IPC was in Windsor today and shared some interesting new information

The Information and Privacy Commissioner of Ontario spoke today in Windsor.  It’s always good to read the presentations of the IPC’s road shows.  You get the latest information and updates right from the source!

If you don’t have time to read to the end – I’ll start with the breaking news:

New Snooping Prosecution – October 2017

There has been a new PHIPA snooping prosecution. An administrative support clerk in an emergency department of a hospital illegally accessed health records of 44 individuals including in some cases printing their information. The person pled guilty and was fined $10,000.

This brings us to 5 successful prosecutions under PHIPA:

  • 2016– Two radiation therapists at a Toronto Hospital
  • 2016 – A registration clerk at a regional hospital
  • 2017 – A social worker at a family health team
  • 2017– An administrative support clerk at a Toronto hospital

PHIPA presentation

The presentation in Windsor included a specific presentation delivered about PHIPA updates which discussed:

  • Email: How to communicate PHI by email communications – Fact Sheet September 2016
  • Abandoned Records:
  • Fees
  • Bill 119 – and the provincial HER
  • Breach notifications
  • 5 successful prosecutions under PHIPA

New Fact Sheets and Guidelines:

Back to the IPC’s presentation, the following guidelines were highlighted:

  • Reasonable search – April 2017
  • Frivolous and Vexatious Requests – August 2017
  • Instant Messaging and Personal Email Accounts – June 2016
  • Mandatory PHIPA Breach Reporting – September 2017
  • Annual reporting guidelines for PHIPA Privacy Breach Statistics – November 2017
  • Big data guidelines – May 2017
  • De-identification guidelines – June 2016

PHIPA complaints

There were 537 PHIPA complaints to the IPC in 2016 – that’s up from 269 in 2006.

There have been 271 reported privacy breaches in 2017

  • 43 were snooping
  • 8 were ransomware/cyber attacks
  • Others were lost or stolen PHI, misdirected information, records not properly secured and general collection, use and disclosure complaints