I’m Kate Dewhirst.

I’m a lawyer who writes about legal issues affecting healthcare in Canada

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

Health Privacy Update – July 2017

Posted by

Mandatory reporting by health information custodians in Ontario to the IPC will now come into effect October 1, 2017

The new regulations requiring the mandatory reporting of privacy breaches to the Information and Privacy Commissioner of Ontario will come into effect October 1st (not July 1st as we originally expected).

The link to the new regulation is here.

October 1, 2017 – What You Have to Report to the IPC

So, as of October 1st you will now have to report the following to the IPC:

  1. The health information custodian has reasonable grounds to believe that personal health information in the custodian’s custody or control was used or disclosed without authority by a person who knew or ought to have known that they were using or disclosing the information without authority.
  2. The health information custodian has reasonable grounds to believe that personal health information in the custodian’s custody or control was stolen.
  3. The health information custodian has reasonable grounds to believe that, after an initial loss or unauthorized use or disclosure of personal health information in the custodian’s custody or control, the personal health information was or will be further used or disclosed without authority.
  4. The loss or unauthorized use or disclosure of personal health information is part of a pattern of similar losses or unauthorized uses or disclosures of personal health information in the custody or control of the health information custodian.
  5. The health information custodian is required to give notice to a College of an event described in section 17.1 of the Act that relates to a loss or unauthorized use or disclosure of personal health information.
  6. The health information custodian would be required to give notice to a College, if an agent of the health information custodian were a member of the College, of an event described in section 17.1 of the Act that relates to a loss or unauthorized use or disclosure of personal health information.
  7. The health information custodian determines that the loss or unauthorized use or disclosure of personal health information is significant after considering all relevant circumstances, including the following:
    1. Whether the personal health information that was lost or used or disclosed without authority is sensitive.
    2. Whether the loss or unauthorized use or disclosure involved a large volume of personal health information.
    3. Whether the loss or unauthorized use or disclosure involved many individuals’ personal health information.
    4. Whether more than one health information custodian or agent was responsible for the loss or unauthorized use or disclosure of the personal health information.

And then, as of March 1st 2019, you will also have to complete an annual report to the IPC with the following:

  1. Personal health information in the custodian’s custody or control was stolen.
  2. Personal health information in the custodian’s custody or control was lost.
  3. Personal health information in the custodian’s custody or control was used without authority.
  4. Personal health information in the custodian’s custody or control was disclosed without authority.

Update October 2017: The IPC has now issued the format for the report. Can be completed online.


If you enjoyed this article please share it:


Previous and next posts from Kate:

Some of Kate’s recent and upcoming events

Team Privacy Training Events
October 16, October 24 and November 21

For Primary Care clinics, Children’s Aid and FHTs

Kate trains health professionals from many more primary care organizations how being privacy-respectful can improve therapeutic relationships. More details...

Speaking event October 23, 2019

Osgoode Professional Development – Mental health Certificate

Kate joins the faculty for this training event. More details...

Primary care webinars: Managing Incapacity & Consent to Treatment

Part of Kate’s monthly webinar series.

Our October webinar is about managing incapacity, and the November title is Consent to Treatment.
Full details of the 2020 webinar series and registration here.

Advanced Privacy Officer training
December 10, 2019

For experienced Privacy Officers within healthcare organisations.

This one day training course focuses on how to handle difficult privacy situations using real-life (but anonymized) case studies and role-play. Full details and registration here...

Privacy Officer training
January 20 & 27 and February 3,10 & 18, 2020

Kate is the program chair for the Osgoode Certificate in Privacy in Healthcare.

This program explores the range of privacy interests that must be protected in the day-to-day treatment of patients, the development of information systems and the creation of institutional policies. More details...

Free healthcare privacy webinar - ask me anything!
October 2, November 6 and December 4

Free webinars - advance registration needed

Whether you're an experienced privacy officer or new in the field, pick Kate’s brain for free for an hour, in this live webinar. No charge, but you’ll need to register in advance.

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets

Webinar recording available! Topics covered: - Health privacy law update - When do children make their own informat… https://t.co/VSlNzPyXiy

about 22 hours ago

The main message: A doctor (or any other health information custodian) should never ignore a patient’s access reque… https://t.co/HW8mrFymnC

08:01 AM Oct 13th

What happens when someone asks for access to recordings? It depends. Here’s a story about what might happen.… https://t.co/kRnDh5IOo2

08:01 AM Oct 12th

contact details

901 King Street West Suite 400 East Tower
Toronto Ontario M5V 3H5

(416) 855 9557

.