CIHI is committed to protecting the privacy of Canadians and ensuring the security of their personal health information. We also maintain the confidentiality of health care records. Our commitment extends to all the information in our databases, as well as to users of this website. For more information, please see Disclosures of CIHI Data.

We have a comprehensive privacy program, and we review and update our privacy and security policies annually. Download a copy of our brochure.

Privacy Questions, Concerns or Complaints

Questions, concerns or complaints about CIHI’s handling of the personal health information or de-identified data it holds should be addressed to CIHI’s Chief Privacy Officer at the following coordinates:

Chief Privacy Officer
Canadian Institute for Health Information
495 Richmond Road, Suite 600
Ottawa, Ontario  K2A 4H6
Phone: 613-694-6526
Fax: 613-241-8120

An individual may also direct complaints to the privacy commissioner of the jurisdiction in which the person making the complaint resides.

Individuals may also direct complaints regarding CIHI’s compliance with Ontario’s Personal Health Information Protection Act and its regulation to the Information and Privacy Commissioner of Ontario at the following coordinates:

Information and Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario  M4W 1A8
Phone: 416-326-3333
Toll-free (in Ontario): 1-800-387-0073
Fax: 416-325-9195

CIHI’s privacy information

 CIHI’s privacy program
 Policies and protocols
 Privacy impact assessments
 Featured reports
 Related content

CIHI’s privacy program

We have a comprehensive privacy program to protect the confidentiality and security of our Canadian health care data holdings. Part of this program is a set of strict privacy and security policies. These policies govern how we collect, store, analyze and disseminate data for the health care system in Canada. Our program also includes

  • A Privacy and Legal Services Secretariat committed to developing a culture of privacy
  • An active Privacy, Confidentiality and Security team that includes representation from across the organization
  • A chief privacy advisor, who provides advice and counsel on privacy matters
  • A privacy and data protection committee, a subcommittee of our Board of Directors
  • Mandatory staff training to keep Canadian health care information protection matters front and centre

We are a prescribed entity for the purposes of Section 45(1) of Ontario’s Personal Health Information Protection Act, 2004 (PHIPA, 2004). This act applies to health information custodians in Ontario, such as the Ministry of Health and Long-Term Care, hospitals and physicians. These entities can disclose personal health information to us without patient consent. The act permits disclosure for the purposes of analysis or compiling statistical information for the management of the health system. This designation and the strict responsibilities that come with it also assure our data partners across the country that

  • Our privacy and security policies comply with the highest standards
  • Our overall information management practices safeguard the important and sensitive information we are trusted with

The Information and Privacy Commissioner (IPC) of Ontario reviews our practices and procedures every three years.Our privacy policies, practices and procedures were first approved by the Ontario IPC in 2005, again in 2008, and more recently in 2011.

Privacy policies and protocols

 Privacy impact assessments

Privacy impact assessment (PIA) documents evaluate and address the privacy impacts of programs and systems. CIHI is committed to completing PIAs on all its data holdings:

 Featured reports on privacy