Watch Law Society video-Cyber Breaches through Third Parties

Australia’s privacy commissioner publishes its Digital ID regulatory strategy

5 takeaways from the Lifelabs case

Put Privacy First – Privacy Commissioner of Canada speaks about privacy risk mitigation.

Learn more about The Power of PETs: Privacy Enhancing Technologies during a panel discussion hosted by The Information and Privacy Commissioner of Ontario.

BC Commissioner issues report on how municipalities make records available. For more information check out the full news release, fact sheet, guidance document and video.

Thank you to our 800 registrants who registered for the Top of Mind webinar hosted on Jan 31. For those of you who missed the session, you can access both an English and French version of the recording here under “Top of Mind” Data Privacy Webinar 2025. Enjoy!

News Releases

Canadian Information and Privacy Regulators Urge Governments, Health Sector Institutions and Health Providers to Strengthen Safeguards for Sharing Personal Health Information

September 21, 2022

In a joint resolution released today, Canada’s federal, provincial, and territorial information and privacy commissioners and ombudspersons are calling for a concerted effort across the healthcare sector to modernize and strengthen privacy protections for sharing personal health information.

Because of the pandemic, the shift to virtual care came quickly, maybe without enough time for a thorough examination of it; that shift in service model could adversely impact access and privacy rights. Despite advancements in the health sector, breaches continue to occur and the use of outdated and vulnerable technologies, such as faxes and unencrypted email not only impacts patient privacy but also the delivery of timely patient care.

This has spurred innovation and change in the delivery of services, including virtual health care visits and other forms of digital health communications.

Canada’s Information and Privacy Commissioners urge stakeholders to take the following action:

  • Develop a strategic plan to phase out the use of traditional fax and unencrypted email and ensure that all digital health information sharing infrastructure, including solutions that replace traditional fax and unencrypted email, are equitably available and accessible to all Canadians.
  • Promote the adoption of secure digital technologies and the implementation of responsible data governance frameworks. For health sector institutions and providers, this may include the adoption of standards developed by organizations such as ISO, NIST, or CIS that provide reasonable safeguards to protect personal health information.
  • Amend laws and regulations, as necessary, to further provide for meaningful penalties, including administrative penalties, for health institutions and providers that willfully refuse to take reasonable measures necessary to protect personal health information as well as for individuals who unlawfully collect, use, or disclose personal health information.
  • Seek guidance to understand how to evaluate new digital health solutions and assess their compatibility with other digital assets, compliance with health information privacy laws, and how they facilitate citizens’ rights to access their own records of personal health information.
  • Promote transparency by completing privacy impact assessments and proactively publishing a plain-language summary in a manner that is easily accessible to the public.
  • Use the procurement process to help ensure third-party compliance by establishing contractual requirements for vendors of health information software and services

If you have any questions or would like to request an interview with the Commissioner, please email or call our office at the contact below.

To learn more, a copy of the joint resolution and these initiatives can be found here.

 

Media contact:

Julie Ursu, Manager of Communication

Telephone: 306-798-2260

Email: jursu@oipc.sk.ca

Categories: News Releases

Back to News Releases

Was this page helpful?

Google Translate Disclaimer

Translations on the IPC Website are performed by Google Translate. Please note that not all text may be translated accurately or be translated at all. The IPC is not responsible for incorrect or inaccurate translations. The IPC will not be held responsible for any damage or issues that may result from using Google Translate.

For more information, read our full disclaimer.