Commissioner's Blog

Dive into Commissioner Kosseim’s insightful blogs covering privacy, access, cyber safety, and beyond. Stay informed and explore the latest insights.

Guidance document available for health information custodians on reporting health privacy breaches

Starting on October 1, 2017, it will be mandatory for anyone who deals with health information to report certain privacy breaches to the Information and Privacy Commissioner (IPC).

Designed to better protect patient privacy and improve accountability and transparency in the health care system, the new amendments to the Personal Health Information Protection Act will help to ensure that health information is safe, confidential, and only accessible to patients and health information custodians (custodians) when they need it.

In order to assist custodians in understanding the new requirements, today we released a guidance document to explain the reporting criteria described in the regulation, and to assist organizations in determining when to notify my office of a privacy breach.

You can download the guidance document for Mandatory PHIPA breach reporting here.

Custodians will also be required to start tracking privacy breach statistics as of January 1, 2018, and will be required to provide the IPC with an annual report of the previous calendar year’s statistics, starting in March 2019. Further guidance on this statistical reporting requirement will be released later this fall.

Media Contact

For a quick response, kindly e-mail or phone us with details of your request such as media outlet, topic, and deadline:

Email: @email
Telephone: 416-326-3965

Contact Us

Social Media

The IPC maintains channels on LinkedIn, X (formerly Twitter), YouTube and Instagram in its efforts to communicate to Ontarians and others interested in privacy, access and related issues.

Our Social Media Policy

Help us improve our website. Was this page helpful?
When information is not found

Note:

  • You will not receive a direct reply. For further enquiries, please contact us at @email
  • Do not include any personal information, such as your name, social insurance number (SIN), home or business address, any case or files numbers or any personal health information.
  • For more information about this tool, please see our Privacy Policy.