Showing 15 of 654 results
| Order Numbers | Type | Collection | Adjudicators | Date Published | |
|---|---|---|---|---|---|
| PHIPA DECISION 156 | Decision - PHIPA | Health Information and Privacy | Jenny Ryu | Read moreExpand | |
The complainant made a number of requests to the custodian for records relating to her two children, who received services from the custodian. She later requested information about herself as well as about her children. The custodian issued several decisions, after which it maintained it had located and granted full access to all records responsive to the complainant’s requests. The complainant challenged the reasonableness of the custodian’s searches, including by identifying other records that she believed ought to exist. The adjudicator finds that the custodian conducted a reasonable search in accordance with its obligations under the Personal Health Information Protection Act, 2004. She dismisses the complaint. |
|||||
| PHIPA DECISION 155 | Decision - PHIPA | Health Information and Privacy | Sherry Liang | Read moreExpand | |
In this decision, the adjudicator determines that Quinte Health Care (the hospital) breached the Personal Health Information Protection Act, 2004 in permitting staff fulfilling a designated role to access personal health information not reasonably necessary to the role. The inadequacies of the hospital’s processes and policies in defining the access to patient information appropriate to this role resulted in unauthorized accesses to the complainant’s personal health information. This decision also finds that an investigation of allegations of breaches of the complainant’s privacy was conducted in a manner contrary to the hospital’s privacy policies, resulting in other unauthorized accesses. The adjudicator concludes, taking into account a second investigation, that the hospital’s response to the privacy breach was adequate. The hospital has taken steps to remedy the deficiencies in its processes and policies and no orders are necessary. |
|||||
| PHIPA DECISION 153 | Decision - PHIPA | Health Information and Privacy | Sherry Liang | Read moreExpand | |
The hospital reported three privacy breaches to the Information and Privacy Commissioner of Ontario (IPC). Despite efforts at the intake and investigation stages of the IPC’s process to obtain complete and clear information about the breaches, the IPC was not satisfied with the response of the hospital and commenced a review into the circumstances. After a review, the adjudicator concluded that the hospital failed in its duty to notify the affected patients of unauthorized uses of their personal health information, as required by the Personal Health Information Protection Act, 2004. Given the passage of time and the relatively benign circumstances of the privacy breaches, no useful purpose would be served by ordering notification at this time. |
|||||
| PHIPA DECISION 154 | Decision - PHIPA | Health Information and Privacy | Jenny Ryu | Read moreExpand | |
The complainant, an employee of the hospital, complained about the hospital’s handling of information in her file in the hospital’s Occupational Health Services (OHS) department. The complainant’s OHS file contains identifying information about her, including medical documentation that she provided to address issues such as her capacity to work, entitlement to sick pay, and workplace accommodation needs. In this decision, the adjudicator finds that the complainant’s OHS file is maintained primarily for employment purposes, not for health care purposes, and is not a record of personal health information within the meaning of the Personal Health Information Protection Act, 2004 [section 4(4)]. As a result, PHIPA does not apply to the hospital’s handling of information in the OHS file. She dismisses the complaint. |
|||||
| MC17-52 | Privacy Complaint Report | Privacy Reports | Jennifer Olijnyk | Read moreExpand | |
The Office of the Information and Privacy Commissioner of Ontario (the IPC) received a privacy complaint from the parent of a student of the Toronto District School Board (the board), objecting to the board’s use of Google’s G Suite for Education services. The complainant alleged that the board’s utilization of G Suite for Education contravened the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA or the Act). The complainant’s concerns included a failure to notify, and obtain the consent of, parents and children for the collection, use, and disclosure of students’ personal information; the use of personal information beyond the scope of what is permitted under the Act; the storage of personal information outside of Canada; inadequate security protections for the students’ personal information; and a lack of adequate deletion and retention practices for the personal information. This report concludes that the board’s collection, uses, and disclosures of the students’ personal information were in compliance with the Act, but that the board’s notice of collection was deficient. This report also concludes that the board has reasonable contractual and oversight measures in place to ensure the privacy and security of the personal information of its students. This report makes recommendations to strengthen the board’s oversight of those security measures. |
|||||
| PHIPA DECISION 152 | Decision - PHIPA | Health Information and Privacy | John Gayle | Read moreExpand | |
The Office of the Information and Privacy Commissioner of Ontario received a complaint under the Personal Health Information Protection Act, 2004 (the Act) about a public hospital (the hospital)’s redaction of its employees’ names from an audit of a patient’s health records. This led to an investigation by this office into the hospital’s practices with respect to responding to access requests for these audits. This decision concludes that the hospital’s practices were not in accordance with section 54(1) of the Act. However, in light of the steps taken by the hospital to amend these practices, this decision finds that a review of this matter is not warranted. |
|||||
| PHIPA DECISION 151 | Decision - PHIPA | Health Information and Privacy | Soha Khan | Read moreExpand | |
The office of the Information and Privacy Commissioner of Ontario received a complaint under the Personal Health Information Protection Act, 2004 (the Act) against a medical clinic (the Clinic). The complaint involved a second incident in which a physician working at the Clinic left a patient alone in a waiting room that had a computer screen displaying the physician’s schedule, which contained personal health information of 35 patients. This decision finds that the Clinic failed to take reasonable steps to ensure the protection of the personal health information against unauthorized disclosure as required by section 12(1) of the Act. I also find that the Clinic did not notify the affected patients as is required by section 12(2) of the Act. However, in light of the steps taken by the Clinic to address the privacy breach, which included notifying the affected patients, I am satisfied with the Clinic’s response to the breach and it is unnecessary for this matter to proceed to adjudication to consider potential orders. |
