Data Guidance: PHIPA Statistics Reporting Requirement “Should Not Be Terribly Burdensome” for HICs
The Information and Privacy Commissioner of Ontario (‘IPC’) announced, on 14 December 2018, that it had opened an online statistics submission website and had issued a workbook and frequently asked questions in relation to the mandatory statistics reporting requirement (‘the Statistics Reporting Requirement’), which requires health information custodians (‘HICs’) covered under the Personal Health Information Protection Act 2004 (‘PHIPA’) to submit their 2018 annual statistics on health privacy breaches to the IPC by 1 March 2019.
Lonny J. Rosen, Partner at Rosen Sunshine LLP, told DataGuidance, “The Reporting Requirement should not be terribly burdensome. HICs have hopefully been tracking privacy breaches throughout the year, not only because of the Statistics Reporting Requirement, but in order to learn from and prevent the reoccurrence of such breaches […] Beyond strict compliance with policies and procedures, we encourage HICs to work to develop a ‘culture of privacy.’ This means that all agents are aware of the organisations obligations as a HIC and of the consequences of a breach, and focus on prevention of problems, including by identifying and calling out unsafe practices.’