Decisions

Affichage de 15 sur 573 résultats

Order Numbers Type Collection Adjudicators Date Published
PHIPA DECISION 216 Decision Health Information and Privacy Cathy Hamilton En savoir plusExpand

The issue in this complaint is whether information withheld under the Personal Health Information Protection Act, 2004 (the Act) and the Freedom of Information and Protection of Privacy Act (FIPPA) by Waypoint Centre for Mental Health Care (Waypoint) in response to an access request is upheld. The access request was for a copy of the requester’s health records, including any records relating to ethics reviews of the requester’s time spent confined or in seclusion at Waypoint. Waypoint denied access to portions of these records, claiming the application of section 52(1)(f)(ii)(A) of the Act, allowing it to withhold information under the exemption in section 49(a) FIPPA, read with the discretionary solicitor-client privilege exemption in section 19 of FIPPA. In this decision, the adjudicator finds that the records are “dedicated primarily” to the complainant’s personal health information within the meaning of section 52(3) of the Act. She also finds that the withheld portions of the records are exempt under section 49(a) of FIPPA, read with the solicitor-client exemption in section 19 of FIPPA. She upholds Waypoint’s exercise of discretion under sections 49(a) and 19 of FIPPA, and dismisses the complaint.

PHIPA DECISION 215 Decision Health Information and Privacy Catherine Corban En savoir plusExpand

This reconsideration decision addresses the complainant’s request for reconsideration of PHIPA Decision 206. In that decision, the adjudicator upheld a physician’s refusal to make corrections to the complainant’s medical record based on section 55(9)(b) (professional opinion or observations made in good faith). In this reconsideration decision, the adjudicator finds that the reconsideration request failed to establish any ground for reconsideration of PHIPA Decision 206 under section 27.01 of the Code of Procedure for Matters under the Personal Health Information Protection Act, 2004. The reconsideration request is denied.

PHIPA DECISION 214 Decision Health Information and Privacy Valerie Silva En savoir plusExpand

The complainant made an access request to a health information custodian under the Personal Health Information Protection Act (the Act) for his entire patient file. After reviewing the records provided by the custodian, he made a complaint to the IPC on the basis that further responsive records exist, raising the issue of reasonable search. In this decision, the adjudicator finds that the complainant has established that further records may exist and that the custodian did not provide sufficient evidence that the search for records was reasonable. She orders the custodian to conduct a further search for responsive records and to provide a written explanation to the complainant regarding the results of the search.

PHIPA DECISION 213 Decision Health Information and Privacy Jenny Ryu En savoir plusExpand

This complaint concerns allegations that the respondent Sinai Health System (the hospital) and an affected person (a doctor who had privileges at the hospital at the relevant times) used and disclosed the complainant’s personal health information in violation of her withdrawal of consent following her allegations of sexual assault by the doctor, and her request that the doctor no longer be involved in her health care. The incidents at issue involve the hospital’s and doctor’s disclosures of the complainant’s personal health information to the doctor’s lawyer and to the College of Physicians and Surgeons of Ontario, for purposes related to proceedings involving the doctor arising from allegations about his conduct. They also include the doctor’s uses and a disclosure of her personal health information for health care purposes.

In this decision, the adjudicator finds that the hospital’s and doctor’s disclosures to the doctor’s lawyer and to the College, made for the purposes of existing or reasonably contemplated proceedings involving the doctor, were authorized by PHIPA to be made without consent.

However, the adjudicator finds that other uses and one disclosure of the complainant’s personal health information, made for health care purposes, were made in violation of PHIPA. In the circumstances, the complainant’s report of sexual assault and her request that the doctor no longer be involved in her health care was an express withdrawal of her consent to the doctor’s use and disclosure of her personal health information for health care purposes. Her statements also amounted to an express instruction against these uses and disclosure of her personal health information for health care purposes without her consent. By failing to recognize and implement the complainant’s express withdrawal of consent to, and her express instruction against, these uses and disclosure, the hospital allowed the doctor to continue to use and disclose the complainant’s personal health information for health care purposes contrary to her wishes, and in violation of PHIPA.

During the course of the complaint, the hospital acknowledged and implemented the complainant’s withdrawal of consent with respect to her personal health information. To address the broader issues raised by the complaint, the adjudicator orders the hospital to amend its information practices to clarify an individual’s right to withhold or withdraw consent to the collection, use, and disclosure of her personal health information, and to make express instructions with respect to the uses and disclosures of that information for certain purposes without consent. These amendments should make clear that an individual will not always employ specific terminology in PHIPA to communicate a withholding or withdrawal of consent or an express instruction with respect to her personal health information.

PHIPA DECISION 212 Decision Health Information and Privacy Catherine Corban En savoir plusExpand

This decision relates to a request made under PHIPA to Midland Gardens Care Community (the custodian) for access to video surveillance footage of an incident involving the complainant. The custodian refused access to the video, in its entirety.

