IPC - Office of the Information and Privacy Commissioner/Ontario | What's New http://www.ipc.on.ca en-us Brian Beamish Appointed Commissioner http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=368 <P><SPAN style="FONT-FAMILY: 'Arial', 'sans-serif'"><FONT size=2>The Legislative Assembly of Ontario has appointed Brian Beamish to a five-year term as Information and Privacy Commissioner, a role he had been acting in since July 1, 2014. Mr. Beamish joined the IPC as Director of Policy and Compliance in 1999 and served as Assistant Commissioner from 2005. </FONT></SPAN></P> <P><SPAN style="FONT-FAMILY: 'Arial', 'sans-serif'"><FONT size=2>In accepting the role of Commissioner, Mr. Beamish expressed gratitude to Members of Provincial Parliament for the confidence they have shown in him and paid tribute to his predecessors, the Honourable Sidney Linden, Tom Wright and Ann Cavoukian. “I am honoured to be given the opportunity and responsibility to build on the many successes of our office in service of the people of Ontario,” said Mr. Beamish.</FONT></SPAN></P> <P><SPAN style="FONT-FAMILY: 'Arial', 'sans-serif'"><FONT size=2>Recognizing the gains for access and challenges to privacy brought about by an ever-evolving technological landscape, the new Commissioner will be taking the opportunity to review the essential mandate of the office and map the course for the future. </FONT></SPAN></P> Thu, 26 Feb 2015 00:00:00 GMT Annual Statistical Report FAQ http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=367 Do you have any last minute questions about your 2014 Annual Statistical Report? Please consult our <STRONG><A href="https://www.ipc.on.ca/english/Resources/IPC-Corporate/IPC-Corporate-Summary/?id=619">FAQs</A>.</STRONG>&nbsp;<BR> <BR> Feel free to call us at 1-800-387-0073 or e-mail <A href="mailto:statistics.ipc@ipc.on.ca">statistics.ipc@ipc.on.ca</A> for any unanswered questions. Thank you! Fri, 20 Feb 2015 00:00:00 GMT Commissioner interviewed by CityTV and CBC TV regarding abandoned health records found near Richmond Hill medical clinic. http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=366 The Commissioner was interviewed by both <A href="http://www.citynews.ca/2015/02/18/personal-medical-records-found-strewn-along-street-in-richmond-hill/">CityTV</A> and <A href="http://www.cbc.ca/news/canada/toronto/medical-records-found-outdoors-in-richmond-hill-1.2962655">CBC TV</A> regarding abandoned health records found near a Richmond Hill medical clinic. The interviews focus on the issue of abandoned health records and what can be done&nbsp;to prevent such breaches.&nbsp;<BR> <BR> For information on best practices for secure destruction of health information records, please see our documents, <A href="https://www.ipc.on.ca/images/Resources/fact-10-e.pdf">Fact Sheet 10: Secure Destruction of Personal Inforamtion</A>, and <A href="https://www.ipc.on.ca/images/Resources/naid.pdf">Get Rid of It Securely to Keep it Private.</A> Thu, 19 Feb 2015 00:00:00 GMT Detecting and Deterring Unauthorized Access to Personal Health Information http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=365 <P>Unauthorized access continues to be a growing problem in the health sector in Ontario. The province’s Personal Health Information Protection Act, (PHIPA), permits health information custodians (HIC) to collect, use and disclose personal health information for the purposes of providing or assisting in the provision of health care based on implied or assumed implied consent but prohibits the collection, use and disclosure of personal health information for any other purpose without the express consent of the individual, unless permitted or required by PHIPA. </P> <P>It is important that HICs and their agents recognize that the issue of unauthorized access to personal health information, regardless of motive, is significant and is taken seriously. The protection of privacy should be integral to the delivery of health care and embedded into the culture of health care organizations. Developing and implementing a comprehensive approach, incorporating a variety of measures and ensuring agents are aware of the relevant privacy policies and procedures can go a long way toward preventing unauthorized access.</P> <P>The purpose of this paper is to shed light on the extent of the problem and the potential consequences for individuals, custodians and their agents, and the entire health sector, and to provide guidance to custodians on minimizing the risk of unauthorized access.<BR> </P> <UL> <LI>Paper:&nbsp;<A href="https://www.ipc.on.ca/english/Resources/Discussion-Papers/Discussion-Papers-Summary/?id=1477">Detecting and Deterring Unauthorized Access to Personal Health Information</A></LI> <LI><A href="https://www.ipc.on.ca/english/phipa/is-it-worth-it/">Is It Worth It</A></LI> </UL> Wed, 28 Jan 2015 00:00:00 GMT Hospitals should report privacy breaches to commissioner: Editorial http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=364 <FONT face=Calibri><SPAN style="BACKGROUND: white; COLOR: black; FONT-SIZE: 10pt"><SPAN style="FONT-FAMILY: 'Arial', 'sans-serif'; BACKGROUND: white; COLOR: black; FONT-SIZE: 9pt"> <P><SPAN style="COLOR: black; FONT-SIZE: 9pt"><FONT face=Calibri>Today, the </FONT><A href="http://www.thestar.com/opinion/editorials/2015/01/13/hospitals_should_report_privacy_breaches_to_commissioner_editorial.html"><FONT color=#0000ff face=Calibri>Toronto Star</FONT></A><FONT face=Calibri> published an editorial calling on Minister of Health, Eric Hoskins, to close the </FONT></SPAN><FONT face=Calibri><SPAN style="BACKGROUND: white; COLOR: black; FONT-SIZE: 9pt">loophole in the privacy act and strengthen the IPC’s oversight.