1. Skip to Menu
  2. Skip to Content
  3. Skip to Footer>

2018 health privacy breach reporting requirements

According to new rules under the Personal Health Information Protection Act (PHIPA), health information custodians in Ontario are now required to report statistics relating to health privacy breaches annually to the Information and Privacy Commissioner of Ontario's (IPC) office, which oversees compliance with PHIPA.

Examples of health information custodians include health care practitioners such as doctors, nurses, pharmacists, speech-language pathologists, chiropractors, dental professionals, dieticians, medical laboratory technologists, massage therapists, midwives, occupational therapists, opticians and physiotherapists. This statistical report will set out the number of times in 2018 that personal health information held by a health information custodian was stolen, lost, used without authority and/or disclosed without authority. The other sections of the report will focus on the cause of the breach and the number of individuals affected. The report does not ask for personal health information.

The IPC online statistics submission website is now open for health information custodians across Ontario to submit their statistics for the 2018 reporting year. Health information custodians that have experienced at least one health privacy breach during the 2018 reporting year—from January to December—are required by law to complete the online questionnaire. The deadline to submit is Friday, March 1, 2019.

Please refer to a letter from the IPC (PDF) and a corresponding factsheet (PDF) for more information.

Read More CMLTO News