{"id":24329,"date":"2020-10-06T19:25:50","date_gmt":"2020-10-06T13:55:50","guid":{"rendered":"https:\/\/www.syscreations.ca\/?p=24329"},"modified":"2022-11-26T05:44:38","modified_gmt":"2022-11-26T05:44:38","slug":"phipa-ontario-regulations","status":"publish","type":"post","link":"https:\/\/www.syscreations.ca\/blog\/phipa-ontario-regulations\/","title":{"rendered":"PHIPA Consultant Sharing His PHIPA Ontario Regulations Knowledge of 6 Years [You Can Also Hire Him!]"},"content":{"rendered":"\n<p><span style=\"color: #000000;\"><b><span style=\"color:#7b68ee\" class=\"has-inline-color\">You should be cautious of PHIPA regulations if you are,<\/span>&nbsp;<\/b><\/span><\/p>\n\n\n\n<ul><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Healthcare provider&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Healthcare app\/software owner&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">IT service provider to the healthcare entity&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Working with healthcare entity for any research and insurance purposes&nbsp;<\/span><\/li><\/ul>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\"><u><span style=\"color:#7b68ee\" class=\"has-inline-color\">Because if you as an entity or organization commit the offence under PHIPA, you can be liable for the fine of up to $500,000!<\/span><\/u><\/span><\/p>\n\n\n\n<h2><span style=\"color: #000000;\"><b>Let\u2019s Start With the Basics of <\/b><b>&nbsp;<\/b><b>PHIPA Ontario<\/b><\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">PHIPA (Personal Health Information Protection Act) has been imposed by the Ontario state government.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">Though there are many differences between PHIPA, HIPAA (USA federal law) and PIPEDA (Canada federal law), the rules established under PHIPA are inspired by HIPAA and PIPEDA rules.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"color: #000000;\"><b><u>PHIPA vs PIPEDA:<\/u><\/b><\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">The major difference between PHIPA and PIPEDA is that <span style=\"color:#7b68ee\" class=\"has-inline-color\">PHIPA applies to Ontario-based healthcare entities<\/span> that save, use and disclose personal health information (PHI) of the patients whether or not during commercial activity, unlike the <span style=\"color:#7b68ee\" class=\"has-inline-color\">PIPEDA act which applies to all Canada-based organizations<\/span> that save, use and disclose PHI only during commercial activity.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"color: #000000;\"><b><u>PHIPA vs HIPAA:<\/u><\/b><b>&nbsp;<\/b><\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">The major difference between PHIPA and HIPAA is that PHIPA only focuses on objectives and thus, it asks healthcare providers to take \u2018reasonable steps\u2019 to ensure PHI security, unlike HIPAA which focuses on method and thus, it suggests the ways to ensure PHI security.&nbsp;<\/span><\/p>\n\n\n\n<h2><span style=\"color: #000000;\"><b>The Purpose of the PHIPA&nbsp;<\/b><\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">To define the best practices for data storage, usage &amp; sharing and ensure that <span style=\"color:#7b68ee\" class=\"has-inline-color\">all healthcare providers prioritize ePHI security<\/span>, the Ontario state government has imposed PHIPA.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">Another purpose of PHIPA is to enable individuals to access their own personal health information and to make changes in those details.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\"><span style=\"color:#7b68ee\" class=\"has-inline-color\">PHIPA gives ultimate freedom to individuals to file a complaint against healthcare providers if they violate the PHIPA law.&nbsp;<\/span><\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">Overall, establishing clear rules for PHI collection, usage &amp; sharing for healthcare providers and giving more control to individuals over their data are the major two purposes of the PHIPA.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">However, the act does not affect the patient-provider relationship!&nbsp;<\/span><\/p>\n\n\n\n<h2><span style=\"color: #000000;\"><b>Does PHIPA Apply to You?<\/b><\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">Let\u2019s validate it based on your identity!&nbsp;<\/span><\/p>\n\n\n\n<ul><li><span style=\"color: #000000;\"><b>Are you an individual? &#8211; <span style=\"color: #339966;\">PHIPA does apply!<\/span>&nbsp;<\/b><\/span><\/li><\/ul>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">PHIPA has an impact on everyone living in Ontario. PHIPA allows an individual to get access to his personal health information and make changes in it.&nbsp;<\/span><\/p>\n\n\n\n<ul><li><span style=\"color: #000000;\"><b>Are you a healthcare provider (custodian)? &#8211; <span style=\"color: #339966;\">PHIPA does apply!<\/span>&nbsp;<\/b><\/span><\/li><\/ul>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">The act defines 7 types of healthcare providers or custodians.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">These healthcare providers include health care practitioners, long-term-care service providers, community care access corporations, hospitals, pharmacies, laboratories and medical officers.&nbsp;<\/span><\/p>\n\n\n\n<ul><li><span style=\"color: #000000;\"><b>Are you recipients? &#8211; <span style=\"color: #339966;\">PHIPA does apply!