Decisions

Affichage de 15 sur 573 résultats

Order Numbers Type Collection Adjudicators Date Published
PHIPA DECISION 207 Decision Health Information and Privacy Valerie Jepson En savoir plusExpand

In this decision the adjudicator finds that the complainant has established that the clinic has a duty to correct his records of personal health information and orders the clinic to do so by striking out the incorrect statements that the clinic had “saved images for future reference.” The complainant established under section 55(8) that the records are inaccurate for the purposes for which the clinic uses the information because the images were not saved, thereby undermining the very purpose for which the clinic included the statements in the records – to document the availability of the images for future reference.

PHIPA DECISION 206 Decision Health Information and Privacy Catherine Corban En savoir plusExpand

The complainant requested, under section 55(1) of the Personal Health Information Protection Act, 2004 (PHIPA), that her former family physician (the physician) make corrections to a record of her personal health information, a progress note. The physician denied the correction request stating that the conditions necessary to require a correction in PHIPA had not been met. He also relied on the exception to that duty which permits him to refuse to correct professional opinions or observations made in good faith. In this decision, the adjudicator upholds the physician’s refusal to correct the progress note, finding that the exception to the duty to correct, at section 55(9) of PHIPA, applies to the personal health information at issue. She dismisses the complaint.

PHIPA DECISION 205 Decision Health Information and Privacy John Gayle En savoir plusExpand

Two health service provider organizations, one a health information custodian (the Custodian), and the other an organization contracted to deliver health care services on behalf of the Custodian (the Agent), both reported the same privacy breach under the Personal Health Information Protection Act, 2004 (the Act) to the Information and Privacy Commissioner of Ontario (IPC). The breach involved a phishing email attack that resulted in the unauthorized use of personal health information relating to the Custodian’s patients. However, in light of the steps taken by the Custodian and the Agent to address the breach, as well as the Agent’s commitment to providing the IPC with an update before or by March 31, 2024 to confirm that the outstanding recommendations arising from the independent cybersecurity risk assessment that it undertook have been implemented, no formal review of the two complaints will be conducted under Part VI of the Act.

PHIPA DECISION 204 Decision Health Information and Privacy John Gayle En savoir plusExpand

A public hospital (the hospital) reported three separate privacy breaches under the Personal Health Information Protection Act, 2004 (the Act) to the Information and Privacy Commissioner of Ontario. Each breach involved unauthorized access to patients’ personal health information by an employee of the hospital. In light of the steps taken by the hospital to address the breaches, no formal review of this matter will be conducted under Part VI of the Act.

PHIPA DECISION 203 Decision Health Information and Privacy Jennifer James En savoir plusExpand

The complainant made a request under the Personal Health Information Protection Act to the custodian seeking copies of records containing her personal health information. In her complaint to the IPC, the complainant takes the position that the custodian deleted emails that would have been responsive to her request and asks the IPC to conduct an audit of the custodian’s computer so that the emails may be recovered and provided to her. The complainant raised the same allegation in a complaint to the College of Psychologists (the college), of which the custodian is a member.

In this decision, the adjudicator finds that no review of the complaint is warranted given that the college proceedings appropriately dealt with the subject matter of the complaint before the IPC. The adjudicator exercises her discretion under section 57(4)(b) of PHIPA not to review the complaint.

CYFSA Decision 7 Decision Child, Youth, and Family Information and Privacy Catherine Corban En savoir plusExpand

The complainant sought access under the Child, Youth and Family Services Act, 2017 (the Act) for his family’s entire case file with the York Region Children’s Aid Society (the society). The society granted access, in part, denying access to the name of an individual pursuant to the exemption at section 312(1)(d)(ii) of the Act (identification of an individual required by law to provide information to a service provider). The complainant filed a complaint with the Information and Privacy Commissioner of Ontario (IPC), asking the IPC to review the society’s decision to withhold the individual’s name.

In this decision, the adjudicator finds that the exemption at section 312(1)(d)(ii) applies to the name withheld from the record and upholds the society’s decision not to provide it to the complainant.

