CIHI’s privacy and security recognized by Ontario’s privacy commissioner

Printer-friendly version

Access to Canadians' personal health information is imperative to CIHI's work. Data security is of the utmost importance so the public and our stakeholders can trust CIHI to treat this sensitive information with the care it deserves.

As a result of our hard work on this front, CIHI has been recognized with an important designation.

The Information and Privacy Commissioner of Ontario has renewed our prescribed entity status for the next 3 years. CIHI is the only organization with a pan-Canadian mandate with this status.

Being a prescribed entity means that health information custodians in Ontario can provide us with personal health data, without the consent of individuals, for the purpose of analysis or compiling statistical information for the planning and management of the health system. To be recognized with this status means that CIHI has demonstrated the technical and operational standards necessary to ensure that Ontarians' personal health information remains just that&eacirc;—private. See CIHI's 2015 submission.

In this day of ever-advancing technology surrounding health records&eacirc;—in terms of both collection and privacy and the technological threat to that privacy&eacirc;—prescribed entity status is an important stamp of approval.

CIHI first received this status under the Personal Health Information Protection Act (PHIPA)in 2005. Based on the review of our most recent submission, the commissioner is satisfied that we continue to sufficiently protect the privacy of individuals whose personal health information we receive, maintain the confidentiality of that information and meet the requirements under PHIPA.

Ontario is the only province with this type of review. With such high standards for recognition as a prescribed entity, Canadians can be assured that the confidentiality and integrity of the health information in our care is very closely guarded.

Our recent announcement that we have earned ISO/IEC 27001:2005 certification starts 2015 with a clear message: CIHI is a trustworthy steward of Canadians' personal health information.