<\/span>&nbsp;<\/b><\/span><\/li><\/ul>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">The PHIPA act describes anyone who receives PHI from healthcare providers as a recipient or agent.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">Insurance companies, employers, and researchers are called recipients and thus, they have to adhere to PHIPA Ontario requirements.&nbsp;<\/span><\/p>\n\n\n\n<ul><li><span style=\"color: #000000;\"><b>Are you IT service providers? &#8211; <span style=\"color: #339966;\">PHIPA does apply!<\/span>&nbsp;<\/b><\/span><\/li><\/ul>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">If you are not a healthcare provider and recipient, the PHIPA still applies to you.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">The PHIPA act includes many requirements for IT service providers who provide IT services to healthcare providers. (We will discuss these requirements later in this blog)<\/span><\/p>\n\n\n\n<h2><span style=\"color: #000000;\"><b>What Does PHIPA Protect?<\/b><span style=\"font-weight: 400;\">&nbsp;<\/span><\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">The major purpose of the PHIPA is to <span style=\"color:#7b68ee\" class=\"has-inline-color\">protect every possible personal health information of the patients<\/span>.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">However, here it is worth mentioning that the PHIPA act does not apply to data that is not collected, used and disclosed.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">PHIPA protects the following information.&nbsp;<\/span><\/p>\n\n\n\n<ul><li><span style=\"font-weight: 400; color: #000000;\">Data related to individuals\u2019 physical and mental health&nbsp;<\/span><\/li><li><span style=\"font-weight: 400; color: #000000;\">Data related to individuals\u2019 family health history&nbsp;<\/span><\/li><li><span style=\"font-weight: 400; color: #000000;\">Data related to the provision of health care<\/span><\/li><li><span style=\"font-weight: 400; color: #000000;\">Data related to long-term care plan of individuals&nbsp;<\/span><\/li><li><span style=\"font-weight: 400; color: #000000;\">Data related to payment&nbsp;<\/span><\/li><li><span style=\"font-weight: 400; color: #000000;\">Data related to eligibility for healthcare&nbsp;<\/span><\/li><li><span style=\"font-weight: 400; color: #000000;\">Data related to the donation of the body parts<\/span><\/li><li><span style=\"font-weight: 400; color: #000000;\">Individuals\u2019 health number&nbsp;&nbsp;<\/span><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><a href=\"https:\/\/www.syscreations.ca\/contact\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" src=\"https:\/\/www.syscreations.ca\/blog\/wp-content\/uploads\/2022\/11\/Have-healthcare-IT-company-on-your-side-5.png\" alt=\"PHIPA doubts\" class=\"wp-image-31427\" width=\"782\" height=\"117\"\/><\/a><\/figure>\n\n\n\n<h1><span style=\"color: #000000; font-size: x-large;\"><b>PHIPA Ontario Regulations<\/b><\/span><\/h1>\n\n\n\n<p><span style=\"color: #000000;\">PHIPA sets out different rules for the different activities performed by healthcare providers, recipients and IT service providers.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"color: #000000;\"><b><span style=\"color:#7b68ee\" class=\"has-inline-color\"><u>PHIPA Regulations for IT Service Providers:<\/u>&nbsp;<\/span><\/b><\/span><\/p>\n\n\n\n<ul><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">In case of any breach or unauthorized access, IT service providers should notify healthcare providers.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">IT service providers should make information about the services provided to the healthcare providers available publicly. They should also publish directives, guidelines and policies of the services.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Upon request of the healthcare providers, IT service providers should provide them with the data of all accesses and transfers of PHI.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">IT service providers should provide healthcare providers with threat risk assessment and privacy impact assessment of the services.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">IT service providers should sign an agreement with healthcare providers. The agreement must include the description of the services &amp; administrative, and technical &amp; physicals safeguards.&nbsp;<\/span><\/li><\/ul>\n\n\n\n<p><span style=\"color: #000000;\"><b><u><span style=\"color:#7b68ee\" class=\"has-inline-color\">PHIPA Regulations for Healthcare Providers:<\/span><\/u><\/b><\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">Let\u2019s categorize the PHIPA regulations for healthcare providers based on different activities or practices.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"color: #000000;\"><b>1. General Practice&nbsp;<\/b><\/span><\/p>\n\n\n\n<ul><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Healthcare providers can only collect, use and disclose the PHI if the individual permits.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Healthcare providers cannot collect, use and disclose the information if other information serves the purpose.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Healthcare providers must not collect, use and disclose the information more than needed.