Trust in Digital Health

Our goal is to promote confidence in the digital health care system by guiding custodians to respect the privacy and access rights of Ontarians, and supporting the pioneering use of personal health information for research and analytics to the extent it serves the public good.

Our work to further this goal includes:

Showing 10 of 50 results

Title Topics Type Date More Information Toggle
Annual Reporting of Privacy Breach Statistics to the Commissioner - Requirements for the Health Sector Privacy, Health, Legislation, Trust in Digital Health Best Practices, Professional Guidelines Read moreExpand
Can health cards serve as proof of your identity? Trust in Digital Health Read moreExpand

Just about everyone is asked at one time or another to provide photo identification. Being asked for your health card for identification purposes has raised a few questions about when it is acceptable to ask for or show a health card for this purpose. This is especially true for individuals whose health card is their only piece of photo identification.

In Ontario, only individuals or institutions that provide you with provincially funded health care services may require that you present your health card. For example, a doctor’s office, hospital, walk-in clinic or medical laboratory can ask to see your health card if they are providing you with health care.

Ontario’s health privacy law, however, does not prohibit you from volunteering your health card for identification purposes. While you are free to show your health card to organizations outside of the health care system, organizations not directly involved in the delivery of provincially funded health care are not permitted to make note of, record, collect, or use a health number for identification purposes.

Please see our Frequently Asked Questions: Health Cards and Health Numbers brochure for more information. You can also contact our office if you have questions or concerns about your health card.

 

Understanding the Risks of Emailing Health Information Privacy, Health, Legislation, Technology and Security, Trust in Digital Health Best Practices, Fact Sheets, Professional Guidelines Read moreExpand

Individuals and organizations rely on email for its convenience, speed and economy. Health information custodians are no exception. While email offers many benefits, it also poses risks to the privacy of individuals and to the security of personal health information. This sensitive information must be well protected as any unauthorized collection, use or disclosure may have far-reaching consequences for patients. It is important for custodians to understand these risks and take steps to mitigate them before using email to communicate personal health information.

Today the IPC published a new fact sheet that describes the risks of using email and custodians’ obligations under the Personal Health Information Protection Act. It outlines some of the technical, physical and administrative safeguards needed to protect personal health information when communicating by email and the policies, procedures and training custodians should have in place.

Fact Sheet: Communicating Personal Health Information by Email Health, Technology and Security, Trust in Digital Health Best Practices, Fact Sheets, Professional Guidelines Read moreExpand

This fact sheet describes the risks of using email and custodians’ obligations under the Personal Health Information Protection Act. It outlines some of the technical, physical and administrative safeguards needed to protect personal health information when communicating by email and the policies, procedures and training custodians should have in place.

Submission of the Information and Privacy Commissioner of Ontario to the Standing Committee on Justice Policy on Bill 119 Health, Trust in Digital Health Advice and Submissions Read moreExpand

Submission of the Information and Privacy Commissioner of Ontario to the Standing Committee on Justice Policy on Bill 119: The Health Information Protection Act, 2015.

Brian Beamish
Commissioner
March 3, 2016

Your Privacy and Your Health Card Trust in Digital Health Read moreExpand

Being asked for identification is something just about everyone has experienced at one time or another, for example when making a large purchase or applying for a gym membership. Most of us in Ontario have also at one time or another been asked for our health card identification when visiting the doctor or the emergency room at the hospital. However, being asked for our health card outside of the health care context is something that does not occur regularly and has raised a few questions about when it is acceptable to ask for or show a health card.

In Ontario, only individuals or institutions that provide provincially-funded health care services may require you to present your health card. A doctor’s office, hospital, walk-in clinic or medical laboratory can ask to see your health card if they are providing you with health care.

Individuals and institutions that do not provide health care themselves may ask you to provide your health card or health number as long as they make it clear that it is voluntary on your part and that the information will only be used for purposes related to the provision of health care. For example, your child’s school may ask for your child’s health card number in case of an urgent medical situation. An employer may also ask for your health card number to expedite emergency medical service.

