Commissioner's Blog

Dive into Commissioner Kosseim’s insightful blogs covering privacy, access, cyber safety, and beyond. Stay informed and explore the latest insights.

Using health data for the public good

From the early months of the pandemic, it became increasingly apparent that using personal health information (PHI) for critical health care, research, and public health purposes, would play a crucial role in helping us understand and control the spread of the deadly coronavirus. The importance of effective and efficient data sharing, linking, and integration to manage serious disease outbreaks — particularly across multiple jurisdictions — is not a new revelation. Dr. David Naylor, and the rest of the National Advisory Committee on SARS and Public Health, said as much in their final report on Learning from SARS back in October 2003.

Health researchers and public health experts who race against time to save lives and protect public health can often be seen throwing up their arms in exasperation when they run up against hurdles impeding access to critically needed health data. Unfortunately, every time this longstanding issue rears its ugly head in times of crises, privacy laws typically get a bad rap.

I was pleasantly surprised to see that was not the case in the recently published first report of the Expert Advisory Group on the Pan-Canadian Health Data Strategy, chaired by health data champion and president of the University of Waterloo, Dr. Vivek Goel. In canvassing the root causes that must be addressed for the strategy to be successful, the Expert Advisory Group highlighted a much broader range of issues, including: lack of trust and clear accountability; a culture of risk aversion and avoidance; misaligned incentives and lack of common vision; antiquated data policy environment; limited public insight and involvement; inconsistent and insufficient investment in data capacity and capability; fiscal pressures; an uncoordinated approach to data and technology solutions; and lack of consensus and follow-up on pan-Canadian interoperability, etc.

While privacy laws were not cited as a problem per se, the report did refer to insufficient understanding of applicable personal health information legislation and inconsistencies between these statutes across jurisdictions, as reasons which exacerbate the problem. Put that way, it seems like a much fairer and more accurate criticism levelled at the issue.

In order to do our bit to help enhance understanding of the applicable personal health information law in Ontario (PHIPA), my office has today published a new publication on the use and disclosure of PHI for broader public health purposes.

This publication examines many of the ways in which PHIPA allows PHI to be used or disclosed for broader public health purposes with an eye to improving health, the health care system, and public health more generally. The permitted purposes include:

  • conducting research
  • planning, evaluating, and managing the health system
  • maintaining a registry of PHI to improve the provision of health care
  • protecting and promoting public health

I have always admired PHIPA for the way in which it 1) enables the sharing of important health data to address new challenges and opportunities, 2) integrates data access conditions with research ethics review, and 3) ensures more intensive regulatory oversight and accountability of certain designated health research organizations and registries that are entrusted with significant volumes of Ontarians’ PHI and greater permissions to use it for the public good. The permitted purposes outlined in this latest IPC publication demonstrate how our PHI can be used responsibly as we navigate changes in health, society, and technology.

Moreover, once the recent round of legislative amendments to PHIPA takes effect (on de-identification, electronic audit logs, consumer electronic service providers and administrative penalties, etc.), Ontario will be even better positioned to seize the innovative opportunities offered by digital health technologies and further advance its public health objectives, while protecting the privacy of its citizens.

Trust in Digital Health is one of the four strategic priorities my office identified to guide our work for the next several years. Our goal is to promote confidence in the digital health care system by guiding custodians to respect the privacy and access rights of Ontarians and supporting the pioneering use of PHI for research and analytics to the extent it serves the public good.

We hope this latest publication helps contribute to that goal.

Our office is always here to help if you have any questions about this publication or other matters related to health information and privacy.



Media Contact

For a quick response, kindly e-mail or phone us with details of your request such as media outlet, topic, and deadline:

Email: @email
Telephone: 416-326-3965

Contact Us

Social Media

The IPC maintains channels on Twitter, YouTube and Linkedin in its efforts to communicate to Ontarians and others interested in privacy, access and related issues.

Our Social Media Policy

Help us improve our website. Was this page helpful?
When information is not found


  • You will not receive a direct reply. For further enquiries, please contact us at @email
  • Do not include any personal information, such as your name, social insurance number (SIN), home or business address, any case or files numbers or any personal health information.
  • For more information about this tool, please see our Privacy Policy.