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Healthcare providers should get <\/span><span style=\"color: #0000ff;\"><a style=\"color: #0000ff;\" href=\"https:\/\/whatis.techtarget.com\/definition\/express-consent#:~:text=Express%20consent%20is%20permission%20for,the%20part%20of%20the%20individual.\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">express consent<\/span><\/a><\/span><span style=\"font-weight: 400;\"> to collect, use and disclose PHI for marketing purposes.&nbsp;<\/span><\/span><\/li><\/ul>\n\n\n\n<p><span style=\"color: #000000;\"><b>2. Fundraising Practice&nbsp;<\/b><\/span><\/p>\n\n\n\n<ul><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Healthcare providers can only collect, use and disclose the PHI for fundraising purposes if permitted by individuals.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">If healthcare providers collect, use and disclose only an individual\u2019s name and mailing address,&nbsp; <\/span><span style=\"color: #0000ff;\"><a style=\"color: #0000ff;\" href=\"https:\/\/en.wikipedia.org\/wiki\/Implied_consent\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">implied consent<\/span><\/a><\/span><span style=\"font-weight: 400;\"> is needed.&nbsp;<\/span><\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Healthcare providers can collect, use and disclose the PHI only for charitable or philanthropic purposes.&nbsp;<\/span><\/li><\/ul>\n\n\n\n<p><span style=\"color: #000000;\"><b>3. Health Cards and Health Numbers Related Practice&nbsp;<\/b><\/span><\/p>\n\n\n\n<ul><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Anyone who is not a healthcare provider cannot collect and use health cards and health numbers.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Anyone who is not a healthcare provider can only collect and use health cards and health numbers for purposes such as health administration, health planning, and health research.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Anyone who is not a healthcare provider can only collect and use health cards and health numbers if the healthcare providers have shared the number with him.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Anyone who is not a healthcare provider cannot disclose the health number except for the purpose related to research and the provision of provincially funded health resources.&nbsp;<\/span><\/li><\/ul>\n\n\n\n<p><span style=\"color: #000000;\"><b>4. Data Collection Practice&nbsp;<\/b><\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">According to the rule, healthcare providers must collect the data directly from the users. However, they can collect the data indirectly under limited circumstances. A healthcare provider can collect information indirectly,&nbsp;<\/span><\/p>\n\n\n\n<ul><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">If the individual permits.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">If the information is vitally important for the provision of healthcare and it is not feasible to collect data in the direct ways.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">If the healthcare provider is the state or municipal government entity and the data is required for investigation.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">If the healthcare provider is collecting data from a person who is not a healthcare provider for research purposes.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">If the healthcare provider is collecting data from a person who is not a healthcare provider for the planning and management of the health system.&nbsp;<\/span><\/li><\/ul>\n\n\n\n<p><span style=\"color: #000000;\"><b>5. Data Usage Practice&nbsp;<\/b><\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">Healthcare providers must always ask an individual\u2019s permit before using their data. The permission is not required only in the following circumstances.&nbsp;<\/span><\/p>\n\n\n\n<ul><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">If the individual is required to share his information with healthcare providers by the law.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">If data usage purpose is planning or delivering programs or services that the healthcare providers provide or fund.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">If data usage purposes are risk management and error management.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">If data usage purpose is improving the quality of the care.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">If data usage purpose is education.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">If data usage purpose is proceeding.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">If data usage purpose is obtaining payment.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">If data usage purpose is research.&nbsp;<\/span><\/li><\/ul>\n\n\n\n<p><span style=\"color: #000000;\"><b>6. Data Disclosure Practice&nbsp;<\/b><\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">Healthcare providers cannot share PHI without the permission of individuals. However, they can share or disclose the data without permission in a number of situations.&nbsp;<\/span><\/p>\n\n\n\n<ul><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Healthcare providers can disclose data of a deceased individual.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Healthcare providers can disclose data for health or other programs.