Category: Privacy

Cyber Risk Management – What’s a Privacy Officer to Do?

Have you seen this tool from HIROC – the Health Insurance Reciprocal of Canada? Cyber-Guide If you are a Privacy Officer in healthcare – you should read this tool.  It’s great. It’s brand new – November 2017. You may have a vague understanding of words like “ransomware” and “phishing” and “social engineering“.  And maybe you… Read more »

New guidelines from IPC require Ontario’s healthcare organizations to start tracking privacy breaches in January 2018

The Information and Privacy Commissioner of Ontario released new guidelines that will come into effect March 2019 but require healthcare organizations to start tracking certain kinds of privacy breaches as of January 2018. Click here for the Annual Reporting of Privacy Breach Statistics to the Commissioner guidelines. Starting January 1st, Ontario’s healthcare organizations (all those who… Read more »

Health Privacy Update #2 – October 2017 – 2 new decisions of the IPC

Last week the IPC issued two new decisions for health care organizations in Ontario. The first one has practical impact on group practices like family health teams. Group practices should proactively clarify who is the health information custodian  Decision 50 – This one will interest all family health teams and other group practices. It relates to… Read more »

Health Privacy Update – September 2017 – 2 new IPC guidance documents for health care organizations

The Information and Privacy Commissioner of Ontario just released a new practice guideline last week to assist health care organizations to better understand their upcoming new obligations to report privacy breaches to the IPC. Here is the document: health-privacy-breach-notification-guidelines Those new obligations come into effect on October 1st. A few weeks ago, the IPC released another practice direction related to  Frivolous and… Read more »

Health Privacy Update #2 – August 2017 – Precedent setting new case Decision 49

The Information and Privacy Commissioner of Ontario just released two more decisions all health care providers in Ontario should read. Decision 48: A hospital received a request for access to records. The hospital provided the complainant with a full copy of his health records but the complainant believed there should be additional records (specifically letters from… Read more »

What does a Privacy Officer do in a health care organization?

I train Privacy Officers to understand their role. So, what does a Privacy Officer do for a health care organization? In Ontario, every health care organization must have a “contact person” to do the following five tasks: Facilitate compliance with the health privacy law, PHIPA Ensure that everyone who works for the organization is informed… Read more »