Mandatory Reporting of Privacy Breaches to the Information and Privacy Commissioner now required under the Personal Health Information Act

In June 2016, the Personal Health Information Protection Act (PHIPA) was amended to require that custodians provide notice to the Information and Privacy Commissioner of Ontario if the circumstances surrounding a theft, loss or unauthorized use or disclosure met certain requirements. In June yhis year, the regulations setting out those circumstances were published and are found at section 6.3 of O. Reg 329/04. They are slated to come into force on October 1, 2017.

My colleague Roberto Ghignone published a short piece which outline the sometimes overlapping circumstances in which notification to the Privacy Commissioner of Ontario is required. He explains that overall, notification to the Commissioner will be required in almost all cases in which a patient has received a notice under section 12 of PHIPA.

To read the bulletin on this topic, click here.

This content has been updated on September 8, 2017 at 14 h 22 min.