Formule de déclaration d’atteinte à la vie privée

La présente formule est réservée à l’usage des dépositaires de renseignements sur la santé qui souhaitent déclarer le vol, la perte ou encore l’utilisation ou la divulgation sans autorisation de renseignements personnels sur la santé (ce que l’on appelle une atteinte à la vie privée) au Bureau du commissaire à l’information et à la protection de la vie privée (CIPVP), en vertu du paragraphe 12 (3) de la Loi de 2004 sur la protection des renseignements personnels sur la santé et du Règlement de l’Ontario *** pris en application de cette loi.
Avertissement : N’inscrivez pas de renseignements personnels sur la santé sur la présente formule.
Le CIPVP est conscient du fait que les mesures d’enquête, de maîtrise et de correction de cette atteinte à la vie privée pourraient toujours être en cours au moment de la présentation de cette formule. Veuillez fournir les renseignements demandés dans toute la mesure du possible. Le CIPVP pourrait demander des renseignements supplémentaires après examen.


Please describe the circumstances of the privacy breach, including

  • What happened?
  • Describe how personal health information came to be stolen or lost or used or disclosed without authority?
  • Date (or date range) of theft(s), loss(es) or unauthorized use(s) or disclosure(s) of personal health information?
  • Date privacy breach was discovered by the reporting custodian?
  • How was this privacy breach discovered by the reporting custodian?
  • How many agents of the reporting custodian were responsible, in whole or in part, for causing this privacy breach? Please explain.
  • In addition to the reporting custodian, how many other health information custodians were involved in this privacy breach? Please explain.
  • Describe the nature of the personal health information that was stolen or lost or used or disclosed without authority?
  • The number of individuals whose personal health information was stolen or lost or used or disclosed without authority?


Please describe the steps that have been taken by, or at the direction of, the reporting custodian to contain the privacy breach, the date that such steps were taken, and the outcome of these steps (including whether these steps were successful in containing the privacy breach).


Were the individuals whose personal health information was stolen or lost or used or disclosed without authority notified of this privacy breach?

  • On what date was notification provided? (Input field for date)
    (MM/DD/YYYY)
  • If not, why not??
  • By what means was the notice communicated (mail, in person, etc.)?
  • Did the notice include:
    A description of the circumstances of the privacy breach?The nature and extent of the personal health information at issue?The steps that have been taken and/or will be taken to contain and remediate the privacy breach?The contact information of the person within your organization to contact for questions about the privacy breach?That the IPC has been notified of the privacy breach?That the individual is entitled to make a complaint to the IPC and information regarding how to make such a complaint?

  • What steps have you taken to investigate this privacy breach?
  • What steps remain to be taken to investigate this privacy breach?
  • What steps have you taken to remediate and prevent a future privacy breach?
  • What steps remain to be taken to remediate and prevent a future privacy breach?



captcha
Type in the code above (required)



Print Form

Registraire
Commissaire à l’information et à la protection de la vie privée de l’Ontario
2, rue Bloor Est, bureau 1400
Toronto (Ontario) M4W 1A8
Courriel : breach@ipc.on.ca
Télécopieur : 416 326-9188