Commissioner's Blog

Dive into Commissioner Kosseim’s insightful blogs covering privacy, access, cyber safety, and beyond. Stay informed and explore the latest insights.

Detecting and Deterring Unauthorized Access to Personal Health Information

Unauthorized access continues to be a growing problem in the health sector in Ontario. The province’s Personal Health Information Protection Act (PHIPA), permits health information custodians (HIC) to collect, use and disclose personal health information for the purposes of providing or assisting in the provision of health care based on implied or assumed implied consent but prohibits the collection, use and disclosure of personal health information for any other purpose without the express consent of the individual, unless permitted or required by PHIPA.

It is important that HICs and their agents recognize that the issue of unauthorized access to personal health information, regardless of motive, is significant and is taken seriously. The protection of privacy should be integral to the delivery of health care and embedded into the culture of health care organizations. Developing and implementing a comprehensive approach, incorporating a variety of measures and ensuring agents are aware of the relevant privacy policies and procedures can go a long way toward preventing unauthorized access.

The purpose of this paper is to shed light on the extent of the problem and the potential consequences for individuals, custodians and their agents, and the entire health sector, and to provide guidance to custodians on minimizing the risk of unauthorized access.

Media Contact

For a quick response, kindly e-mail or phone us with details of your request such as media outlet, topic, and deadline:

Email: @email
Telephone: 416-326-3965

Contact Us

Social Media

The IPC maintains channels on Twitter, YouTube and Linkedin in its efforts to communicate to Ontarians and others interested in privacy, access and related issues.

Our Social Media Policy

Help us improve our website. Was this page helpful?
When information is not found


  • You will not receive a direct reply. For further enquiries, please contact us at @email
  • Do not include any personal information, such as your name, social insurance number (SIN), home or business address, any case or files numbers or any personal health information.
  • For more information about this tool, please see our Privacy Policy.