In this decision, the adjudicator does not uphold the custodian’s decision and she orders it to disclose to the complainant the portions of the video that contain their personal health information that can reasonably be severed from the video. To reach this conclusion, the adjudicator determined that the personal health information of the complainant is not subject to either of the exemptions claimed by the custodian [sections 52(1)(b) (another act prohibits disclosure) and 52(1)(e)(i) (risk of serious harm)].

MO-4403 Order Access to Information Orders Jessica Kowalski En savoir plusExpand

The appellant made a request to the Kingston Police Services Board (the police) for access to high-level information about homicides involving intimate partners cleared by the police between 2015 and 2020. The police created a list containing the requested information, but denied access to it on the basis of the mandatory personal privacy exemption in section 14(1) of the Municipal Freedom of Information and Protection of Privacy Act. The appellant raised the application of the public interest override in section 16. In this order, the adjudicator finds that disclosure of the record would not constitute an unjustified invasion of personal privacy because it is desirable for subjecting the police to public scrutiny, and that the record is therefore not exempt under section 14(1). The adjudicator also finds that, even if the record were exempt, the public interest override would require its disclosure, and orders the police to disclose the record to the appellant.

PO-4411-F Order - Final Access to Information Orders Jessica Kowalski En savoir plusExpand

The appellant made a request to the Ministry of the Solicitor General (the ministry) for access to high-level information about homicides involving intimate partners cleared by the Ontario Provincial Police (OPP) between 2015 and 2020. The ministry denied access to a chart containing the requested information prepared by the OPP on the basis of the mandatory personal privacy exemption in section 21(1) of the Act. The appellant raised the application of the public interest override in section 23. In this order, the adjudicator finds that disclosure of the information at issue would not constitute an unjustified invasion of personal privacy because it is desirable for subjecting the OPP to public scrutiny, and that the record is therefore not exempt under section 21(1). The adjudicator also finds that, even if the information were exempt, the public interest override would require its disclosure, and orders the ministry to disclose it to the appellant.

MO-4402 Order Access to Information Orders Anna Truong En savoir plusExpand

The London Police Services Board (the police) received a request under the Act for access to information about the appellant. The police issued a decision denying access in full to the responsive record under section 38(a) read with section 8(1)(g) of the Act. The appellant appealed the police’s access decision to the IPC and also raised reasonable search as an issue. In this order, the adjudicator upholds the police’s access decision, finds that the police conducted a reasonable search, and dismisses the appeal.

PHIPA DECISION 211 Decision Health Information and Privacy Jenny Ryu En savoir plusExpand

A complainant requested that a public hospital make his requested changes to certain hospital records concerning him, and to circulate those changes (or, in the alternative, a statement of his disagreement with the contents of the original records) to a list of individuals or groups within the hospital. The hospital refused his requests, including on the basis he had not established the duty to correct in section 55(8) of the Personal Health Information Protection Act, 2004 (PHIPA), and that the information at issue falls within the exception to the duty to correct for professional opinions or observations made in good faith (section 55(9)(b) of PHIPA). The hospital also refused to circulate his statement of disagreement to named hospital agents on the basis there is no duty in PHIPA to do so. In addition to his complaint to the IPC about the hospital’s decisions, the complainant challenged the constitutionality of the hospital’s actions in a Notice of Constitutional Question served on the IPC and on the Attorneys-General of Ontario and Canada.

In this decision, the adjudicator determines there are no reasonable grounds to review the complaint under PHIPA. She accordingly exercises her discretion under sections 57(3) and (4) not to conduct a review, and dismisses the complaint.

PHIPA DECISION 210 Decision Health Information and Privacy Jennifer Olijnyk En savoir plusExpand

Un hôpital public a informé le Bureau du commissaire à l’information et à la protection de la vie privée (le « CIPVP ») d’une atteinte à la vie privée en contravention de la Loi de 2004 sur la protection des renseignements personnels sur la santé (la « Loi ») à la suite d’une cyberattaque. Le CIPVP a ouvert un dossier sur cette atteinte à la vie privée, et a reçu par la suite quatre plaintes de la part de personnes concernées. Au cours de la cyberattaque, l’auteur de menace a accédé à de nombreux systèmes de l’hôpital, se livrant à une attaque par rafale de mots de passe, ce qui a compromis un compte privilégié. L’hôpital a aussitôt désactivé les comptes touchés et rectifié le problème de pare-feu que l’auteur de menace avait exploité. Il a constaté que ce dernier avait exfiltré de grandes quantités de renseignements, sans pouvoir déterminer exactement de quelles données il s’agissait. L’hôpital a établi les types de renseignements personnels sur la santé qui avaient peut-être été exfiltrés, et estimé le nombre de patients touchés. Il a donné un avis public de l’atteinte à la vie privée et convenu de poursuivre sa surveillance du Web caché pendant deux ans pour déceler toute activité liée à cet incident.

L’hôpital a fourni au CIPVP ses nombreuses lignes directrices en place pour assurer la sécurité de l’information, lesquelles ont toutes été révisées après la cyberattaque. Ces lignes directrices portaient notamment sur la force des mots de passe, les limites imposées aux privilèges attribués à certains comptes et le pare-feu. L’hôpital a également fourni au CIPVP un protocole en cas d’atteinte à la vie privée attribuable aux incidents de cybersécurité mis en place après l’incident. Compte tenu des mesures que l’hôpital a prises pour rectifier la situation et des lignes directrices en vigueur, j’ai conclu qu’il n’est pas nécessaire de procéder à un examen de cette affaire en vertu de la partie VI de la Loi.

