This presentation provides a high-level overview of the obligations of hospitals as institutions under FIPPA and health information custodians under PHIPA. Additionally, the presentation includes a summary of some of the best practices for boards that can be found in PHIPA decisions and the Manual for the Review and Approval of Prescribed Persons and Prescribed Entities. The presentation concludes with suggestions for the types of updates boards should be receiving and questions they should be asking related to trends in cybersecurity and artificial intelligence.