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Healthcare providers can disclose data related to the risks.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Healthcare providers can disclose data related to care and custody.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Healthcare providers can disclose data for proceeding.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Healthcare providers can disclose data to the successor.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Healthcare providers can disclose data for research purposes.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Healthcare providers can disclose data for planning and management of the health system.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Healthcare providers can disclose data for payment.&nbsp;<\/span><\/li><\/ul>\n\n\n\n<p><span style=\"color: #000000;\"><b><u><span style=\"color:#7b68ee\" class=\"has-inline-color\">PHIPA Regulations for Recipients:<\/span><\/u><\/b><\/span><\/p>\n\n\n\n<ul><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">The recipients who get data from the healthcare providers must not use or disclose the data other than the purpose for which it is shared by healthcare providers.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">PHIPA regulations for recipients do not apply to state or municipal government entities.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Recipients can provide information to pharmacists to help them advise individuals only if the recipients provide coverage for payment and other medication-related services.&nbsp;&nbsp;&nbsp;<\/span><\/li><\/ul>\n\n\n\n<p><span style=\"color: #000000;\"><b><u><span style=\"color:#7b68ee\" class=\"has-inline-color\">PHIPA Regulations for Individuals:<\/span><\/u><\/b><\/span><\/p>\n\n\n\n<ul><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Individuals can get access to their personal information.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Individuals cannot get access to someone else\u2019s personal information.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Individuals cannot get access to the record which includes quality of care information and raw information used solely for research purposes and laboratory experiments.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Healthcare providers can deny providing information collected for proceeding.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Healthcare providers can deny providing information collected during the investigation and inspection.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">If a healthcare provider is a government entity, it can deny providing information under privacy laws that only apply to government institutions.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Individuals should make the \u2018request to access\u2019 in writing and provide sufficient information so that healthcare providers can easily identify the record. If the information isn\u2019t sufficient, healthcare providers should offer assistance. The healthcare providers should respond within 30 days of \u2018request to access\u2019.&nbsp;<\/span><\/li><li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #000000;\">Individuals can also make a written request to make changes in their data. The healthcare providers should respond within 30 days of the request.&nbsp;<\/span><\/li><\/ul>\n\n\n\n<h2><span style=\"color: #000000;\"><b>PHIPA Privacy Law &#8211; In Essence&nbsp;<\/b><\/span><\/h2>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter is-resized\"><img loading=\"lazy\" src=\"https:\/\/www.syscreations.ca\/blog\/wp-content\/uploads\/2020\/07\/image2.jpg\" alt=\"\" class=\"wp-image-25281\" width=\"460\" height=\"460\" srcset=\"https:\/\/www.syscreations.ca\/blog\/wp-content\/uploads\/2020\/07\/image2.jpg 1000w, https:\/\/www.syscreations.ca\/blog\/wp-content\/uploads\/2020\/07\/image2-300x300.jpg 300w, https:\/\/www.syscreations.ca\/blog\/wp-content\/uploads\/2020\/07\/image2-150x150.jpg 150w, https:\/\/www.syscreations.ca\/blog\/wp-content\/uploads\/2020\/07\/image2-768x768.jpg 768w\" sizes=\"(max-width: 460px) 100vw, 460px\" \/><\/figure><\/div>\n\n\n\n<h2><span style=\"color: #000000;\"><b>The PHIPA Enforcement&nbsp;<\/b><\/span><\/h2>\n\n\n\n<p><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">A person who believes that another person, business or corporation violates the PHIPA act, he can lodge a complaint in writing to the <\/span><span style=\"color: #0000ff;\"><a style=\"color: #0000ff;\" href=\"https:\/\/www.ipc.on.ca\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Information and Privacy Commissioner of Ontario<\/span><\/a><\/span><span style=\"font-weight: 400;\">.&nbsp;<\/span><\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">The Information and Privacy Commissioner of Ontario can conduct the review of the complaint if it is not solved informally.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">The Information and Privacy Commissioner of Ontario can also carry out a self-initiated review in case no one files the complaint.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">While conducting the review, the Commissioner can visit your premises, ask you to show record, summon the person and issue a binding order.