The Ministry of Health and Long-Term Care (“ministry”) is proposing amendments to the General Regulation (Ontario Regulation 329/04) under the Personal Health Information Protection Act, 2004 (PHIPA).
The purpose of the amendments has largely to do with clarifying the needs for health information custodian reporting of thefts, losses and unauthorized uses or disclosures of personal health information to the Information and Privacy Commissioner. Should the amendments be approved, the following requirements would have to be met:
“A Health information custodian would be obligated to report annually to the Commissioner the number of times, in the calendar year, the health information custodian had to notify individuals (in accordance with section 12(2) of PHIPA) of theft(s), loss(es) or of unauthorized use(s) or disclosure(s) of personal health information.
• It would be necessary for the report to be submitted to the Commissioner by March 1 of the following calendar year.
• The first report would be due in 2019.
• After submitting the report to the Commissioner, at the Commissioner’s request, a health information custodian would be required to provide the Commissioner with information contained in the notice that was issued to the affected individual(s), and/or any information the custodian relied on in deciding to notify the individual.”
The proposed amendments would also further allow the ministry to continue to validate progress on the implementation of changes proposed in the Health Information Protection Act (Bill 78). These changes were passed in May 2016.
The projected amendments have been posted to the Regulatory Registry website on March 10, 2017 and will be available until May 8, 2017. The posting can be accessed at: Click Here