Mandatory Reporting of Privacy Breaches to the Information and Privacy Commissioner now required under the Personal Health Information Act

In June 2016, the Personal Health Information Protection Act (PHIPA) was amended to require that custodians provide notice to the Information and Privacy Commissioner of Ontario if the circumstances surrounding a theft, loss or unauthorized use or disclosure met certain requirements. In June yhis year, the regulations setting out those circumstances were published and are found at section 6.3 of O. Reg 329/04. They are slated to come into force on October 1, 2017.


This content has been updated on May 2, 2024 at 14 h 54 min.