&nbsp;<\/span><\/p>\n\n\n\n<h2><span style=\"color: #000000;\"><b>PHIPA for Healthcare Mobile Apps\/Software<\/b><\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">After reading so far, you must have understood the fact that <span style=\"color:#7b68ee\" class=\"has-inline-color\">your app should be PHIPA compliant<\/span>.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">So, now the question is, how to make the healthcare app\/software PHIPA compliant.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">Unfortunately, the PHIPA guideline does not suggest the steps to make an app PHIPA compliant.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">But the simplest method is, you need to make sure that there is no security loophole in the app to make the healthcare app PHIPA compliant. (It is simplest in theory, but not in practical!)&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">Another thing you need to ensure is that without the consent of users, you are not sharing any of their data.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\"><span style=\"color:#7b68ee\" class=\"has-inline-color\">In case you are using some third-party API such as Zoom for communication purposes, it should be PHIPA compliant too.<\/span>&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">The app should have basic security features such as two-factor authentication.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">Your organization should also have a policy or strategy to mitigate any data-breach.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">There are many more requirements to make your healthcare app PHIPA compliant. But ultimately, all requirements lead to one major requirement &#8211; anything which keeps data secure!&nbsp;<\/span><\/p>\n\n\n\n<h2><span style=\"color: #000000;\"><b>Remarkable Roles of PHIPA Consultants&nbsp;<\/b><\/span><\/h2>\n\n\n\n<p><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Our team accommodates <\/span><span style=\"color: #0000ff;\"><a style=\"color: #0000ff;\" href=\"https:\/\/www.syscreations.ca\/healthcare-compliance-consulting\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">healthcare compliance consultants<\/span><\/a><\/span><span style=\"font-weight: 400;\">, app developers, and security experts. Because of the full-strength team, we are able to help you in multiple ways.&nbsp;<\/span><\/span><\/p>\n\n\n\n<ul><li><em><span style=\"font-weight: 400; color: #000000;\">Carry out security standard audit, asset &amp; device audit, and security risk assessment<\/span><\/em><\/li><li><em><span style=\"font-weight: 400; color: #000000;\">Discover the app\/software security gaps&nbsp;<\/span><\/em><\/li><li><em><span style=\"font-weight: 400; color: #000000;\">Find out the workable solutions to fill those security gaps<\/span><\/em><\/li><li><em><span style=\"font-weight: 400; color: #000000;\">Assist the development team to implement those workable solutions&nbsp;<\/span><\/em><\/li><li><em><span style=\"font-weight: 400; color: #000000;\">Create an organization-wide security policy&nbsp;<\/span><\/em><\/li><li><em><span style=\"font-weight: 400; color: #000000;\">Carry out compliance audits&nbsp;<\/span><\/em><\/li><li><em><span style=\"font-weight: 400; color: #000000;\">Help you address regulations imposed by non-government regulatory bodies&nbsp;<\/span><\/em><\/li><\/ul>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\">We work with healthcare providers, entrepreneurs and even app\/software development firms.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">In fact, we recently helped a development firm to fill 47 security gaps in a healthcare app to make it HIPAA compliant. [<\/span><span style=\"color: #0000ff;\"><a style=\"color: #0000ff;\" href=\"https:\/\/www.syscreations.ca\/healthcare-app-regulations-canada\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Read the full case study here<\/span><\/a><\/span><span style=\"font-weight: 400;\">]<\/span><\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400; color: #000000;\"><span style=\"color:#7b68ee\" class=\"has-inline-color\">So, if you\u2019re struggling with healthcare laws and healthcare compliance audits, you can freely contact us for expert help.&nbsp;<\/span><\/span><\/p>\n\n\n\n<p><span style=\"color: #000000;\"><b>CEO Talks: <\/b><span style=\"font-weight: 400;\">Let\u2019s schedule a one-on-one meeting. I am looking forward to sharing earned knowledge for free. (I am leading our team of PHIPA consultants.)<\/span><\/span><\/p>\n\n\n\n<p><strong>You Should Also Read: <a href=\"https:\/\/www.syscreations.ca\/blog\/data-privacy-laws-in-canada\/\"><span style=\"color:#0000ee\" class=\"has-inline-color\">Canadian Data Privacy Laws<\/span><\/a><\/strong> <\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><a href=\"https:\/\/www.syscreations.ca\/contact\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" src=\"https:\/\/www.syscreations.ca\/blog\/wp-content\/uploads\/2022\/11\/Have-healthcare-IT-company-on-your-side-6.png\" alt=\"\" class=\"wp-image-31429\" width=\"811\" height=\"122\"\/><\/a><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>You should be cautious of PHIPA regulations if you are,&nbsp; Healthcare provider&nbsp; Healthcare app\/software owner&nbsp; IT service provider to the healthcare entity&nbsp; Working with healthcare entity for any research and insurance purposes&nbsp; Because if you as an entity or organization commit the offence under PHIPA, you can be liable for the fine of up to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":24330,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[12],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v16.1.