-serif'; FONT-SIZE: 12pt"><FONT style="FONT-SIZE: 10pt">patients whose privacy has been breached can sue a hospital directly. The hospital in Peterborough has argued that the Superior Court has no jurisdiction to hear the lawsuit because under Ontario’s <I>Personal Health Information Protection Act</I>, (<I>PHIPA</I>) personal health information privacy violations are solely the domain of the Information and Privacy Commissioner of Ontario. However, Acting Commissioner, Brian Beamish has stated that his office does not have exclusive jurisdiction over matters of patient privacy and that <I>PHIPA</I> does not prevent the courts from hearing cases related to the improper handling of personal health information.</FONT> </SPAN></P> Wed, 03 Sep 2014 00:00:00 GMT TCDSB releases documents after extensive FOI battle http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=337 Documents pertaining to Toronto Mayor Ford’s football coaching role with the Toronto Catholic District School Board (TCDSB) were released Wednesday after a <A href="http://www.thestar.com/news/city_hall/toronto2014election/2014/08/28/rob_ford_threatened_teacher_made_players_roll_in_goose_scat_documents_show.html">lengthy freedom of information battle</A>. The TCDSB has initially declined the request for information. The IPC had ruled the documents should be released after the Toronto Star filed an appeal. Mayor Ford registered an appeal of this decision; however, after not presenting any arguments, the file was closed and the information was released. Fri, 29 Aug 2014 00:00:00 GMT