Submit Your 2018 Health Privacy Breach Report

January 10, 2019

According to new rules under the Personal Health Information Protection Act (PHIPA), health information custodians in Ontario are now required to report statistics relating to health privacy breaches annually to the Information and Privacy Commissioner of Ontario's (IPC) office, which oversees compliance with PHIPA.

Examples of health information custodians include health care practitioners such as: doctors, nurses, pharmacists, dieticians, physiotherapists, midwives, and occupational therapists who are not otherwise working on behalf of a health information custodian.

This statistical report will set out the number of times in 2018 that personal health information held by a health information custodian was stolen, lost, used without authority and/or disclosed without authority. The other sections of the report will focus on the cause of the breach and the number of individuals affected. The report does not ask for personal health information.

Health information custodians can submit their reports for 2018 through the IPC online statistics submission website:

By law, health information custodians that have experienced at least one health privacy breach during the 2018 reporting year—from January to December—are required to complete the IPC online questionnaire.

The deadline to submit is Friday, March 1, 2019.

To access the statistics submission website and set up your login ID, please email with your contact information.

Unless you are an institution under the Freedom of Information and Protection of Privacy Act or the Municipal Freedom of Information and Protection of Privacy Act, you do not need to submit a statistical report if you did not experience any health privacy breaches during the 2018 reporting year.

Got questions? Please see the IPC website and their frequently asked questions for more information: