PHIPA what is it? And why should you care as a Canadian IT Professional

PHIPA stands for the Personal Health Information Protection Act. This act mandates the terms for collecting, using, and disclosing information pertaining to the personal health of individuals. PHIPA applies to any custodians who operate in Ontario. And it also applies to organizations and individuals who receive personal information from custodians.

This act is important for protecting the privacy of individuals. PHIPA provides individuals with a tighter level of control over how their personal health information is used. This act also allows individuals to access their own personal health information. And individuals can submit a request to have their information corrected as well.

Under this act, a custodian will need to receive consent before collecting, using, or disclosing personal health information. Here are some reasons as to why personal health information may be collected and shared:

•An individual needs specific care or treatment.

•Health-related research needs to be performed.

•The health care system, funded by the public, needs to be managed.

Are you an IT Professional working in Canada? If so, then PHIPA could apply to you.

PHIPA & Canadian IT Professionals: Rules To Follow

It’s not uncommon for an IT professional to provide services to a custodian. This is typically done by presenting a way for the custodian to use electronics in order to collect and share personal health information. If you’re a service provider to a custodian operating in Ontario, then PHIPA applies to you. You’ll need to abide by certain regulations.

Below are the rules you’ll have to follow under this act:

•Notify a custodian whenever any information breaches are present.

•Provide a way for the public to access information on the services you provide.

•Provide information about the ways you will safeguard personal health information.

•Provide electronic records for all personal health information, upon request.

•Perform threat risk assessments and privacy impact assessments.

•Present the results of your assessments to the custodians.

•Make sure that all third parties comply with the requirements of this act.

•Form an agreement with the custodian which details your provided services.


Personal health information is sensitive data. And the PHIPA helps to protect this data for the individuals who are involved. This act applies to any custodians who operate in Ontario. It also applies to groups and individuals who interact with these custodians in order to use, collect, or share personal health information. Certain third parties will need to abide by this act.

If you’re an IT professional who works in Canada, then this act may apply to you. More specifically, you will need to follow certain rules set by this act if you provide services to custodians operating in Ontario.

As an IT service provider, you’ll be required to make the information of your services available to the public. You’ll also be required to perform and share the results of risk assessments and privacy impact assessments. You’ll need to notify custodians whenever a breach of information is found. Upon request, you’ll need to provide access to the electronic records regarding personal health information.


Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button