TORONTO, ON, Sept. 21, 2022 – Protecting sensitive personal health information is critical to maintaining Canadians’ trust in the health system.

Despite rapid digital advancements in the healthcare sector, using outdated and vulnerable technologies such as faxes and unencrypted email threatens to erode the public’s confidence that their personal health information is secure.

In a joint resolution released today, Canada’s federal, provincial, and territorial privacy commissioners call for a concerted effort across the healthcare sector to modernize and strengthen the privacy and security of digital health communications.

The joint resolution outlines measures for adoption by governments, health institutions, and health care providers. They include:

  • Putting in place a coordinated plan backed by government funding and other incentives to support phasing out fax machines and unencrypted email in the delivery of patient care across Canada as quickly as possible
  • Promoting the adoption of secure digital technologies and responsible data governance frameworks to protect personal health information against unauthorized access or inadvertent disclosure

“My office urges the government, regulatory colleges, and health information custodians to work together to pull the plug on the use of fax machines and unencrypted email that expose individuals to unnecessary and potentially devastating privacy risks,” said Ontario’s Information and Privacy Commissioner Patricia Kosseim. “Retiring these outdated ways of sharing personal health information is long overdue, particularly when more trustworthy methods are readily available.”

In Ontario, misdirected faxes remain the leading cause of unauthorized disclosure of personal health information. In 2021, health information custodians reported 4,848 privacy breaches from misdirected faxes to the Office of the Information and Privacy Commissioner of Ontario (IPC).

Learn more:


Media inquiries:
[email protected]

This post is also available in: French