The Ministry of Health and Long-Term Care (“ministry”) is proposing amendments to the General Regulation (Ontario Regulation 329/04) under the Personal Health Information Protection Act, 2004 (PHIPA) to clarify requirements for health information custodian reporting of thefts, losses and unauthorized uses or disclosures of personal health information to the Information and Privacy Commissioner.
Moving forward with the proposed amendments allows the ministry to continue to demonstrate progress on the implementation of changes proposed in the Health Information Protection Act (Bill 78), that were passed in May 2016.
If approved, Ontario Regulation 329/04 would be amended to require that health information custodians:
• Report annually to the Information and Privacy Commissioner on the number of times the custodian had to notify affected individuals, of thefts, losses and unauthorized uses or disclosures of personal health information in a calendar year in accordance with subsection 12(2) of PHIPA, and
• Notify the Information and Privacy Commissioner of privacy breaches that meet the prescribed requirements set out in the proposed regulation, in accordance with subsection 12(3) of PHIPA.
The proposed amendments have been posted to the Regulatory Registry website starting March 10, 2017 and will be available for 60 days, until May 8, 2017. The posting can be accessed at: http://www.ontariocanada.com/registry/view.do?postingId=23883&language=en