Trust in Digital Health

Our goal is to promote confidence in the digital health care system by guiding custodians to respect the privacy and access rights of Ontarians, and supporting the pioneering use of personal health information for research and analytics to the extent it serves the public good.

Our work to further this goal includes:

Showing 10 of 50 results

Title Topics Type Date More Information Toggle
Commissioner’s letter to the Ministry of Health about proposed regulatory amendments under the Personal Health Information Protection Act Trust in Digital Health Advice and Submissions, Letters Read moreExpand

In her letter, Commissioner Kosseim recommends that the ministry reconsider its proposal to better facilitate Ontarians’ easy and meaningful access to their records in the provincial Electronic Health Record. The commissioner also recommends that the ministry carefully consider transparency and accountability of the proposed digital ecosystem to access those records.

Comments responding to the proposal to enhance personal health information contributed to the provincial electronic health record (EHR) Trust in Digital Health Advice and Submissions Read moreExpand

Letter to the Ministry of Health responding to the changes proposed under the PHIPA regulation mandating contribution of personal health information to the electronic health record, and reiterating the need to ensure that personal health information is protected in systems used to assist in providing health care.

Administrative monetary penalties under the Personal Health Information Protection Act Trust in Digital Health Professional Guidelines Read moreExpand

The Office of the Information and Privacy Commissioner of Ontario (IPC) is committed to protecting personal health information using a flexible and balanced approach that addresses privacy violations while encouraging accountability, learning, and continuous improvement.

As of January 1, 2024, the IPC has the discretion to issue administrative monetary penalties (AMPs) as part of its enforcement powers for violations of the Personal HealthInformation Protection Act (PHIPA).

Penalties are up to a maximum of $50,000 for individuals and $500,000 for organizations. AMPs may be issued for the purposes of encouraging compliance with PHIPA or preventing a person from deriving — directly or indirectly — any economic benefit from contravening the law.

Learn more about the criteria for AMPs and how the IPC will determine penalty amounts in our guidance.

If you have additional questions about AMPs, email us at @email.

Administrative Monetary Penalties: Guidance for the Health Care Sector Trust in Digital Health Professional Guidelines Read moreExpand

As of January 1, 2024, the IPC has the discretion to issue administrative monetary penalties as part of its enforcement powers for violations of the Personal Health Information Protection Act (PHIPA). Download the guidance document to learn more.

Submission for Bill 135, Convenient Care at Home Act, 2023, which would amend the Connecting Care Act, 2019 Trust in Digital Health Advice and Submissions Read moreExpand

In this letter to Brian Riddell, Chair of the Standing Committee on Social Policy, the IPC makes recommendations in relation to proposed amendments to the Connecting Care Act, 2019.

Comments and Approach for PHIPA Administrative Penalties Trust in Digital Health Advice and Submissions Read moreExpand

Letter to Ministry of Health on support for and approach to proposed administrative penalties under PHIPA, highlighting their importance in enforcing healthcare privacy and access rights.

Notice of change to PHIPA Practice Direction #3 Health, Trust in Digital Health Practice Directions Read moreExpand

Document Updated: A change to PHIPA Practice Direction #3 took effect on October 10, 2023. Learn more

As of October 10, 2023, the IPC may publish PHIPA decisions at any stage of dispute resolution, including early resolution, investigation, and adjudication. This includes publishing the name of the respondent and affected person(s), unless doing so would identify the complainant or any person whose personal health information is at issue.

Comments on Bill 60, Your Health Act, 2023 Health, Trust in Digital Health Advice and Submissions Read moreExpand

This letter to Goldie Ghamari, Chair of the Standing Committee on Social Policy, was intended to present the IPC’s views on how amendments to Bill 60 can better enhance transparency and privacy protections of Ontarians’ information with respect to the Integrated Community Health Services Centres Act, 2023 proposed in Schedule 1, and on “As of Right” health care practitioners who may be permitted to practice in Ontario without first having to register with a provincial regulatory health colleges, addressed in Schedule 2.

Privacy Day 2023 Event: Building Trust in Digital Health Care Trust in Digital Health Read moreExpand

Digital tools open up great new opportunities for more efficient and effective health care. They also introduce new privacy and security risks to sensitive personal health information. How can health care organizations become more resilient against privacy breaches and cyberattacks? How can they successfully build and sustain a privacy-respectful culture? And what will it take for the health care sector to finally rid itself of faxes and unprotected emails — the top causes of health privacy breaches in Ontario?

Watch this video for our discussion on #IPD2023 surrounding one of our key strategic priorities: Building trust in digital health care.

Our panelists this year included:

  • Sylvie Gaskin, Chief Privacy Officer, Ontario Health
  • Michael Hillmer, ADM, Digital and Analytics Strategy Division, Ministry of Health
  • Wendy Lawrence, Chief Risk, Legal and Privacy Officer, St. Joseph’s Healthcare Hamilton
  • Nyranne Martin, CPO and General Counsel, Ottawa Hospital
  • Ariane Siegel, General Counsel and CPO, OntarioMD
IPC Privacy Day Event Health, Trust in Digital Health Read moreExpand

Resources mentioned in the video

 

Friday, January 27, 2023

9:30 a.m. to 12:00 p.m., EST

Join Ontario’s Information and Privacy Commissioner, Patricia Kosseim, in person, or via webcast, for a panel discussion on Friday, January 27 to mark Data Privacy Day. The theme of this year’s event is Building Trust in Digital Health Care, and is based on one of four strategic priority areas that are guiding the work of the IPC.

Digital tools open up great new opportunities for more efficient and effective health care. They also introduce new privacy and security risks to sensitive personal health information. How can health care organizations become more resilient against privacy breaches and cyberattacks? How can they successfully build and sustain a privacy-respectful culture? And what will it take for the health care sector to finally rid itself of faxes and unprotected emails — the top causes of health privacy breaches in Ontario?

Key issues to be discussed include:

  • replacing faxes with more secure forms of digital communication
  • ushering in administrative monetary penalties under Ontario’s health privacy law
  • building privacy and security resiliency against breaches and cyberattacks
  • fostering a privacy-respectful culture across an organization

Panelists:

Event agenda:

9:00 a.m. – Doors open

9:30 a.m. – Welcome and keynote by Commissioner, Patricia Kosseim

9:50 a.m. – Panel discussion moderated by Assistant Commissioner, Eric Ward

10:35 a.m. – Break

10:50 a.m. – Panel discussion continues

11:35 a.m. – Audience Q&A

11:55 a.m. – Closing remarks by Assistant Commissioner, Warren Mar

12:00 p.m. – Event ends

Registration

This is a free event, but registration is required, and space is limited.

Webcast: To watch the webcast, please register here. Please submit your questions in advance of the event at @email. Simultaneous French translation will be provided for the webcast.

In-Person: To attend the event in-person at the Central YMCA in downtown Toronto, RSVP by emailing [email protected].

Help us improve our website. Was this page helpful?
When information is not found

Note:

  • You will not receive a direct reply. For further enquiries, please contact us at @email
  • Do not include any personal information, such as your name, social insurance number (SIN), home or business address, any case or files numbers or any personal health information.
  • For more information about this tool, please see our Privacy Policy.