Reporting Health Privacy Breaches

According to new rules under the Personal Health Information Protection Act (PHIPA), all health information custodians in Ontario, including optometrists, are now required to report statistics relating to health privacy breaches on an annual basis to the office of the Information and Privacy Commissioner of Ontario.

A report will set out the number of times in each year that personal health information held by a health information custodian was stolen, lost, used without authority and/or disclosed without authority. The other sections of the report will focus on the cause of the breach and the number of individuals affected. The report does not ask for personal health information.

The online statistics submission website is now open for health information custodians across Ontario to submit their statistics for the 2018 reporting year. Health information custodians that have experienced at least one health privacy breach during the 2018 reporting year—from January to December—are required by law to complete the online questionnaire. The deadline to submit is Friday, March 1, 2019.

Please note that optometrists who have had 0 (zero) health privacy breaches to report for 2018 should not submit a statistical report.

Further information on how to submit annual health information breach statistics can be found here.