skip to content

Practical Approaches for the Personal Health Information Protection Act (PHIPA)

Posted on December 02, 2019

Let’s start with what Is PHIPA?

Here in Ontario, Canada, we have the Personal Health Information Protection Act, also known as PHIPAA, which was established in 2004 to govern personal health information. Specifically, PHIPA establishes the rules for the collection, use, and disclosure of personal health information of individuals. So if you handle personal health information you are considered a custodian and are regulated under PHIPA.

Source: Guide by the Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/wp-content/uploads/Resources/hguide-e.pdf

PHIPAA vs PIPEDA vs HIPAA

Ok so you’ve come across HIPAA, PIPEDA and PHIPA. Confused? You’re not alone. PIPEDA is Canada’s Personal Information Protection and Electronic Documents Act and PHIPA is basically the privacy act that deals with Personal Health information in Ontario. Whereas HIPAA is for personal health information privacy across the border in the US. Rarely does it impact our compliance standards, but it can. That’s for another day. So, PHIPA is important for any Ontario organization that handles any personal health information including website data.

PHIPA and Inorbital.

PHIPA is often considered the Canadian equivalent to HIPAA (Health Insurance Portability and Accountability Act). Clients should note that as part of PHIPA compliance, information stored, and user consent is given to the health care provider that obtains and maintains the data not the web development agency.

What you get from Inorbital

As part of the Inorbital PHIPA compliance service Inorbital will provide a Threat Risk Assessment and prepare a Privacy Impact Assessment when required. 

In compliance with Privacy Legislation Inorbital maintains a privacy policy in compliance with applicable privacy legislation, addressing its practises relating to the collection, use, disclosure, retention and disposal of personal information. 

Inorbital also monitors and enforces compliance within its own privacy policy which includes:

  • Appointing a privacy compliance officer who shall be given the responsibility for Inorbital's compliance with the privacy and security terms and conditions that are determined at contract time. 
  • In addition, we employ appropriate safeguards to prevent theft, loss and unauthorized access, copying, modification, use, disclosure or disposal of PHI. Without limiting the generality of the foregoing, Inorbital takes reasonable steps to ensure that all PHI received from clients is securely segregated from any information owned by us, including password authorization.
    • including notifications of any privacy breach to custodian immediately upon confirmation
    • audit trail to track the use of our content database

 
Contact us if you are planning a digital project that includes any form of health related information.



Author
Blog post author Tony Tullio

Tony Tullio

Chief Problem Solver

Inorbital founder, industry veteran and habitualy curious. 

About the Blog

This Blog consists of popular issues pertaining to website content management, security, accessibility, search engines, social media, ecommerce and stories regarding new and valuable web design tools and resources we think you might be interested in. As always, let us know what you think.

How Can We Help

Tell Us About Your Project
X
X