News Releases

Rouge Valley Health System Failed to Protect Patient Health Information

December 16, 2014
Download PDF

A review by the Information and Privacy Commissioner of Ontario (IPC) of two significant privacy breaches involving the sale of new mothers’ personal health information for financial gain has determined that Rouge Valley Health System (hospital) failed to put in place reasonable technical and administrative safeguards to protect patient information.

In  Order HO-013, issued today, Acting Commissioner Brian Beamish found the hospital was not in compliance with its obligations under the Personal Health Information Protection Act, (PHIPA) and ordered the hospital to implement changes to its electronic information systems, revise its privacy and audit policies, as well as deliver privacy training to all staff.

Topics

Media Contact

For a quick response, kindly e-mail or phone us with details of your request such as media outlet, topic, and deadline:

Email: @email
Telephone: 416-326-3965

Contact Us

Social Media

The IPC maintains channels on LinkedIn, X (formerly Twitter), YouTube and Instagram in its efforts to communicate to Ontarians and others interested in privacy, access and related issues.

Our Social Media Policy

Help us improve our website. Was this page helpful?

Note:

  • You will not receive a direct reply. For further enquiries, please contact us at @email
  • Do not include any personal information, such as your name, social insurance number (SIN), home or business address, any case or files numbers or any personal health information.
  • For more information about this tool, please see our Privacy Policy.