I’m Kate Dewhirst.

I’m a lawyer who writes about legal issues affecting healthcare in Canada

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

Start keeping track of all privacy breaches – Report due March 2019

Posted by

Just a reminder that as of January 1, 2018 if you are a health information custodian you need to start keeping track of certain information relating to privacy breaches.

The Information and Privacy Commissioner of Ontario released guidelines that will come into effect March 2019 but require you to start tracking certain kinds of privacy breaches now.

Click here for the Annual Reporting of Privacy Breach Statistics to the Commissioner guidelines.

Starting January 1st, Ontario’s healthcare organizations (all those who are health information custodians) will need to keep track of the following:

  • Number of incidents where personal health information was stolen
    • by an internal party
    • by a stranger
    • by a ransomware attack or other cyber attack
    • on an unencrypted portable electronic device
    • in paper format
  • Number of incidents where personal health information was lost
    • due to ransomware attack or other cyber attack
    • on an unencrypted portable electronic device
    • in paper format
  • Number of incidents where personal health information was used without authority
    • through electronic systems
    • though paper records
  • Number of incidents where personal health information was disclosed without authority
    • through misdirected faxes
    • through misdirected emails

There are additional details required to capture the number of individuals affected in each category. Check the guidelines for the categories – and just keep track of general numbers of people affected.

NOTE: Privacy breaches should be counted once even if they would otherwise fit multiple categories.

An annual report is then due to the IPC before March 2019.

Bottom Line:  All health information custodians (including individual physicians or clinicians in sole practice) must start to track these details starting January 1st, 2018. 

The IPC has an online statistics reporting form that will come available in 2019.  In the meantime, keep an excel spreadsheet with your statistics. 

 


If you enjoyed this article please share it:


Previous and next posts from Kate:

Some of Kate’s recent and upcoming events

Team Privacy Training Events

November 14, 16, 29 & 30 and December 3, 11, 12, 13 & 19

For Primary Care clinics and FHTs

Kate trains health professionals from many more primary care organizations how being privacy-respectful can improve therapeutic relationships. more details...

Building healthy habits

November 26, 2018

Legal coaching at a Toronto law firm.

A private coaching session

Primary care webinar: Shared services agreements

December 6, 2018, 12 noon

Part of Kate’s monthly webinar series.

Pitfalls that primary care organizations need to look out for when agreeing to provide care in collaboration with other healthcare organizations.

Full details of the 2019 webinar series and registration here.

Privacy Officer training

April 30 through June 4, 2019

Kate’s specialist training course for Privacy Officers in health organizations.

Open to all health Privacy Officers, as well as those hoping to become Privacy Officers. Full details and registration for Privacy Officer training next spring here...

Advanced Privacy Officer training

June 18, 2019

For experienced Privacy Officers within healthcare organisations.

This one day training course focuses on how to handle difficult privacy situations using real-life (but anonymized) case studies and role-play. Full details and registration here...

Free healthcare privacy webinar - ask me anything!

December 5, 2018 4-5pm and January 9, 2019 12noon-1pm

Free webinar - advance registration needed

Whether you're an experience privacy officer or new in the field, pick Kate’s brain for free for an hour, in this live webinar. No charge, but you’ll need to register in advance.

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets

In my normal day to day life, I give legal advice to health care organizations. Suddenly, I found myself occupying… https://t.co/fGkGXXTogy

40 minutes ago


Ever get an email from a bank you don’t use saying your account has been compromised? Read this...… https://t.co/G2ERFZJAdS

about 18 hours ago

contact details

901 King Street West Suite 400 East Tower
Toronto Ontario M5V 3H5

(416) 855 9557