IPC - Office of the Information and Privacy Commissioner/Ontario | What's New http://www.ipc.on.ca en-us Updated FAQs on Health Cards and Health Numbers http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=415 <P>Health cards are important pieces of ID, commonly requested by a variety of individuals and organizations, not just health information custodians. However, Ontarians may not be aware of their rights and responsibilities <A href="https://www.ipc.on.ca/english/Resources/Educational-Material/Educational-Material-Summary/?id=288" target=_blank><IMG src="/site_images/health_card_FAQs_cover.jpg" align=right height=150></A>when requiring, requesting, using and disclosing this personal information.</P> <P>We’ve updated our existing frequently asked questions on health cards and health numbers in order to clarify who may collect, use or disclose health numbers for health care purposes, as well as the use of health cards as a proof of identity. The <A href="https://www.ipc.on.ca/english/Resources/Educational-Material/Educational-Material-Summary/?id=288" target=_blank>revised guidance</A> answers these questions: <UL> <LI>Who may require individuals to produce their health cards? <LI>Who may collect, use or disclose health numbers and under what circumstances? <LI>Who may ask individuals to provide their health cards or health numbers? <LI>Can health cards serve as proof of identity? <LI>What should you consider before asking individuals to provide a health card or health number? </LI> </UL> <P></P> <P>Health information custodians or members of the public who have other questions or concerns related to health cards or numbers should <A href="https://www.ipc.on.ca/english/About-Us/How-to-Reach-Us/" target=_blank>contact our office</A>.</P> Mon, 23 Nov 2015 00:00:00 GMT PHIPA Decision 17 http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=414 <pc>Today we published <a href="https://www.ipc.on.ca/English/Decisions-and-Resolutions/Decisions-and-Resolutions-Summary/?id=9957" target="_blank">PHIPA Decision 17</a>, an important decision dealing with the application of both the <em> Personal Health Information Protection Act</em> (<em>PHIPA</em>) and the <em>Freedom of Information and Protection of Privacy Act</em> (<em>FIPPA</em>) to a hospital.</p> <p>The matter began as a request by a father whose child died shortly after birth for all the hospital’s records related to the tragic event. Among the many issues canvassed in the decision are:<br> <ul> <li>whether the father was entitled to make a request for access to the personal health information of his wife and child;</li> <li>what kind of records were covered by such an access request;</li> <li>whether the father had the right to records, or parts of records, that the hospital did not wish to release; and</li> <li>what fees the hospital could charge for granting access.</li> </ul> </p> <p><a href="https://www.ipc.on.ca/English/PHIPA/PHIPA-Orders/" target="_blank">Previous PHIPA decisions</a></p> Mon, 16 Nov 2015 00:00:00 GMT Frontline #HealthPrivacy – Join the Conversation http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=413 <P>Ten years after the passage of the <EM>Personal Health Information Protection Act</EM> (<EM>PHIPA</EM>), unauthorized access to personal health information remains a serious issue. This has been highlighted in recent years by a few high-profile privacy breaches. Often, the persons accused of the privacy violations are frontline health care workers such as nurses, clerks or technicians. In response, we’ve developed a program called <STRONG>Frontline #HealthPrivacy</STRONG>. Our goal is to establish an online community for frontline health care workers and students by providing platforms for dialogue on this issue. </P> <IMG style="PADDING-BOTTOM: 5px; PADDING-LEFT: 5px" src="/site_images/FHP_web.jpg" align=right> <P>Looking at personal health information for unauthorized purposes is simply unacceptable. It can have devastating outcomes not only for patients, but for health care professionals too. Snooping can result in damage to&nbsp;professional reputations, termination by employers, disciplinary action by regulatory colleges and professional associations, fines and even prosecution. </P> <P>However, the IPC’s primary mission is not to hunt down and punish. We aim to prevent privacy breaches by proactively reaching out to the health sector with programs and initiatives like Frontline #HealthPrivacy. </P> <P>Unlike short-term awareness programs, Frontline #HealthPrivacy will offer a steady and evergreen flow of information and resources, adapting to the changing landscape of health care and adopting digital technologies to stay in touch with its audiences. In the coming months we’ll use our social channels to share blog posts, podcasts and webcasts created with health care workers in mind.