CyberLex Insights on cybersecurity, privacy and data protection law

Category Archives: PHIPA

Subscribe to PHIPA RSS Feed

Ontario Health Privacy Changes Establish New Breach Notification Requirements

Posted in Legislation, PHIPA

The Ontario Ministry of Health and Long-Term Care intends to ensure that health information custodians (HICs) pay due attention to the personal health information they control by introducing new notification and reporting obligations. If the proposed amendments to O Reg 329/04 under the Personal Health Information Protection Act, 2004 (PHIPA) come into force,[1] notification obligations… → Read More

Health Record Snooping Nets Hefty Fine

Posted in PHIPA

In a recent case out of Goderich, Ontario a $20,000 fine, the highest of its kind in Canada, was handed out for a health privacy violation. Between September 9, 2014 and March 5, 2015, a Masters of Social Work student accessed the personal health information of 139 individuals including family, friends, and local politicians, among… → Read More

Changes to Ontario’s Health Information Privacy Law Include Breach Notification, Increased Penalties

Posted in PHIPA, Privacy

Notification to affected individuals and regulators will be required in the event of unauthorized use or disclosure of personal health information under amendments to Ontario’s health information legislation. The Ontario legislature passed Bill 119[1] in May, which amended the Personal Health Information Protection Act, 2004, c 3, Sched. A (“PHIPA”) and repealed and replaced the… → Read More

No Harm, No Fowl: Chicken Farm Inappropriate Choice for Data Disposal

Posted in PHIPA, Privacy

Here’s a piece of simple, practical advice: when you’re choosing a contractor to dispose of your organization’s personal information, go with a credentialed expert, and not a bunch of chickens. That’s a lesson that Spruce Manor Special Care Home in Saskatchewan had to learn the hard way (as surprising as that might sound). As a trustee with… → Read More

Health Minister Announces Changes Coming to PHIPA in Ontario

Posted in PHIPA, Privacy

The Ministry of Health and Long-Term Care has announced in a news release that it intends to introduce amendments to the Personal Health Information Protection Act (PHIPA) to strengthen PHIPA and protect patient privacy. We have confirmed that the intent is to reintroduce the prior Electronic Personal Health Information Protection Act (EPHIPA), which died due… → Read More

Hospital Privacy Breach Results in OSC Laying Charges

Posted in Data Breach, PHIPA, Privacy

The Ontario Securities Commission (“OSC”) has announced a series of criminal and quasi-criminal charges following an investigation related to the misuse of confidential patient information from the Rouge Valley Health System and the Scarborough Hospital. The OSC charges stem from allegations that a RESP sales representative purchased stolen maternity patient labels from a hospital nurse… → Read More

Recent Breaches Spur Renewed Focus on Strengthening Ontario’s Health Privacy Laws

Posted in Data Breach, PHIPA, Privacy, Uncategorized

According to a recent news report,  Ontario Health Minister Eric Hoskins is looking into re-introducing the Electronic Personal Health Information Act (EPHIPA) and strengthening Ontario’s Personal Health Information Act (PHIPA) following recent health-related privacy breaches. Although PHIPA was introduced over ten years ago, only one person has ever been charged under the legislation: a nurse who… → Read More