|||||
| PHIPA DECISION 150 | Decision - PHIPA | Health Information and Privacy | Cathy Hamilton | Read moreExpand | |
This decision deals with the issues of access to records of personal health information, and reasonable search. The access request, made to Hamilton Health Sciences, was for psychological testing data relating to the complainant. In this decision, the adjudicator finds that the records at issue are excluded from Part V of the Personal Health Information Protection Act by virtue of section 51(1)(c). The adjudicator also finds that the hospital’s search for records responsive to the request was reasonable. |
|||||
| MI18-1 | Privacy Complaint Report | Privacy Reports | John Gayle | Read moreExpand | |
The Office of the Information and Privacy Commissioner of Ontario received a privacy complaint involving the Corporation of the Village of Newbury (Newbury). The complaint was about Newbury’s installation of a video surveillance system in a park. The complainant was concerned that Newbury’s operation of the surveillance system breached the privacy of individuals under the Municipal Freedom of Information and Protection of Privacy Act (the Act). This report concludes that Newbury’s notice of collection is not in accordance with the Act. However, it finds that Newbury’s collection, use and disclosure of the personal information is in accordance with the Act. Further, it finds that there is a right of access to this information and that the Newbury has reasonable protection measures and proper retention periods in place. |
|||||
| PHIPA DECISION 149 | Decision - PHIPA | Health Information and Privacy | Jennifer James | Read moreExpand | |
A father filed a complaint to the IPC against a counselling centre’s decision to deny him access to records containing the personal health information (PHI) of his three children. In PHIPA Decision 129, the adjudicator found that the father does not have an independent right of access to his children’s PHI under Part V of PHIPA, given the children’s mother’s objection, and dismissed his complaint. The complainant sought a reconsideration of PHIPA Decision 129. In this reconsideration decision, the adjudicator finds that the complainant’s evidence failed to establish grounds for reconsideration under the claimed grounds in sections 27.01(b) and (c) of Code of Procedure for Matters under the Personal Health Information Protection Act, 2004. Accordingly, the complainant’s reconsideration request is denied. |
|||||
| PHIPA DECISION 148 | Decision - PHIPA | Health Information and Privacy | Sherry Liang | Read moreExpand | |
The complainant requested reconsideration of PHIPA Decision 144, on the basis that it contains errors of fact and jurisdictional defects. In this decision, the adjudicator partially upholds the request for reconsideration, finding that she omitted to fully address an allegation that a doctor disclosed the complainant’s personal health information to two other doctors, when it was not reasonably necessary for the provision of health care to the complainant. The adjudicator reviews this allegation and dismisses it. |
|||||
| PHIPA DECISION 147 | Decision - PHIPA | Health Information and Privacy | Lucy Costa | Read moreExpand | |
This investigation file was opened after a public hospital contacted the Office of the Information and Privacy Commissioner/Ontario to report a privacy breach under the Personal Health Information Protection Act, 2004. The hospital advised that a patient had made a complaint, which alleged the unauthorized use and disclosure of her personal health information by a named physician. In particular, this investigation related to concerns that a “quality audit” the physician was conducting resulted in referrals of motor vehicle accident patients to his wife, a personal injury lawyer. |
|||||
| PHIPA DECISION 146 | Decision - PHIPA | Health Information and Privacy | Sherry Liang | Read moreExpand | |
This reconsideration order dismisses the complainant’s request for reconsideration of PHIPA Decision 126. In that decision, the adjudicator found that the respondent is a health information custodian within the meaning of the Personal Health Information Protection Act, 2004 in relation to marriage counselling services he provided to the complainant and that he is not a health information custodian in relation to the co-parenting counselling services he provided to the complainant. The adjudicator also determined the respondent had conducted a reasonable search for records of the complainant’s personal health information. In this reconsideration decision, the adjudicator finds that the complainant has not established grounds for reconsideration under section 27.01 of the Code of Procedure for Matters under the Personal Health Information Protection Act, 2004 and denies the request. |
|||||
| PHIPA DECISION 145 | Decision - PHIPA | Health Information and Privacy | John Gayle | Read moreExpand | |
The complainant sought access to her records of personal health information from Dr. Robert Samuel Crozier (the custodian). This decision determines that the custodian is deemed to have refused the complainant’s request for access. The custodian is ordered to provide a response to the complainant in response to her request for access to records of her personal health information in accordance with the Personal Health Information Protection Act. |
|||||
| MI18-5 | Privacy Complaint Report | Privacy Reports | John Gayle | Read moreExpand | |
The Office of the Information and Privacy Commissioner of Ontario received a privacy complaint involving the City of Cambridge (the city). The complaint was about the city’s installation of a video surveillance system in its downtown core areas. The complainant was concerned that the city’s operation of the system breached the privacy of individuals under the Municipal Freedom of Information and Protection of Privacy Act (the Act). This report finds that the city has not conducted an assessment of whether the video surveillance system is necessary to achieve its objectives and recommends that it do so, to ensure compliance with the Act. In the event that the city’s assessment determines that the system is necessary and the collection of personal information is thus consistent with the Act, this report considers whether the city’s notice of collection and use and disclosure of the personal information is in accordance with the Act. It also considers whether the city provides a right of access to this information, as well as whether the city has reasonable privacy protection measures and retention periods in place. This report finds that the city’s notice of collection and use and disclosure of the personal information is in accordance with the Act. It also finds that there is a right of access to this information and that the city has reasonable protection measures and proper retention periods in place. |
|||||