</P> <P>The IPC aims to provide health care professionals and students with the information necessary to understand their duties and obligations under Ontario’s health privacy legislation. We believe we can reduce the number of health privacy breaches by creating an online community to exchange of ideas, information and experiences. We hope you’ll join the conversation. </P> <P><STRONG>Connect </STRONG><BR> <A href="https://twitter.com/IPCinfoprivacy" target=_blank>Twitter</A> <BR> <A href="https://www.facebook.com/IPCOntario/" target=_blank>Facebook</A><BR> <A href="https://www.linkedin.com/company/office-of-the-information-and-privacy-commissioner---ontario-canada" target=_blank>LinkedIn</A> <BR> <A href="https://www.youtube.com/channel/UCff_vJ7GY4Q8gR-_oBKsaNA" target=_blank>YouTube</A> </P> Mon, 09 Nov 2015 00:00:00 GMT Submission to the Standing Committee on Justice Policy: <em>Police Record Checks Reform Act</em> http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=412 <P>In <a href="https://www.ipc.on.ca/images/Resources/2015-11-04%20Letter%20to%20Shafiq%20Qaadri,%20Chair,%20Standing%20Committee%20on%20Justice%20Policy%20re%20Bill%20113%20.pdf" target="_blank">a letter to Shafiq Qaadri</A>, MPP and chair of the Standing Committee on Justice Policy, the Commissioner has expressed his support for <A href="http://www.ontla.on.ca/web/bills/bills_detail.do?locale=en&amp;BillID=3416" target=_blank>Bill 113</A>, the <EM>Police Record Checks Reform Act</EM> (the <EM>Act</EM>), which incorporates key privacy-protecting measures our office has recommended over the past decade. The <EM>Act</EM> will clarify rights and obligations related to police record checks for police services and members of the public.</P> <P>The submission recommends three amendments that would ensure transparency with respect to police record check practices, ensure an open and informed review of the <EM>Act</EM> and ensure that the public has the opportunity to provide input into the development of key regulations.</P> <P>Our office is committed to assisting with the development of a comprehensive police record check regime, including the forms, directives, regulations, guides and other materials required to ensure compliance with the <EM>Act</EM>. We look forward to participating in future discussions with the Legislature, the Ministry of Community Safety and Correctional Services, the policing community and the public on these and other related matters.</P> Thu, 05 Nov 2015 00:00:00 GMT Updated FAQs on Ontario’s Health Privacy Act http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=411 <P>Think you know <EM>PHIPA</EM>? Ontario’s health-specific privacy legislation, the <A href="http://www.ontario.ca/laws/statute/04p03" target=_blank><EM>Personal Health Information Protection Act</EM></A>, came into force 11 years ago, on Nov. 1, 2004. To inform health information custodians and the public about their obligations and rights, we provide related resources on our website, including <A href="https://www.ipc.on.ca/english/PHIPA/PHIPA-Training-Video/" target=_blank>training videos</A>, <A href="https://www.ipc.on.ca/english/PHIPA/PHIPA-Fact-Sheets/" target=_blank>fact sheets</A>, <A href="https://www.ipc.on.ca/english/PHIPA/PHIPA-Orders/" target=_blank><EM>PHIPA</EM> decisions</A> and <A href="https://www.ipc.on.ca/english/PHIPA/is-it-worth-it/" target=_blank>anti-snooping materials</A>.</P> <P>In 2006 we published a comprehensive guidance on <EM>PHIPA</EM> in the form of frequently asked questions, and this year we’ve updated it to include more in-depth coverage. We’ve added questions that address such issues as disclosing personal health information (PHI) in an emergency, obtaining health records of deceased relatives and notification requirements in the event of a privacy breach. The FAQs also have a new look and feel, with cleaner, easy-to-understand, gender-neutral language.