Organizations not directly involved in the delivery of provincially-funded health care are not permitted to make note of, record, collect, or use a health number for identification purposes. However, individuals are free to volunteer their health cards as a means of identification. For example, you may voluntarily decide to provide your health card to a librarian in order for them to confirm your identity for a library card. However, while the librarian may view your health card, they are not permitted to record the health number.

While you are free to show your health card to organizations outside of the health care system, it would be prudent to consider who you are showing your health card to. Identity theft is a real and growing crime as is health card fraud. If you have any concerns that your health card number has been misused, or if you have any questions about the collection, use and disclosure of health card information, you can always contact our office.

If you would like to learn more about Ontario health cards and health numbers, we have issued an FAQ, Frequently Asked Questions: Health Cards and Health Numbers.

Updated FAQs on Health Cards and Health Numbers Trust in Digital Health Read moreExpand

Health cards are important pieces of ID, commonly requested by a variety of individuals and organizations, not just health information custodians. However, Ontarians may not be aware of their rights and responsibilities when requiring, requesting, using and disclosing this personal information.

We’ve updated our existing frequently asked questions on health cards and health numbers in order to clarify who may collect, use or disclose health numbers for health care purposes, as well as the use of health cards as a proof of identity. The revised guidance answers these questions:

  • Who may require individuals to produce their health cards?
  • Who may collect, use or disclose health numbers and under what circumstances?
  • Who may ask individuals to provide their health cards or health numbers?
  • Can health cards serve as proof of identity?
  • What should you consider before asking individuals to provide a health card or health number?

Health information custodians or members of the public who have other questions or concerns related to health cards or numbers should contact our office.

Frequently Asked Questions: Personal Health Information Protection Act Privacy, Health, Legislation, Trust in Digital Health Best Practices Read moreExpand

This revised FAQ has a new look and feel and has been rewritten with cleaner, easy to understand, gender-neutral language. Also included are a few additions to the original publication:

  • Questions on assumed implied consent and consent from children under 16.
  • Questions regarding the relationship between PHIPA and FIPPA/MFIPPA.
  • Notification requirements in the event of a breach.
  • Responsibilities with respect to accountability and openness.
  • Requirements in the event of a change of practice.
  • Emergency disclosure.
  • Obtaining health records of a deceased individual.
  • Storing, accessing and disclosing personal health information outside of Ontario.
  • Fees associated with a request to access health records.

Originally published August 2006.

Circle of Care: Sharing Personal Health Information for Health-Care Purposes Health, Trust in Digital Health Professional Guidelines Read moreExpand

This document was thoroughly reviewed and updated in August, 2015, introducing clear and easy to understand gender-neutral language.

Updated: August 2015
Detecting and Deterring Unauthorized Access to Personal Health Information Privacy, Health, Trust in Digital Health Papers, Best Practices, Professional Guidelines Read moreExpand

Unauthorized access continues to be a growing problem in the health sector in Ontario. The province’s Personal Health Information Protection Act, (PHIPA), permits health information custodians (HIC) to collect, use and disclose personal health information for the purposes of providing or assisting in the provision of health care based on implied or assumed implied consent but prohibits the collection, use and disclosure of personal health information for any other purpose without the express consent of the individual, unless permitted or required by PHIPA.

It is important that HICs and their agents recognize that the issue of unauthorized access to personal health information, regardless of motive, is significant and is taken seriously. The protection of privacy should be integral to the delivery of health care and embedded into the culture of health care organizations. Developing and implementing a comprehensive approach, incorporating a variety of measures and ensuring agents are aware of the relevant privacy policies and procedures can go a long way toward preventing unauthorized access.

The purpose of this paper is to shed light on the extent of the problem and the potential consequences for individuals, custodians and their agents, and the entire health sector, and to provide guidance to custodians on minimizing the risk of unauthorized access.

Help us improve our website. Was this page helpful?
When information is not found

Note:

  • You will not receive a direct reply. For further enquiries, please contact us at @email
  • Do not include any personal information, such as your name, social insurance number (SIN), home or business address, any case or files numbers or any personal health information.
  • For more information about this tool, please see our Privacy Policy.