top of page

PHIPA

myLaminin's Compliance

The Personal Health Information Protection Act (PHIPA) is Ontario's health-specific privacy legislation that sets out rules for the collection, use, and disclosure of personal health information (PHI). It applies to health information custodians and anyone who receives PHI from them. PHIPA aims to protect the confidentiality and security of individuals' health information.
 

Examples of PHI

Information relating to an individual's physical or mental health, healthcare history, and health card number.

 

Distinction Between Agents and Custodians

Health Information Custodian - A "health information custodian" is defined under PHIPA as an organization or person who has custody or control of personal health information as a result of or in connection with providing health care or certain other related services. This typically includes hospitals, doctors' offices, pharmacies, and other healthcare providers. They are responsible for complying with PHIPA.

 

Agents - An "agent" under PHIPA is someone who acts on behalf of a health information custodian in respect of personal health information. This could be an employee, a contractor, or another organization that performs a service for the custodian that involves handling PHI. The agent is generally required to follow the custodian's instructions regarding the handling of PHI. myLaminin would fall under this category.

Periodic Table

Key aspects of PHIPA

Scope

Regulates the collection, use, and disclosure of PHI within Ontario. It applies to health information custodians and those who receive PHI.

Compliance

Organizations handling PHI must comply with the requirements outlined in PHIPA, including rules related to consent, access, and security.

Purpose

To protect the privacy of individuals' personal health information while facilitating the effective provision of healthcare.

Assessment

Compliance can be assessed through internal audits, investigations by the Information and Privacy Commissioner of Ontario, and potential legal proceedings.

Who needs to comply?

  • Hospitals

  • Doctors' offices

  • Pharmacies

  • Other healthcare providers

  • Anyone receiving PHI from a health information custodian

Why is compliance important?

  • Ensuring patient privacy
    Protecting sensitive health information from unauthorized access and disclosure.

  • Legal obligation
    Adhering to Ontario's privacy legislation to avoid penalties and legal consequences.

  • Maintaining trust
    Building and maintaining trust with patients by demonstrating a commitment to privacy.

  • Reducing risk
    Minimizing the risk of privacy breaches and potential harm to individuals.

myLaminin’s compliance with PHIPA

myLaminin has performed a detailed assessment of our platform’s abilities to comply with PHIPA requirements in our role as an Agent of healthcare custodians. Based on this evaluation of our platform, myLaminin is over 80% compliant with PHIPA requirements. 

PHIPA.png

Requirements tagged as NA, ‘Not Applicable’ are predominantly related to the following:

 

  • myLaminin is acting in the role of an Agent and not a Custodian and therefore do not hold the same responsibilities as a health information custodian under the Act.

  • If some of our clients choose our On-Premises Data Storage option, they retain responsibilities for some requirements related to data storage and ensuring the physical security of that data.

  • It is the responsibility of the Custodian to ensure that consent is obtained and signed when collecting personal health information using our platform. myLaminin gives researchers complete control over the consent process, methods, and templates used.

  • myLaminin does not integrate with Electronic Health Records (EHRs) or Prescribed Organisations. Our RDM platform does not extend to managing or handling EHRs.

bottom of page