</P> <A href="https://www.ipc.on.ca/images/Resources/phipa-faq.pdf" target=_blank><IMG border=1 alt="" src="/site_images/PHIPA_FAQ_cover_web.png" align=right height=180></a> <P>In addition to an overview of PHIPA’s purpose and relationship to other privacy legislation in Ontario and Canada, the FAQs cover: <BR> <UL> <LI>interpretation and application of <EM>PHIPA</EM>; <LI>practices to protect PHI; <LI>consent concerning PHI; <LI>collection, use and disclosure of PHI; <LI>fundraising and marketing; <LI>research; <LI>Ontario health cards and health numbers; <LI>access to records of PHI and correction; and <LI>administration and enforcement. </LI> </UL> <P></P> <P>The FAQs are available as <A href="https://www.ipc.on.ca/images/Resources/phipa-faq.pdf" target=_blank>a downloadable PDF</A>.</P> Tue, 03 Nov 2015 00:00:00 GMT PHIPA: Past, Present, Future http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=410 <P>Ontario’s health privacy act came into effect a decade ago, and since then our office has worked to uphold its principles by issuing <A href="https://www.ipc.on.ca/English/PHIPA/PHIPA-Orders/" target=_blank>decisions</A>, guidelines and training materials for health information custodians. The <EM>Personal Health Information Protection Act</EM> (<EM>PHIPA</EM>) is now recognized as a gold standard for protecting privacy while enabling the effective provision of health care. In fact, <EM>PHIPA</EM> has been viewed as such a success that it <A href="https://www.ipc.on.ca/english/PHIPA/Phipa-10years/" target=_blank>serves as a model</A> both here in Canada and in the United States.</P> <IMG alt="" src="/site_images/phipa10-web.jpg" align=right> <P><STRONG>Recent health-privacy work</STRONG><BR> Since 2005, we have issued <A href="https://www.ipc.on.ca/English/PHIPA/PHIPA-Orders/" target=_blank>16 decisions</A> under <EM>PHIPA</EM>. Early this year, the Commissioner <A href="http://www.thestar.com/life/health_wellness/2015/01/13/hundreds_of_hospital_privacy_violations_go_unreported.html" target=_blank>called for</A> changes to strength the legislation and, in June, the Ministry of Health and Long-Term Care <A href="https://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=380" target=_blank>announced</A> it would move forward with our recommended amendments.</P> <P>Still, unauthorized access to personal health information (PHI) <A href="http://www.thestar.com/life/health_wellness/2015/01/13/hundreds_of_hospital_privacy_violations_go_unreported.html" target=_blank>remains a challenge</A> and addressing these remains a priority for our office. To ensure health-privacy complaints are processed in a fair and timely way, we continue to <A href="https://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=400" target=_blank>simplify</A> our practices related to <EM>PHIPA</EM>. This goes hand in hand with clarifying and promoting how individuals can <A href="https://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=391" target=_blank>report health privacy breaches</A> and <A href="https://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=386" target=_blank>access their personal health information</A>.</P> <P>Another part of this work involves informing frontline heath care workers and the general public about the importance of secure PHI. This past year we drew attention to the 10-year anniversary with the #PHIPA10 hashtag, sharing news and updates related to the <EM>Act</EM> and our work with it. In September <A href="https://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=396" target=_blank>we announced</A> we would issue an expanded range of <EM>PHIPA</EM> decisions and follow a slightly different process when dealing with health-related matters.