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>PHIPA Ontario &amp; PHIPA Regulations | Compliance Consultation<\/title>\n<meta name=\"description\" content=\"Top PHIPA consultant sharing everything about Ontario\u2019s privacy act - PHIPA Ontario - including PHIPA regulations and PHIPA violation charges.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.syscreations.ca\/blog\/phipa-ontario-regulations\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"An Ultimate Guide to PHIPA!\" \/>\n<meta property=\"og:description\" content=\"Role-Based PHIPA Regulations\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.syscreations.ca\/blog\/phipa-ontario-regulations\/\" \/>\n<meta property=\"og:site_name\" content=\"SyS Creations - IT Management, Compliance &amp; Consulting Company in Canada\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-06T13:55:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-11-26T05:44:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.syscreations.ca\/blog\/wp-content\/uploads\/2020\/07\/Sys-blog-post-26.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"An Ultimate Guide to PHIPA!\" \/>\n<meta name=\"twitter:description\" content=\"Role-Based PHIPA Regulations\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\">\n\t<meta name=\"twitter:data1\" content=\"10 minutes\">\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.syscreations.ca\/blog\/#website\",\"url\":\"https:\/\/www.syscreations.ca\/blog\/\",\"name\":\"SyS Creations - IT Management, Compliance &amp; Consulting Company in Canada\",\"description\":\"SyS Creations - IT Management, Compliance &amp; Consulting Company in Canada\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/www.syscreations.ca\/blog\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.syscreations.ca\/blog\/phipa-ontario-regulations\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.syscreations.ca\/blog\/wp-content\/uploads\/2020\/07\/Sys-blog-post-26.png\",\"contentUrl\":\"https:\/\/www.syscreations.ca\/blog\/wp-content\/uploads\/2020\/07\/Sys-blog-post-26.png\",\"width\":1200,\"height\":600,\"caption\":\"What Is PHIPA Ontario? [ An Ultimate Guide: Role-Based PHIPA Regulations, Purpose, Enforcement & Violation Charges]\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.syscreations.ca\/blog\/phipa-ontario-regulations\/#webpage\",\"url\":\"https:\/\/www.syscreations.ca\/blog\/phipa-ontario-regulations\/\",\"name\":\"PHIPA Ontario & PHIPA Regulations | Compliance Consultation\",\"isPartOf\":{\"@id\":\"https:\/\/www.syscreations.ca\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.syscreations.ca\/blog\/phipa-ontario-regulations\/#primaryimage\"},\"datePublished\":\"2020-10-06T13:55:50+00:00\",\"dateModified\":\"2022-11-26T05:44:38+00:00\",\"author\":{\"@id\":\"https:\/\/www.syscreations.ca\/blog\/#\/schema\/person\/58a4199dfaf1c035175e61bd9021fad3\"},\"description\":\"Top PHIPA consultant sharing everything about Ontario\\u2019s privacy act - PHIPA Ontario - including PHIPA regulations and PHIPA violation charges.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.syscreations.ca\/blog\/phipa-ontario-regulations\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.syscreations.ca\/blog\/phipa-ontario-regulations\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.syscreations.ca\/blog\/phipa-ontario-regulations\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"item\":{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.syscreations.ca\/blog\/\",\"url\":\"https:\/\/www.syscreations.ca\/blog\/\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"position\":2,\"item\":{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.syscreations.ca\/blog\/phipa-ontario-regulations\/\",\"url\":\"https:\/\/www.syscreations.ca\/blog\/phipa-ontario-regulations\/\",\"name\":\"PHIPA Consultant Sharing His PHIPA Ontario Regulations Knowledge of 6 Years [You Can Also Hire Him!]\"}}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.syscreations.ca\/blog\/#\/schema\/person\/58a4199dfaf1c035175e61bd9021fad3\",\"name\":\"test@test.com\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.syscreations.ca\/blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b642b4217b34b1e8d3bd915fc65c4452?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b642b4217b34b1e8d3bd915fc65c4452?s=96&d=mm&r=g\",\"caption\":\"test@test.com\"},\"sameAs\":[\"http:\/\/localhost\/syscreations_blogs\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","_links":{"self":[{"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/posts\/24329"}],"collection":[{"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/comments?post=24329"}],"version-history":[{"count":8,"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/posts\/24329\/revisions"}],"predecessor-version":[{"id":31433,"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/posts\/24329\/revisions\/31433"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/media\/24330"}],"wp:attachment":[{"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/media?parent=24329"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/categories?post=24329"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syscreations.ca\/blog\/wp-json\/wp\/v2\/tags?post=24329"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}