Date of this Report (required)

(MM/DD/YYYY)

Type of organization: (required)

Health information custodian - you are reporting a breach as required under subsection 12(3) or clause 55.5(7)(b) of the Personal Health Information Protection Act, 2004 and Ontario Regulation 329/04 made pursuant to that actCoroner - you are reporting a breach as required under subsection 18.10(1) or clause 18.10(4)(b) of Ontario Regulation 329/04Institution (ministry, municipality, etc.) - you are reporting a breach under the Freedom of Information and Protection of Privacy Act or the Municipal Freedom of Information and Protection of Privacy ActChild and family service provider - you are reporting a breach under the Child, Youth and Family Services Act, 2017

Name of reporting organization: (required)

Address of reporting organization: (required)

The first and last name of individual submitting on behalf of reporting organization: (required)

Phone number: (required)

Email address: (required)

Description of the privacy breach

Please describe the circumstances of the privacy breach, including

• What happened?
• Describe how personal information/personal health information (as applicable) came to be stolen or lost or used or disclosed without authority (or collected without authority by means of the EHR)
• Date (or date range) of theft(s), loss(es) or unauthorized use(s) or disclosure(s) (or unauthorized collection(s) by means of the EHR) of personal information /personal health information
• Date privacy breach was discovered by the reporting organization
• How this privacy breach was discovered by the reporting organization
• Were other organizations (health information custodians/service providers/institutions) involved in this privacy breach? Please explain.
• Describe the nature of the personal information /personal health information that was stolen or lost or used or disclosed without authority (or collected without authority by means of the EHR)
• The number of individuals whose personal information /personal health information was stolen or lost or used or disclosed without authority (or collected without authority by means of the EHR)

Containment

Please describe the steps that have been taken to contain the privacy breach, the date that such steps were taken, and the outcome of these steps (including whether these steps were successful in containing the privacy breach).

Notification (required)

Were the individuals whose personal information or personal health information was stolen or lost or used or disclosed (or collected without authority by means of the EHR) without authority notified of this privacy breach?
YesNo

If yes, on what date was notification provided?
(MM/DD/YYYY)

Investigation/Remediation

What steps have you taken to investigate this privacy breach?

What steps remain to be taken to investigate this privacy breach?

What steps have you taken to remediate and prevent a future privacy breach?

What steps remain to be taken to remediate and prevent a future privacy breach?

Attach Documents: (10MB maximum)

Submit the :

Option 1:   Send this now

What happens next? Someone from our intake team will contact you to discuss your breach report.

Find out more about managing privacy breaches.
You can also contact our office by email at [email protected], by phone at 416-326-3333, toll-free at 1-800-387-0073 if you have questions.