</P> <P><STRONG>Looking ahead</STRONG><BR> Ontario’s health-privacy legislation is <A href="https://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=402" target=_blank>poised for an update</A>, and our efforts will evolve with it. After 10 years, we’re moving on from #PHIPA10 and launching <STRONG>Frontline #HealthPrivacy</STRONG>, a new program for health care workers and students. Through <A href="https://twitter.com/IPCinfoprivacy" target=_blank>Twitter</A> and <A href="https://www.facebook.com/IPCOntario" target=_blank>our new Facebook page</A>, we’ll share tips, news and updates, with the goal of fostering health-privacy conversations and community online. Stay tuned for more details about Frontline #HealthPrivacy in November. </P> Mon, 26 Oct 2015 00:00:00 GMT Submission to the Standing Committee on the Legislative Assembly: E-Petitions http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=409 <P>Earlier today the Commissioner appeared before the Standing Committee on the Legislative Assembly to provide advice on the integration of e-petitions into the Assembly’s existing petition procedures. <A href="https://www.ipc.on.ca/images/Resources/2015-10-E-Petitions-f.pdf" target=_blank>His submission</A> discusses the benefits of e-petitions, including how they can support open and transparent government. It also addresses the privacy implications of e-petitions and what the Legislative Assembly can do to protect individuals’ personal information. </P> <P>The Commissioner supports the efforts of the Standing Committee on the Legislative Assembly and has offered the IPC’s assistance in the development of a privacy-protective e-petition program. </P> Wed, 21 Oct 2015 00:00:00 GMT How to Access Your Police-Held Records http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=408 <P>Members of the public have the right to request records containing their personal information from the Ontario Provincial Police or a municipal police service. Individuals who make these requests may have, for example, played a role in a suspected offence, been involved in a call for service or some other police-attended incident (as a complainant, victim, accused person, witness, etc.) or had a relative who died in circumstances that led to the involvement of a police service.</P> <A href="https://www.ipc.on.ca/site_images/Filing%20an%20FOI-.png" target=_blank><IMG style="HEIGHT: 400px; PADDING-BOTTOM: 10px; PADDING-TOP: 0px; PADDING-LEFT: 10px; MARGIN: 10px; PADDING-RIGHT: 10px" alt="" src="/site_images/Filing%20an%20FOI-.png" align=right></A> <P>Someone else, such as a lawyer or other person acting on your behalf, may make the request for you, or you may do so yourself. You may file a request by submitting <A href="https://www.ipc.on.ca/images/Resources/up-1request.pdf" target=_blank>a form</A> and paying a fee, either by mail or in person.</P> <P>Commonly requested records include: <UL> <LI>incident and investigation reports, <LI>witness statements, <LI>Crown or police briefs, <LI>records of arrests, <LI>officers’ notes and <LI>police-related 911 calls. </LI> </UL> <P></P> <P>Many people think that they cannot request a police officer’s notes, but a police notebook is generally in the custody or control of the police service and is subject to freedom of information requests.</P> <P>Requesting information from a police service follows <A href="https://www.ipc.on.ca/english/Access-to-Information/Accessing-Public-Information/" target=_blank>the same process</A> as asking for records from other types of government institutions. However, the nature of police-held information means that frequently some of these records — or some passages within these records — are exempt from disclosure under Ontario’s access to information legislation. </P> <P>There are two kinds of exemptions: mandatory and discretionary. A police service cannot release a record if it is covered by a mandatory exemption. An example of this is if you ask for someone else’s information, and disclosure to you would be an unjustified invasion of that other person’s privacy. In the case of discretionary exemptions, a police service may disclose the information even if the exemption applies. Many requests individuals make to a police service for their personal information are subject to discretionary exemptions. This means the police service will weigh your right to access against other factors before issuing a decision. </P> <P>In all cases, if you disagree with a police service’s decision to deny your access request in whole or part, you may file <A href="https://www.ipc.on.ca/english/Access-to-Information/Appeals-for-Public/" target=_blank>an appeal</A> with our office.