Search

Displaying 1 - 20 of 80

The IPC reiterates concerns about privacy and access to personal health information under Bill 11, the More Convenient Care Act

The IPC reiterates concerns about privacy and access to personal health information under Bill 11, the More Convenient Care Act … Schedule 6 of Bill 11, the More Convenient Care Act reintroduces a complex legislative framework to provide Ontarians with access to their health records by means of a …

Resource

- Published on May 28, 2025

Privacy Management Handbook for Small Health Care Organizations

Privacy Management Handbook for Small Health Care Organizations … This handbook offers practical guidance to help smaller organizations meet their privacy obligations under Ontario’s health privacy law. It includes foundational components of a privacy management program such as governance and …

Resource

- Published on May 8, 2025

Research Report - Surveillance and Algorithmic Management at Work: Capabilities, Trends, and Legal Implications

Research Report - Surveillance and Algorithmic Management at Work: Capabilities, Trends, and Legal Implications … Workplace surveillance can take many forms, from monitoring employee productivity, tracking online activity or even as part of the hiring process. The IPC commissioned Dr. Adam Molnar, …

Resource

- Published on March 19, 2025

Ensuring secure disposal of health records: Out of sight is not out of mind!

Ensuring secure disposal of health records: Out of sight is not out of mind! … Case of Note: PHIPA Decision 266 Background A complaint was brought to the Information and Privacy Commissioner of Ontario (IPC) alleging that a health clinic had failed to securely dispose of records of personal health …

Resource

- Published on February 10, 2025

IPC Comments on the transfer of the Critical Care Information System from Hamilton Health Sciences Corporation to Ornge

IPC Comments on the transfer of the Critical Care Information System from Hamilton Health Sciences Corporation to Ornge … IPC comments on proposed amendments to Ontario Regulation 329/04 to support the transfer of the Critical Care Information System from Hamilton Health Sciences Corporation to …

Resource

- Published on February 6, 2025

S4-Episode 11: The best of season 4

S4-Episode 11: The best of season 4 … In this special retrospective episode of Info Matters , Commissioner, Patricia Kosseim revisits season four’s standout conversations. Highlights include junior high students' views on privacy, Cynthia Khoo on facial recognition, and Robert Fabes on how people …

Multimedia

- Published on February 12, 2025

The IPC raises concerns about privacy and access to personal health information under Bill 231, the More Convenient Care Act

The IPC raises concerns about privacy and access to personal health information under Bill 231, the More Convenient Care Act … Schedule 6 of Bill 231, the More Convenient Care Act introduces a complex initiative to enable Ontarians' use of a digital health identity tool with the intent that …

Resource

- Published on December 13, 2024

Joint Investigation into LifeLabs Data Breach

Joint Investigation into LifeLabs Data Breach … The joint investigation report concerning the 2019 cyberattack on LifeLabs’ computer systems was completed in June 2020. The Ontario Court of Appeal recently dismissed LifeLabs’ bid to block public release of the report. … Joint Investigation into …

Resource

- Published on November 25, 2024

Preventing health privacy breaches: Why training, policies, and confidentiality agreements matter

Preventing health privacy breaches: Why training, policies, and confidentiality agreements matter … Case of Note: PHIPA Decision 260 Background A public hospital was alerted to suspicious activity on a patient chart, and initiated an investigation, which included a targeted audit. The audit …

Resource

- Published on November 18, 2024

Commissioner’s letter to the Ministry of Health about proposed regulatory amendments under the Personal Health Information Protection Act

Commissioner’s letter to the Ministry of Health about proposed regulatory amendments under the Personal Health Information Protection Act … In her letter, Commissioner Kosseim recommends that the m inistry reconsider its proposal to better facilitate Ontarians’ easy and meaningful access to their …

Resource

- Published on September 9, 2024

Reported Breach HR23-00282

Reported Breach HR23-00282 … A prescribed person under the Personal Health Information Protection Act reported a breach to the IPC regarding a cyberattack that involved the unauthorized copying of approximately 3.4 million individuals’ personal health information from the prescribed person’s secure …

Resource

- Published on August 14, 2024

Cyberattack response: Duty to notify individuals under PHIPA and CYFSA

Cyberattack response: Duty to notify individuals under PHIPA and CYFSA … Background The following decisions involved different cyberattacks against four different organizations. Three involved health information custodians (HICs) subject to the Personal Health Information Protection Act (PHIPA), …

Resource

- Published on August 2, 2024

Ensuring health data privacy: Insights from the UTOPIAN case

Ensuring health data privacy: Insights from the UTOPIAN case … Case of Note: PHIPA Decision 243 Introduction Health information research plays a vital role in improving medical treatments and the quality of care. To conduct health research, researchers require access to personal health …

Resource

- Published on July 29, 2024

Comments responding to the proposal to enhance personal health information contributed to the provincial electronic health record (EHR)

Comments responding to the proposal to enhance personal health information contributed to the provincial electronic health record (EHR) … Letter to the Ministry of Health responding to the changes proposed under the PHIPA regulation mandating contribution of personal health information to the …

Resource

- Published on July 22, 2024

Ransomware reality: Case study in health care cybersecurity and recovery

Ransomware reality: Case study in health care cybersecurity and recovery … Case of Note: PHIPA Decision 249 Introduction Unfortunately, ransomware attacks are not an uncommon occurrence, especially in this era of rapidly advancing technologies. Bad actors use ransomware attacks to extract money and …

Resource

- Published on July 18, 2024

Administrative Monetary Penalties: Guidance for the Health Care Sector

Administrative Monetary Penalties: Guidance for the Health Care Sector … As of January 1, 2024, the IPC has the discretion to issue administrative monetary penalties as part of its enforcement powers for violations of the Personal Health Information Protection Act (PHIPA). Download the guidance …

Resource

- Published on January 1, 2024

Submission for Bill 135, Convenient Care at Home Act, 2023, which would amend the Connecting Care Act, 2019

Submission for Bill 135, Convenient Care at Home Act, 2023, which would amend the Connecting Care Act, 2019 … In this letter to Brian Riddell, Chair of the Standing Committee on Social Policy, the IPC makes recommendations in relation to proposed amendments to the Connecting Care Act, 2019 . … …

Resource

- Published on November 20, 2023

Comments and Approach for PHIPA Administrative Penalties

Comments and Approach for PHIPA Administrative Penalties … Letter to Ministry of Health on support for and approach to proposed administrative penalties under PHIPA, highlighting their importance in enforcing healthcare privacy and access rights. … Comments and Approach for PHIPA Administrative …

Resource

- Published on October 17, 2023

Submission for the Five-Year Review of the Police Record Checks Reform Act, 2015

Submission for the Five-Year Review of the Police Record Checks Reform Act, 2015 … On September 11, 2023, the IPC provided a submission to the Ministry of the Solicitor General as part of the Five-Year Review of the Police Record Checks Reform Act, 2015 . The submission includes eight …

Resource

- Published on September 12, 2023

Notice of change to PHIPA Practice Direction #3

Notice of change to PHIPA Practice Direction #3 … Document Updated: A change to PHIPA Practice Direction #3 took effect on October 10, 2023. Learn more As of October 10, 2023 , the IPC may publish PHIPA decisions at any stage of dispute resolution, including early resolution, investigation, and …

Resource

- Published on September 6, 2023