Canadian Institute for Health Information

Applications LogoApplications
Interactive Tools / Databases

Products LogoProducts
Downloadable Content

Print this Page

CIHI gets stamp of approval from Ontario’s privacy commissioner

If stakeholders didn’t have confidence that the data they provide CIHI is safeguarded, we wouldn’t be able to do the work we do.

That’s why we recently welcomed news that our status as a prescribed entity had been renewed by the Information and Privacy Commissioner of Ontario.

And just what is a prescribed entity?

Having the status means that health information custodians in Ontario can provide personal health data to us without the consent of individuals. Achieving this status means numerous measures must be in place to protect the health information of Ontarians.

We first received prescribed entity status under the Personal Health Information Protection Act (PHIPA) in 2005. We are the only organization with a pan-Canadian mandate with this status in Ontario, and it governs how we do our business from a privacy and security perspective. Based on the review of our most recent 140-page submission, the commissioner is satisfied that we continue to sufficiently protect the privacy of individuals whose personal health information we receive, maintain the confidentiality of that information and meet the requirements under PHIPA. There was only one recommendation that came out of the process, and we were already in compliance with it.

“This status shows our stakeholders that we have a robust information security ecosystem,” says Cal Marcoux, a senior information technology consultant at CIHI. “It’s been closely reviewed and meets a high level of scrutiny.”

Although Ontario is the only province with this type of review, Mary Ledoux, a senior privacy consultant at CIHI, says it should instill confidence in other jurisdictions that submit data to us.

“Because the standard imposed is so high, all Canadians can be assured that the confidentiality and integrity of the health information in our care is very closely guarded.”

Every three years, the commissioner’s office reviews our practices and procedures. Given the heightened awareness around privacy and the pace of technological advances, particularly around electronic health records, regular review is that much more important.

“This ensures that we continue to build on our practices in an ever-changing environment,” says Anne-Mari Phillips, CIHI’s chief privacy officer.