Our goal is to promote confidence in the digital health care system by guiding custodians to respect the privacy and access rights of Ontarians, and supporting the pioneering use of personal health information for research and analytics to the extent it serves the public good.
Schedule 6 of Bill 231, More Convenient Care Act, 2024 introduces a complex initiative to enable Ontarians' use of a Digital Health Identity tool with the intent that Ontarians will use it to access their health records. It contains significant changes to Ontario’s health privacy law that put Ontarians' health privacy at risk and limits rather than enables their access rights.
The joint investigation report concerning the 2019 cyberattack on LifeLabs’ computer systems was completed in June 2020. The Ontario Court of Appeal recently dismissed LifeLabs’ bid to block public release of the report.
In her letter, Commissioner Kosseim recommends that the ministry reconsider its proposal to better facilitate Ontarians’ easy and meaningful access to their records in the provincial Electronic Health Record. The commissioner also recommends that the ministry carefully consider transparency and accountability of the proposed digital ecosystem to access those records.
Letter to the Ministry of Health responding to the changes proposed under the PHIPA regulation mandating contribution of personal health information to the electronic health record, and reiterating the need to ensure that personal health information is protected in systems used to assist in providing health care.
The Office of the Information and Privacy Commissioner of Ontario (IPC) is committed to protecting personal health information using a flexible and balanced approach that addresses privacy violations while encouraging accountability, learning, and continuous improvement.
As of January 1, 2024, the IPC has the discretion to issue administrative monetary penalties (AMPs) as part of its enforcement powers for violations of the Personal HealthInformation Protection Act (PHIPA).
Penalties are up to a maximum of $50,000 for individuals and $500,000 for organizations. AMPs may be issued for the purposes of encouraging compliance with PHIPA or preventing a person from deriving — directly or indirectly — any economic benefit from contravening the law.
Learn more about the criteria for AMPs and how the IPC will determine penalty amounts in our guidance.
If you have additional questions about AMPs, email us at @email.
As of January 1, 2024, the IPC has the discretion to issue administrative monetary penalties as part of its enforcement powers for violations of the Personal Health Information Protection Act (PHIPA). Download the guidance document to learn more.
In this letter to Brian Riddell, Chair of the Standing Committee on Social Policy, the IPC makes recommendations in relation to proposed amendments to the Connecting Care Act, 2019.
Letter to Ministry of Health on support for and approach to proposed administrative penalties under PHIPA, highlighting their importance in enforcing healthcare privacy and access rights.
Document Updated: A change to PHIPA Practice Direction #3 took effect on October 10, 2023. Learn more
As of October 10, 2023, the IPC may publish PHIPA decisions at any stage of dispute resolution, including early resolution, investigation, and adjudication. This includes publishing the name of the respondent and affected person(s), unless doing so would identify the complainant or any person whose personal health information is at issue.
This letter to Goldie Ghamari, Chair of the Standing Committee on Social Policy, was intended to present the IPC’s views on how amendments to Bill 60 can better enhance transparency and privacy protections of Ontarians’ information with respect to the Integrated Community Health Services Centres Act, 2023 proposed in Schedule 1, and on “As of Right” health care practitioners who may be permitted to practice in Ontario without first having to register with a provincial regulatory health colleges, addressed in Schedule 2.
