I’m Kate Dewhirst.

I’m a lawyer who writes about legal issues affecting healthcare in Canada

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

Start keeping track of all privacy breaches – Report due March 2019

Posted by

Just a reminder that as of January 1, 2018 if you are a health information custodian you need to start keeping track of certain information relating to privacy breaches.

The Information and Privacy Commissioner of Ontario released guidelines that will come into effect March 2019 but require you to start tracking certain kinds of privacy breaches now.

Click here for the Annual Reporting of Privacy Breach Statistics to the Commissioner guidelines.

Starting January 1st, Ontario’s healthcare organizations (all those who are health information custodians) will need to keep track of the following:

  • Number of incidents where personal health information was stolen
    • by an internal party
    • by a stranger
    • by a ransomware attack or other cyber attack
    • on an unencrypted portable electronic device
    • in paper format
  • Number of incidents where personal health information was lost
    • due to ransomware attack or other cyber attack
    • on an unencrypted portable electronic device
    • in paper format
  • Number of incidents where personal health information was used without authority
    • through electronic systems
    • though paper records
  • Number of incidents where personal health information was disclosed without authority
    • through misdirected faxes
    • through misdirected emails

There are additional details required to capture the number of individuals affected in each category. Check the guidelines for the categories – and just keep track of general numbers of people affected.

NOTE: Privacy breaches should be counted once even if they would otherwise fit multiple categories.

An annual report is then due to the IPC before March 2019.

Bottom Line:  All health information custodians (including individual physicians or clinicians in sole practice) must start to track these details starting January 1st, 2018. 

The IPC has an online statistics reporting form that will come available in 2019.  In the meantime, keep an excel spreadsheet with your statistics. 

 


If you enjoyed this article please share it:


Previous and next posts from Kate:

Some of Kate’s recent and upcoming events

Team Privacy Training Events
October 16, October 24 and November 21

For Primary Care clinics, Children’s Aid and FHTs

Kate trains health professionals from many more primary care organizations how being privacy-respectful can improve therapeutic relationships. More details...

Speaking event October 23, 2019

Osgoode Professional Development – Mental health Certificate

Kate joins the faculty for this training event. More details...

Primary care webinars: Managing Incapacity & Consent to Treatment

Part of Kate’s monthly webinar series.

Our October webinar is about managing incapacity, and the November title is Consent to Treatment.
Full details of the 2020 webinar series and registration here.

Advanced Privacy Officer training
December 10, 2019

For experienced Privacy Officers within healthcare organisations.

This one day training course focuses on how to handle difficult privacy situations using real-life (but anonymized) case studies and role-play. Full details and registration here...

Privacy Officer training
January 20 & 27 and February 3,10 & 18, 2020

Kate is the program chair for the Osgoode Certificate in Privacy in Healthcare.

This program explores the range of privacy interests that must be protected in the day-to-day treatment of patients, the development of information systems and the creation of institutional policies. More details...

Free healthcare privacy webinar - ask me anything!
October 2, November 6 and December 4

Free webinars - advance registration needed

Whether you're an experienced privacy officer or new in the field, pick Kate’s brain for free for an hour, in this live webinar. No charge, but you’ll need to register in advance.

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets


We are walking on the edges of knives. https://t.co/HuAUHUfVTh #BusinessOfLaw #CoachingForLawyers #georgiaokeefe

02:01 PM Nov 15th

Law2Life Coaching is the best place successful lawyers can go to unlock more fun and fulfillment from life and work… https://t.co/vWkIPDbCj8

01:02 PM Nov 15th

contact details

901 King Street West Suite 400 East Tower
Toronto Ontario M5V 3H5

(416) 855 9557

.