Important Privacy Updates from the IPC
Increased fines for PHIPA violations
As of January 1, 2024, the Information and Privacy Commissioner of Ontario (IPC) has increased fines for serious violations of the Personal Health Information Protection Act (PHIPA). Individuals can face fines up to $50,000, while organizations can be fined up to $500,000.
If you are the designated Health Information Custodian (HIC), follow these steps in the event of a breach:
- Evaluate the breach based on information sensitivity, incident scale, and shared responsibility.
- Inform affected individuals about the breach.
- Notify the College if an employee or agent involved in the breach faces termination, suspension, or disciplinary action.
As always, the Practice Advisors are here to answer your questions. They can be reached at advice@collegept.org or 1-800-583-5885 ext. 241.
Privacy
Deadline to Submit Annual Statistics to the IPC is March 1
Health Information Custodians (HICs) are required to submit annual breach statistics to the Information and Privacy Commissioner of Ontario (IPC). They must include statistics on breaches where information was:
- Stolen
- Lost
- Used without authority
- Disclosed without authority
- Collected electronically without authority
HICs should also include breaches in their reports, even if they did not meet the criteria for mandatory reporting to the IPC. Visit the IPC website for more information.
IPC Submissions