</P> Wed, 14 Oct 2015 00:00:00 GMT Guidelines for the Use of Video Surveillance http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=407 <A href="https://www.ipc.on.ca/site_documents/FINAL_2015_Guidelines_Surveillance.pdf" target=_blank><IMG style="HEIGHT: 200px; BORDER-TOP-COLOR: ; BORDER-LEFT-COLOR: ; PADDING-BOTTOM: 10px; BORDER-BOTTOM-COLOR: ; PADDING-TOP: 0px; PADDING-LEFT: 10px; MARGIN: 10px; BORDER-RIGHT-COLOR: ; PADDING-RIGHT: 10px" alt="" src="/site_images/2015-Guidelines-Video-Surveillance-cover-lr.jpg" align=right style="border:1px solid black"></A> <P>Many institutions turn to video surveillance to help them fulfil their obligations to protect the safety of individuals and the security of their equipment and property. Video footage captured by cameras is regularly used to assist in the investigation of wrongdoing. However, the use of these surveillance technologies can put individuals’ privacy at risk. Therefore, it is important to carefully consider both whether it is appropriate to install video surveillance and how it is used.</P> <P><A href="https://www.ipc.on.ca/english/Resources/Best-Practices-and-Professional-Guidelines/Best-Practices-and-Professional-Guidelines-Summary/?id=1624" target=_blank>This publication</A> brings together our previous guidance on video surveillance and responds to new issues and factors, including appropriate retention periods, notices of collection and disclosures to law enforcement agencies.</P> <P>The guidelines canvas the requirements set out in Ontario’s public-sector privacy legislation regarding the collection, use, retention and disclosure of personal information and discuss how these requirements apply to video surveillance technologies. They also include best practices for institutions that are considering video surveillance, such as conducting a privacy impact assessment, consulting the public and establishing comprehensive policies and procedures for the system.</P> <P>Individuals have a general right of access to government-held information, including members of the public who may have been involved in an incident in an area under surveillance. As such, public bodies must be prepared to process these requests including developing protocols for the redaction of personal information from the video footage where appropriate.</P> <P>In each section, concrete examples clarify obligations and best practices. By following these guidelines, institutions can use video surveillance technologies, while protecting individuals’ privacy in accordance with their obligations under Ontario’s privacy legislation.</P> Tue, 06 Oct 2015 00:00:00 GMT Videos and Presentations: Reaching Out to Ontario, Sault Ste Marie http://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=405 <p>On Sept. 25, 2015, the IPC was at Sault Area Hospital for a <a href="https://www.ipc.on.ca/english/About-Us/Whats-New/Whats-New-Summary/?id=385" target="_blank">Reaching Out to Ontario event</a> marking Right to Know Week.</p> <p>Commissioner Brian Beamish <a href="https://www.ipc.on.ca/english/Resources/Presentations-and-Speeches/Presentations-and-Speeches-Summary/?id=1611" target="_blank">spoke about</a> the ongoing evolution to more transparent and accountable government, Assistant Commissioners David Goodis and Sherry Liang <a href="https://www.ipc.on.ca/english/Resources/Presentations-and-Speeches/Presentations-and-Speeches-Summary/?id=1612" target="_blank">discussed</a> modernizing access to information and Director of Legal Services and General Counsel Manuela Di Re and Director of Health Policy Debra Grant <a href="https://www.ipc.on.ca/english/Resources/Presentations-and-Speeches/Presentations-and-Speeches-Summary/?id=1613" target="_blank">presented</a> on protecting health privacy.</p> <p>Watch video archives of <a href="http://mediasite.otn.ca/Mediasite/Play/8e6f7cbf54244ed99ef13459824e3ecd1d" target="_blank">the Commissioner's presentation and the health privacy panel</a>, as well as <a href="http://mediasite.otn.ca/Mediasite/Play/4c7ef90f45a147f988d0a997c9e75ee31d" target="_blank">the access panel</a>, courtesy of the Ontario Telemedicine Network.</p> Mon, 05 Oct 2015 00:00:00 GMT