PHIPA DECISION 202 Decision Health Information and Privacy Lucy Costa En savoir plusExpand

During the course of working with this office on a privacy breach file, a Health Centre notified the Information and Privacy Commissioner of Ontario that additional possible unauthorized accesses by a number of employees had been discovered. This file was opened to address the additional unauthorized accesses and the systemic issues related to the breaches.

The Health Centre ultimately determined 28 of those accesses to be breaches of the Act. This decision concludes that at the time of the breaches the Health Centre had inconsistencies regarding staff requirements to sign confidentiality and EMR authorized user agreements, there was an inadequate privacy notice on the Health Centre’s EMR system, and a formal privacy breach policy was not in place. As such, this Decision finds that at the time of the breaches, the Health Centre had not taken reasonable steps to protect the personal health information within the meaning of section 12(1) of the Act. However, this decision also finds that the Health Centre has since remedied these issues.

This decision also finds that the Health Centre did not provide the patients affected by this breach the notification required by section 12(2) of the Act. Specifically, the Health Centre did not provide notice of the breach “at the first reasonable opportunity.”

Lastly, I decide that no review of this matter is warranted.

PHIPA DECISION 200 Decision Health Information and Privacy Valerie Jepson En savoir plusExpand

The complainant requested from St. Joseph’s Healthcare Hamilton (the hospital) access to a complete copy of his file for a specified time period. The hospital initially denied the request in full, relying on sections 52(1)(e)(i) (harm to the requester or others) and 52(1)(e)(iii) (confidential source) of PHIPA. During the IPC review of the complaint, the hospital agreed to provide the complainant with most of the information at issue. However, it continued to withhold portions under section 52(1)(e)(iii) (confidential source). In this decision, the adjudicator upholds the hospital’s claim that the section 52(1)(e)(iii) exemption applies to the remaining information and dismisses the complaint.

PHIPA DECISION 201 Decision Health Information and Privacy Jennifer James En savoir plusExpand

This reconsideration decision addresses the complainant’s request to reconsider PHIPA Decision 141, in which the adjudicator found that the hospital conducted a reasonable search for responsive records.
The complainant sought a reconsideration of PHIPA Decision 141 and made an allegation of bias against the adjudicator. In this reconsideration decision, the adjudicator finds that the allegation of bias is not established and that the reconsideration request fails to establish any ground for reconsideration under section 27.01 of the Code of Procedure for Matters under the Personal Health Information Protection Act, 2004. The reconsideration request is denied.

PHIPA DECISION 199 Decision Health Information and Privacy Catherine Corban En savoir plusExpand

This decision addresses a request under the Personal Health Information and Protection of Privacy Act (PHIPA) made to the Queensway Carleton Hospital (the hospital) for the personal health information of a patient, the complainant’s son. The request was for the complainant’s son’s entire file while on a particular ward and correspondence about him exchanged between any and all employees at the hospital. The hospital granted partial access to the information, denying access to portions of the records under both PHIPA and the Freedom of Information and Protection of Privacy Act (FIPPA). The hospital claimed the exemptions at section 52(1)(a) of PHIPA (legal privilege) and sections 13(1) (advice and recommendations) and 21(1) (personal privacy) of FIPPA. In addition to objecting to the denial of access to portions of the records, the complainant took issue with the reasonableness of the hospital’s search for responsive records.

In this decision, the adjudicator partially upholds the hospital’s decision. She finds that section 52(1)(a) of PHIPA applies to the information for which it was claimed. She also finds that some of the information is exempt from disclosure under section 52(1)(f) of PHIPA (flow-through to FIPPA), because section 49(a) of FIPPA (discretion to refuse a requester’s own personal information), read with section 13(1) of FIPPA, applies to some of the information at issue. The adjudicator orders the hospital to provide the non-exempt information to the complainant. She also finds the hospital’s search for records deficient and orders it to conduct an additional search for records.

