What is PHIPA?


tp-012-phipacompliance

How Do I Know My Personal Health Information is Safe?

When sensitive personal data falls into the wrong hands, a lot can go wrong. Imagine a hacker or unauthorized parties having access to your full name, addresses, health insurance details, and other financial information. With the extension of private information being transferred online (e.g, electronic health record technology), security and privacy are more important now than ever before. Many of our clients transfer highly confidential information that must adhere to strict privacy standards.

What is HIPAA?

In the United States, data privacy and security provisions for safeguarding personal health information is protected by HIPAA (Health Insurance Portability and Accountability Act), which was established in 1996.  Becoming certified for HIPAA compliance is done through private companies. When a company is HIPAA compliant, it means the company ensures all the required physical, network, and process security measures have been put in place to protect the personal health information of individuals.

What is PHIPA?

In Canada, we have the Personal Health Information Protection Act, also known as PHIPA, which was established in 2004 to govern personal health information. Specifically, PHIPA establishes the rules for the collection, use, and disclosure of personal health information about individuals.

Personal health information comes in oral and written forms and identifies an individual or could be utilized along with other information to help identify an individual. Information pertains to matters such as the individual’s physical or mental health, the providing of health care to the individual, payments or eligibility for the individual’s health care, the donation of a body part or bodily substance by the individual, or even the individual’s health number. Reasonable steps must be taken to ensure information is protected against theft, loss, unauthorized use and disclosure, unauthorized copying, modification, or disposal.

PHIPA applies to “health information custodians,” which includes healthcare providers (e.g., doctors and nurses), hospitals, care homes, pharmacies, and so on. Health information custodians are responsible for collecting, using, and disclosing personal health information on behalf of clients. “Agents” are persons authorized by a health information custodian to collect, use, or disclose personal health information on their behalf.

Under PHIPA, an individual has the right to ask how their personal health information is collected, used, and disclosed, as well as the right to gain access to their personal health information and to correct any errors if needed.

Canadian Web Hosting is 100% PHIPA Compliant

Customers should understand that as part of the PHIPA compliancy, information stored and user consent is not given to the hosting provider, but to the healthcare provider that obtains and maintains the personal health information. In accordance with the Information and Privacy Commissioner of Ontario, all Canadian Web Hosting servers and infrastructures are located in Canada. Canadian Web Hosting ensures a notification of any privacy breach will be sent to the custodian immediately, a plain language description of our services is provided, an audit trail feature to track the use of our database is provided, and a risk assessment of the system is written.

Canadian Web Hosting fulfills the requirements indicated by the Information and Privacy Commissioner of Ontario (www.ipc.on.ca).

See our compliance programs and certifications here.

About Canadian Web Hosting

Since 1998, Canadian Web Hosting has been providing on-demand hosting solutions that include Shared Hosting, Virtual Private Servers (VPS), Cloud Hosting, Dedicated Servers, and Infrastructure as a Service (IaaS) for Canadian companies of all sizes. Canadian Web Hosting is SSAE 16 Type II SOC 2 certified, ensuring that their processes and business practices are thoroughly audited against industry standards. Canadian Web Hosting guarantees a 100% network uptime, and a total money-back guarantee that backs everything they do. Customers can get help by calling 1-888-821-7888 to get 24/7 support. For more information, visit them at www.canadianwebhosting.com, or get the latest news by following them on Twitter at @cawebhosting or by liking their Facebook page.

Related Posts:

4 thoughts on “What is PHIPA?

  1. Thank you for this informative article.
    I had a few questions with regard to PHIPA compliance:
    – What does PHIPA compliance involve from the perspective of the agent? i.e. is it similar to HIPAA (US) – the implementation of administrative and technical safeguards, privacy requirements etc.
    – Do other certifications or self-assessments such as ISO 27001 support PHIPA compliance?
    – What is the process for compliance with PHIPA and what is the approximate time frame for this? Is it a self-assessment? Does it involve independent 3rd party audits?

    1. Hi Sophia, thanks for reading our blog!

      Yes, PHIPA is comparable with HIPAA but only applies in Ontario where many of our public sector customers reside. As part of the PHIPA compliancy, information stored and user consent is given to the healthcare provider that obtains and maintains the data, not the hosting provider. Canadian Web Hosting is 100% Canadian owned and operated and all servers and infrastructure are located in Canada. As the IT service/hosting provider, Canadian Web Hosting fulfills the requirements indicated by the Information and Privacy Commissioner of Ontario (www.ipc.on.ca). We ensure the following:
      – Send a notification of any privacy breach to the custodian as soon as possible
      – Provide a plain language description of our services
      – Prepare an audit trail feature to track the use of our database
      – Have written risk assessment of the system
      – Have our own written privacy policies

      For more information on the process of PHIPA, you can refer to their website here: https://www.ipc.on.ca/

      We are also PIPEDA compliant and AT 101 SOC 2 Type 2 certified (formerly SSAE 16 SOC 2 Type 2 and SAS 70 with CSAE 3416). Our company has also implemented ISO 27002 established guidelines and principles for security management in our organization, which is separate from PHIPA. For more details, please refer to our website: https://www.canadianwebhosting.com/company/sas70_certificates.

      Let us know if you have any further questions and how we can help you get started with choosing a hosting service!

      – Canadian Web Hosting

  2. Hi,

    PHIPA only applies in Ontario. Other provinces have their own health privacy laws. There also are several other levels of federal privacy laws, such as PIPEDA and others that businesses and health practitioners have to comply with. Are you compliant with all of these?

    1. Hi Amber, great question!

      Yes, PHIPA applies in Ontario, where many of our public sector customers reside. We are also PIPEDA compliant and AT 101 SOC 2 Type 2 certified (formerly SSAE 16 SOC 2 Type 2 and SAS 70 with CSAE 3416). Our company has also implemented ISO 27002 established guidelines and principles for security management in our organization. For more details, please refer to our website: https://www.canadianwebhosting.com/company/sas70_certificates.

      Let us know if you have any further questions and how we can help you get started with choosing a hosting service!

      – Canadian Web Hosting

Leave a Reply

Your email address will not be published. Required fields are marked *