PHIPA DECISION 210 Decision Health Information and Privacy Jennifer Olijnyk En savoir plusExpand

Un hôpital public a informé le Bureau du commissaire à l’information et à la protection de la vie privée (le « CIPVP ») d’une atteinte à la vie privée en contravention de la Loi de 2004 sur la protection des renseignements personnels sur la santé (la « Loi ») à la suite d’une cyberattaque. Le CIPVP a ouvert un dossier sur cette atteinte à la vie privée, et a reçu par la suite quatre plaintes de la part de personnes concernées. Au cours de la cyberattaque, l’auteur de menace a accédé à de nombreux systèmes de l’hôpital, se livrant à une attaque par rafale de mots de passe, ce qui a compromis un compte privilégié. L’hôpital a aussitôt désactivé les comptes touchés et rectifié le problème de pare-feu que l’auteur de menace avait exploité. Il a constaté que ce dernier avait exfiltré de grandes quantités de renseignements, sans pouvoir déterminer exactement de quelles données il s’agissait. L’hôpital a établi les types de renseignements personnels sur la santé qui avaient peut-être été exfiltrés, et estimé le nombre de patients touchés. Il a donné un avis public de l’atteinte à la vie privée et convenu de poursuivre sa surveillance du Web caché pendant deux ans pour déceler toute activité liée à cet incident.

L’hôpital a fourni au CIPVP ses nombreuses lignes directrices en place pour assurer la sécurité de l’information, lesquelles ont toutes été révisées après la cyberattaque. Ces lignes directrices portaient notamment sur la force des mots de passe, les limites imposées aux privilèges attribués à certains comptes et le pare-feu. L’hôpital a également fourni au CIPVP un protocole en cas d’atteinte à la vie privée attribuable aux incidents de cybersécurité mis en place après l’incident. Compte tenu des mesures que l’hôpital a prises pour rectifier la situation et des lignes directrices en vigueur, j’ai conclu qu’il n’est pas nécessaire de procéder à un examen de cette affaire en vertu de la partie VI de la Loi.

PHIPA DECISION 209 Decision - PHIPA Health Information and Privacy Stella Ball En savoir plusExpand

The complainant sought a review of a hospital’s decision to refuse her request, under the Personal Health Information Protection Act, to correct her records of personal health information that referred to her suffering from mental illness. The hospital refused the correction request under the section 55(9)(b) (professional opinions or observations made in good faith) exception to the duty to correct in section 55(8) of the Act.
In this decision, the adjudicator exercises her discretion, under sections 57(3) and 57(4)(a) of the Act, not to conduct a review of the complaint because there are no reasonable grounds to do so and the hospital has responded adequately to the complaint.

CYFSA DECISION 9 Decision Child, Youth, and Family Information and Privacy Soha Khan En savoir plusExpand

The complainant through her legal representative submitted an access request to Weechi-it-te-win Family Services (the service provider). This order determines that the service provider is deemed to have refused the complainant’s request for access. The service provider is ordered to provide a response to the complainant regarding their request for access to records of personal information in accordance with the Child, Youth and Family Services Act, 2017 and without a recourse to a time extension.

PHIPA DECISION 208 Decision Health Information and Privacy Cathy Hamilton En savoir plusExpand

This complaint deals with an access decision made by the Kristus Darzs Latvian Home (the custodian) in response to a request made by an Estate Trustee for all records relating to her deceased father who had been a resident at the custodian’s facility. The custodian granted access to all records, with the exception of a number of emails for which it claimed the application of the exemption in section 52(1)(e)(iii) of the Personal Health Information Protection Act (the Act). In this decision, the adjudicator finds that the emails are “dedicated primarily” to the deceased’s personal health information within the meaning of section 52(3) of the Act. She also finds that these emails are exempt from disclosure under section 52(1)(e)(iii) of the Act Consequently, under section 61(1) of the Act, the adjudicator makes no order. The complaint is dismissed.

CYFSA DECISION 8 Decision Child, Youth, and Family Information and Privacy Catherine Corban En savoir plusExpand

In this decision, the adjudicator orders Weechi-it-te win Family Services to produce the records at issue in the complaint to the Information and Privacy Commissioner of Ontario.

Aidez-nous à améliorer notre site web. Cette page a-t-elle été utile?
Lorsque l'information n'est pas trouvée

Note:

  • Vous ne recevrez pas de réponse directe. Pour toute autre question, veuillez nous contacter à l'adresse suivante : @email
  • N'indiquez aucune information personnelle, telle que votre nom, votre numéro d'assurance sociale (NAS), votre adresse personnelle ou professionnelle, tout numéro de dossier ou d'affaire ou toute information personnelle relative à votre santé.
  • Pour plus d'informations sur cet outil, veuillez consulter notre politique de confidentialité.