PHIPA DECISION 197 Decision Health Information and Privacy Catherine Corban En savoir plusExpand

Under the Personal Health Information Protection of Privacy Act, 2004 (PHIPA) the complainant submitted a correction request to the William Osler Health System – Peel Memorial Centre (the custodian) requesting that notes made in her medical record indicating that she had a specified medical condition be struck from her record. The custodian denied the complainant’s request on the basis of section 55(9)(b) of PHIPA which sets out an exception to a custodian’s duty to correct at section 55(8) of PHIPA provided that the information consists of professional opinions or observations made in good faith. In this decision, the adjudicator upholds the custodian’s refusal to correct the personal health information in the record under section 55(8) of PHIPA because the exception at section 55(9)(b) applies. She dismisses the complaint.

PHIPA DECISION 198 Decision Health Information and Privacy Stella Ball En savoir plusExpand

The complainant alleged that the physician disclosed more of his personal health information than necessary to the Workplace Safety and Insurance Board, in contravention of the Personal Health Information Protection Act (PHIPA). In this decision, the adjudicator finds that the discretionary disclosure provision at section 43(1)(h) (disclosure permitted or required by law) authorized the physician to disclose the complainant’s personal health information to the WSIB pursuant to the requirement at section 37(1) of the Workplace Safety and Insurance Act, 1997. She also finds that the data minimization principle at section 30 of PHIPA does not apply, by virtue of section 30(3) of PHIPA, and she dismisses the complaint.

PHIPA Decision 196 Decision Health Information and Privacy Jennifer James En savoir plusExpand

The complainant submitted a correction request under the Personal Health Information Protection Act to the hospital to correct his medical history information found in his electronic medical record. The hospital denied the complainant’s request citing sections 55(8) and 55(9). In PHIPA Decision 186 the adjudicator found that the complainant did not demonstrate that the information in the record was incomplete or incorrect for the purpose the hospital uses the information as required under section 55(8). As a result, the hospital’s decision to not make the requested corrections was upheld and the complaint was dismissed.

PHIPA DECISION 195 Decision Health Information and Privacy Jennifer James En savoir plusExpand

The complainant submitted a correction request under the Personal Health Information Protection of Privacy Act to a physician requesting the removal of notations related to the status of her mental health. The physician denied the complainant’s request citing sections 55(8) and 55(9)(b). The adjudicator finds that the complainant did not demonstrate that the information in the record was incomplete or incorrect for the purpose the physician uses the information under section 55(8). As a result, the custodian’s decision to not make the requested correction is upheld.

PHIPA DECISION 194 Decision Health Information and Privacy Catherine Corban En savoir plusExpand

An individual submitted a request under the Personal Health Information Protection Act (PHIPA or the Act) to the Region of Peel (the custodian) for access to an investigation report (the report) resulting from his complaint to the Professional Standards Department of Peel Regional Paramedic Services, a division of the Region of Peel. The custodian denied access to the report on the basis that it is exempt from disclosure under sections 52(1)(c) (for use in a proceeding) and 52(1)(d) (for an investigation authorized by law) of PHIPA. The custodian also claimed that the report was excluded from the scope of MFIPPA as a result of the application of the exclusion at section 52(3) (records related to labour relations and employment-related matters) of that act. In this decision, the adjudicator finds that access to the report is governed by PHIPA, not MFIPPA and that neither of the exemptions at sections 52(1)(c) and (d) of PHIPA apply. She orders the custodian to provide the report to the complainant.

Aidez-nous à améliorer notre site web. Cette page a-t-elle été utile?
Lorsque l'information n'est pas trouvée

Note:

  • Vous ne recevrez pas de réponse directe. Pour toute autre question, veuillez nous contacter à l'adresse suivante : @email
  • N'indiquez aucune information personnelle, telle que votre nom, votre numéro d'assurance sociale (NAS), votre adresse personnelle ou professionnelle, tout numéro de dossier ou d'affaire ou toute information personnelle relative à votre santé.
  • Pour plus d'informations sur cet outil, veuillez consulter notre politique de confidentialité.