</SPAN> <BR> <BR> </FONT><FONT face=Calibri><SPAN style="COLOR: black; FONT-SIZE: 9pt">“The Commissioner</SPAN><SPAN style="BACKGROUND: white; COLOR: black; FONT-SIZE: 9pt">&nbsp;is calling for a legislative change to force hospitals to report serious breaches to his office. He is right to do so.</SPAN> <SPAN style="BACKGROUND: white; COLOR: black; FONT-SIZE: 9pt">Clearly there is a need to shine a brighter spotlight on health-care privacy leaks. Mandatory reporting to the privacy commissioner is one way to achieve that goal.”</SPAN></FONT></SPAN></SPAN></P> </SPAN></SPAN></FONT> Wed, 14 Jan 2015 00:00:00 GMT Hundreds of hospital privacy violations go unreported http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=363 This morning, the <A href="http://www.thestar.com/life/health_wellness/2015/01/13/hundreds_of_hospital_privacy_violations_go_unreported.html">Toronto Star</A>&nbsp;looked into the large volume of privacy breaches in Ontario hospitals&nbsp;which are unreported. Acting Commissioner Beamish discussed the need for new legislation to force hospitals to report serious breaches:<BR> <BR> “I definitely think it’s worth looking at. People are very protective of their health information, and when this type of thing happens it’s a very personal intrusion — people feel violated.” Tue, 13 Jan 2015 00:00:00 GMT IPC Reopens Jan. 5, 2015 http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=358 <SPAN style="FONT-FAMILY: 'Arial', 'sans-serif'; COLOR: #484848; FONT-SIZE: 8.5pt">The&nbsp;IPC will be closed from 12:30 on Wednesday afternoon, December 31, 2014 to Monday, January 5, 2015 at 9 a.m. Best wishes for a safe and prosperous New Year.</SPAN> Wed, 31 Dec 2014 00:00:00 GMT Hospitals Should Review Auditing Practices http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=357 The <A href="http://www.thestar.com/news/gta/2014/12/26/star_investigation_3_gta_hospitals_dont_proactively_audit_accesstopatient_files.html">Toronto Star </A>found significant differences&nbsp;in the auditing practices of GTA hospitals. The paper spoke with Acting Commissioner Beamish about the changes he hopes to see: <BR> <BR> “There’s a spectrum out there,” acting Privacy Commissioner Brian Beamish told the Star. “There are hospitals that have very robust systems put in place. And then there are ones where there may be something lacking and it takes an incident to bring that to light.”<BR> <BR> Last week, Beamish released a damning <A href="http://www.ipc.on.ca/english/Decisions-and-Resolutions/Decisions-and-Resolutions-Summary/?id=9707">report</A> on Rouge Valley Centenary Hospital, which had a massive privacy breach involving more than 14,000 patients and still lacks the ability to track staff access to confidential files.<BR> <BR> “I hope that this kind of an order brings some publicity and raises some awareness out there for hospitals to go back and take a look at how they are auditing and make sure that their audit is comprehensive enough,” Beamish told the Star<BR> <BR> Mon, 29 Dec 2014 00:00:00 GMT IPC orders Rouge Valley to implement significant changes to protect patient health information http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=354 The <A href="http://www.thestar.com/life/health_wellness/2014/12/16/ontario_privacy_commissioner_slams_rouge_valley_hospital.html">Toronto Star</A> spoke with Acting Commissioner Brian Beamish yesterday about the investigation into the two significant privacy breaches at Rouge Valley Health System and the <A href="http://www.ipc.on.ca/images/Findings/ho-013.pdf">Order</A> released yesterday: <BR> <BR> “This kind of behaviour, whether it’s snooping out of curiosity or taking information for financial gain, is unacceptable, and staff should be clear that if they do it, there’s a good chance they’ll get caught,” Beamish told the Star. “But there’s also a message out to the health care profession that they have an obligation to make sure that there are safeguards in place to prevent and to detect this kind of activity.” <BR> Wed, 17 Dec 2014 00:00:00 GMT Ontario passes legislation that makes it illegal to destroy government records http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=353 <FONT style="BACKGROUND-COLOR: #ffffff" color=#000000>Based on some of the recommendations of the IPC report,&nbsp;<SPAN style="TEXT-DECORATION: underline"><A href="http://www.ipc.on.ca/English/Decisions-and-Resolutions/Decisions-and-Resolutions-Summary/?id=9181">Deleting Accountability: Record Management Practices of Political Staff - A Special Investigation Report</A></SPAN>,&nbsp;the <A href="http://www.cp24.com/news/ontario-passes-legislation-that-makes-it-illegal-to-destroy-government-records-1.2140070">Ontario govenment yesterday passed Bill 8</A>,&nbsp;<A href="http://news.ontario.ca/tbs/en/2014/12/province-passes-legislation-to-strengthen-accountability.html?utm_source=ondemand&amp;utm_medium=email&amp;utm_campaign=p">The Public Sector and MPP Accountability and Transparency Act</A>.&nbsp;The legislation makes it an offence to alter, conceal or destroy records with intent to deny an access request, with a penalty of up to $5,000. <BR> <BR> </FONT> Wed, 10 Dec 2014 00:00:00 GMT