Skip to Sub-navigation

CIHI is committed to protecting the privacy of Canadians and ensuring the security of their personal health information. We also maintain the confidentiality of health care records and all of the information in our databases. 

Find out more about our Information Security Program. Read about our privacy and information security measures for users of this website.

Privacy questions, concerns or complaints

Chief Privacy Officer
Canadian Institute for Health Information
495 Richmond Road, Suite 600
Ottawa, Ontario  K2A 4H6
Phone: 613-694-6294
Fax: 613-241-8120
Email: privacy@cihi.ca

An individual may also direct complaints to the privacy commissioner of the jurisdiction in which he or she resides.

Individuals may also direct complaints regarding CIHI’s compliance with Ontario’s Personal Health Information Protection Act and its regulation to the Information and Privacy Commissioner of Ontario at the following coordinates:

Information and Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario  M4W 1A8
Phone: 416-326-3333
Toll-free (in Ontario): 1-800-387-0073
Fax: 416-325-9195
Email: info@ipc.on.ca
Website: www.ipc.on.ca

CIHI’s Privacy Program

Our comprehensive Privacy Program protects the confidentiality and security of our Canadian health care data holdings. Part of this program is a set of strict privacy and security policies. These policies govern how we collect, store, analyze and disseminate data on Canada’s health care systems. Our program also includes

  • A Privacy and Legal Services Secretariat committed to developing a culture of privacy
  • An active Privacy, Confidentiality and Security team that includes representation from across the organization
  • A chief privacy advisor, who provides advice and counsel on privacy matters
  • A Privacy and Data Protection Committee, a subcommittee of our Board of Directors
  • Mandatory staff training to keep Canadian health care information protection matters front and centre

We are a prescribed entity for the purposes of Section 45(1) of Ontario’s Personal Health Information Protection Act, 2004 (PHIPA, 2004). This act applies to health information custodians in Ontario, such as the Ministry of Health and Long-Term Care, hospitals and physicians. These entities can disclose personal health information to us without patient consent. The act permits disclosure for the purposes of analysis and compiling statistical information for the management of the health system. This designation and the strict responsibilities that come with it also assure our data partners across the country that

  • Our privacy and security policies comply with the highest standards
  • Our overall information management practices safeguard the important and sensitive information we are trusted with

The Information and Privacy Commissioner of Ontario reviews our practices and procedures every 3 years. Our privacy policies, practices and procedures were approved by the commissioner first in 2005 and every 3 years thereafter.

CIHI’s Information Security Program 

Our comprehensive Information Security Program is dedicated to protecting the privacy of Canadians by ensuring the confidentiality, integrity and availability of our health care information. 

CIHI maintains the International Organization for Standardization (ISO) 27001 certification of its Information Security Management System. This certification clearly demonstrates our commitment to protect the personal health information that we maintain, and to continuously improve our information security position. It is an important part of our overall privacy and security programs and provides both our stakeholders and the public with the assurance that we treat data protection seriously. Our program also includes the following components:

  • Information security risk management 
  • Information Security Audit Program
  • A comprehensive suite of policies, procedures and standards designed to protect the confidentiality, integrity and availability of our information 
  • Privacy and Security Incident Management Program
  • Staff training and awareness

Security questions or concerns

Chief Information Security Officer
Canadian Institute for Health Information
4110 Yonge Street, Suite 300
Toronto, Ontario  M2P 2B7
Phone: 416-481-2002
Fax: 416-481-8120
Email: security@cihi.ca

Privacy and Information Security policies and protocols

Privacy impact assessments

Privacy impact assessments (PIAs) evaluate and address the privacy impacts of programs and systems. CIHI is committed to completing PIAs on all its data holdings:

Featured reports on privacy