Skip to Sub-navigation

CIHI is committed to protecting the privacy of Canadians and ensuring the security of their personal health information.

Find out more about our Terms of Use, including the Website Privacy Notice.

Privacy questions, concerns or complaints

Chief Privacy Officer
Canadian Institute for Health Information
495 Richmond Road, Suite 600
Ottawa, Ontario  K2A 4H6
Phone: 613-694-6526
Fax: 613-241-8120

An individual may also direct complaints to the privacy commissioner of the jurisdiction in which they reside.

Individuals may also direct complaints regarding CIHI’s compliance with Ontario’s Personal Health Information Protection Act, 2004 (PHIPA, 2004) and its regulation to the Information and Privacy Commissioner of Ontario:

Information and Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario  M4W 1A8
Phone: 416-326-3333
Toll-free (in Ontario): 1-800-387-0073
Fax: 416-325-9195

CIHI’s Privacy Program

Our comprehensive Privacy Program ensures the confidentiality and security of our Canadian health care data holdings. Part of this program is a set of governing privacy and security policies. These policies set out how we collect, store, analyze and disseminate data on Canada’s health care systems. Our program also includes

  • A Privacy and Legal Services department committed to developing a culture of privacy at CIHI
  • An active Privacy, Confidentiality and Security Committee that includes representation from across the organization
  • A chief privacy advisor, who provides advice and counsel on privacy matters
  • A Governance and Privacy Committee of the Board of Directors
  • Mandatory privacy and security training to keep Canadian health care information protection matters front and centre

We are a prescribed entity for the purposes of Section 45(1) of Ontario’s Personal Health Information Protection Act, 2004 (PHIPA, 2004). This act applies to health information custodians in Ontario, such as the Ministry of Health and Long-Term Care, hospitals and physicians. These entities can disclose personal health information to us without patient consent for the purposes of analysis and compiling statistical information for the management of the health system. This designation and the strict responsibilities that come with it also assure our data partners across the country that

  • Our privacy and security policies comply with the highest standards
  • Our overall information management practices safeguard the important and sensitive information with which we are trusted

The Information and Privacy Commissioner of Ontario (IPC/ON) reviews our practices and procedures every 3 years. Our privacy policies, practices and procedures were approved by the commissioner first in 2005 and every 3 years thereafter.

If you would like to obtain a copy of CIHI’s most recent submission to the IPC/ON, please send your request to

CIHI’s Information Security Program 

Our comprehensive Information Security Program is dedicated to protecting the privacy of Canadians by ensuring the confidentiality, integrity and availability of our health care information. 

CIHI maintains the International Organization for Standardization (ISO) 27001 certification of its Information Security Management System. This certification clearly demonstrates our commitment to protect the personal health information that we maintain, and to continuously improve our information security position. It is an important part of our overall privacy and security programs and provides both our stakeholders and the public with the assurance that we treat data protection seriously. Our program also includes the following components:

  • Information security risk management 
  • Information Security Audit Program
  • A comprehensive suite of policies, procedures and standards designed to protect the confidentiality, integrity and availability of our information 
  • Privacy and Security Incident Management Program
  • Staff training and awareness

Security questions or concerns

Chief Information Security Officer
Canadian Institute for Health Information
4110 Yonge Street, Suite 300
Toronto, Ontario  M2P 2B7
Phone: 416-481-2002
Fax: 416-481-8120

Privacy and Information Security policies and protocols

Privacy impact assessments

Privacy impact assessments (PIAs) evaluate and address the privacy impacts of programs and systems. CIHI is committed to completing PIAs on all its data holdings:

Featured reports on privacy