I am a service provider under the Child, Youth and Family Services Act (CYFSA). Do I submit a report?
Effective January 1, 2020, Service providers under the Child, Youth and Family Services Act must keep track of certain statistics regarding Part X and report them annually to the IPC. To find out what statistics to track, read our Guidelines for Submitting Statistics to the IPC
Service Providers under the CYFSA will be required to submit statistics for the 2022 calendar year by Friday, March 31, 2023.
I am both a health information custodian under PHIPA and an institution under FIPPA or MFIPPA. Do I fill out more than one form?
Yes. If you are both a health information custodian under PHIPA and an institution under FIPPA or MFIPPA, such as a hospital or medical officer of health, you must submit a FIPPA/MFIPPA and a PHIPA report.
You must also complete a PHIPA breach statistics form (see below) on or before Wednesday, March 1, 2023.
The Annual Statistics Submission Website contains workbooks and guides to submitting your statistics. You may find it easier to complete the workbook manually and then complete the online form.
You must submit your report online. We do not accept statistical reports by fax or email.
Access, correction and other statistics (FIPPA/MFIPPA/PHIPA)
All institutions under the Freedom of Information and Protection of Privacy Act (FIPPA) or the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) are required by law to submit their statistics, even those that received no freedom of information requests during the reporting year. The requirements for statistical reporting with respect to FIPPA, MFIPPA and the Personal Health Information Protection Act (PHIPA) are set out under section 34 of FIPPA and section 26 of MFIPPA.
If you are both a health information custodian PHIPA and an institution under FIPPA or MFIPPA or an institution under FIPPA or MFIPPA that has a health information custodian acting as part of the institution, you must submit a FIPPA/MFIPPA and a PHIPA report. For instance, a hospital or medical officer of health must submit a FIPPA/MFIPPA and a PHIPA report.
Refer to the FIPPA workbook / the MFIPPA workbook / or the PHIPA workbook for details on what statistics to submit to the IPC.
Breach statistics (PHIPA)
Health information custodians must submit health information privacy breach statistics as set out under section 6.4 of O. Reg. 329/04 under PHIPA. Note that the 2021 reporting year will be the first reporting year for which health information custodians must set out the number of times personal health information was collected by the custodian by means of the electronic health record (EHR) without authority. Also note that the 2021 reporting year will be the first reporting year for which coroners to whom Ontario Health provides personal health information that is accessible by means of the EHR must comply with section 6.4, with any necessary modification, as if it were a health information custodian.
Health information custodians that are also institutions under FIPPA/MFIPPA must submit their statistics, even if they experienced no breaches during the 2022 reporting year.
Please note that you must report all breaches whether or not you were required or not to notify the IPC at the time they occurred.
Child and family service providers subject to Part X of CYFSA
Child and family services providers subject to Part X of the Child, Youth and Family Services Act (CYFSA) are required to provide the IPC with an annual report on requests for access and correction to records of personal information, privacy breaches and other statistics during the previous calendar year. The requirements for statistical reporting are set out under section 11 of O. Reg. 191/18 under the CYFSA.
Health information custodians and child and family service providers under Part X of CYFSA must submit privacy breach statistics. Health information custodians that are also institutions under FIPPA/MFIPPA must submit their statistics, even if they experienced no breaches during the 2022 reporting year. It is easy to complete the online questionnaire, and in cases where there are no breaches to report, it will be done quickly.
the name and e-mail address of the head of the organization
the name, mailing address, e-mail address, and telephone number of the person responsible for completing the report (the primary contact)
your language preference (English or Français)
Once you have started the questionnaire, you can log off the system at any time, and it will remember where you left when you log on the next time. This means you do not have to complete and submit your questionnaire all in one session as long as you complete and submit it on or before the deadline.
I have reported online before. Will my log-in be the same this year?
We have made some changes to make your reporting easier. If you’ve submitted online before, your log-in is the same. Go directly to the Online Statistical Reporting System to submit your report.
Once you have started the questionnaire, you can log off the system at any time, and it will remember where you left when you log on the next time. This means you do not have to complete and submit your questionnaire all in one session as long as you complete and submit it on or before the deadline.
If you need to set up a new account, you can now do this from the Online Statistical Reporting System as well. (Please see the question above.)