Tag: Case of Note

Ensuring secure disposal of health records: Out of sight is not out of mind!

Case of Note: PHIPA Decision 266 Background A complaint was brought to the Information and Privacy Commissioner of Ontario (IPC) alleging that a health clinic had failed to securely dispose of records of personal health information (PHI). To support the allegations, photographs of patient records

Topics

Privacy and Transparency in a Modern Government

Resource

- Published on Feb 10, 2025

Lost and found: Preserving abandoned health records

Case of Note: PHIPA Decision 221 (interim) and PHIPA Decision 230 (final) Background The Information and Privacy Commissioner of Ontario (IPC) was contacted about a case of potentially abandoned medical records at a storage facility. The report came from a property management company that was acting

Topics

Resource

- Published on Jan 7, 2025

Letters

Toronto Public Library Cyberattack: Importance of reasonable security measures and notifying affected individuals under MFIPPA

A cyberattack on the Toronto Public Library exposed vulnerabilities in its systems that contained a significant number of individuals’ personal information. Read the closing letter to learn about how the case was settled at the Early Resolution Stage.

Download PDF

Topics

Technology and Security

Resource

- Published on Dec 19, 2024

Preventing health privacy breaches: Why training, policies, and confidentiality agreements matter

Case of Note: PHIPA Decision 260 Background A public hospital was alerted to suspicious activity on a patient chart, and initiated an investigation, which included a targeted audit. The audit revealed that nearly 4,000 patient charts had been accessed by a physician without authorization, from a

Topics

Resource

- Published on Nov 18, 2024

Letters

Reported Breach HR23-00282

A prescribed person under the Personal Health Information Protection Act reported a breach to the IPC regarding a cyberattack that involved the unauthorized copying of approximately 3.4 million individuals’ personal health information from the prescribed person’s secure file transfer server. The

Download PDF

Topics

Technology and Security

Resource

- Published on Aug 14, 2024

Cyberattack response: Duty to notify individuals under PHIPA and CYFSA

Background The following decisions involved different cyberattacks against four different organizations. Three involved health information custodians (HICs) subject to the Personal Health Information Protection Act (PHIPA), and the fourth involved a Children’s Aid Society subject to Part X of the

Topics

Resource

- Published on Aug 2, 2024

Cyberattack response: Duty to notify individuals under PHIPA and CYFSA

Topics

Published on Aug 2, 2024

Ensuring health data privacy: Insights from the UTOPIAN case

Case of Note: PHIPA Decision 243 Introduction Health information research plays a vital role in improving medical treatments and the quality of care. To conduct health research, researchers require access to personal health information, the collection and use of which is regulated under health

Topics

Resource

- Published on Jul 29, 2024

Ensuring health data privacy: Insights from the UTOPIAN case

Topics