How Do I Know My Personal Health Information is Safe?


When sensitive personal data falls into the wrong hands, a lot can go wrong. Imagine a hacker or unauthorized parties having access to your full name, addresses, health insurance details, and other financial information. With the extension of private information being transferred online (e.g, electronic health record technology), security and privacy are more important now than ever before. Many of our clients transfer highly confidential information that must adhere to strict privacy standards.


What is HIPAA?


In the United States, data privacy and security provisions for safeguarding personal health information are protected by HIPAA (Health Insurance Portability and Accountability Act), which was established in 1996.  Becoming certified for HIPAA compliance is done through private companies. When a company is HIPAA compliant, it means the company ensures all the required physical, network, and process security measures have been put in place to protect the personal health information of individuals.


What is PHIPA?


In Ontario specifically, we have the Personal Health Information Protection Act, also known as PHIPA, which was established in 2004 to govern personal health information. Specifically, PHIPA establishes the rules for the collection, use, and disclosure of personal health information about individuals.

Personal health information comes in oral and written forms and identifies an individual or could be utilized along with other information to help identify an individual. Information pertains to matters such as the individual’s physical or mental health, the providing of health care to the individual, payments or eligibility for the individual’s health care, the donation of a body part or bodily substance by the individual, or even the individual’s health number. Reasonable steps must be taken to ensure information is protected against theft, loss, unauthorized use and disclosure, unauthorized copying, modification, or disposal.

PHIPA applies to “health information custodians,” which includes healthcare providers (e.g., doctors and nurses), hospitals, care homes, pharmacies, and so on. Health information custodians are responsible for collecting, using, and disclosing personal health information on behalf of clients. “Agents” are persons authorized by a health information custodian to collect, use, or disclose personal health information on their behalf.

Under PHIPA, an individual has the right to ask how their personal health information is collected, used, and disclosed, as well as the right to gain access to their personal health information and to correct any errors if needed.


Canadian Web Hosting is 100% PHIPA Compliant.


Customers should understand that as part of the PHIPA compliance, information stored and user consent is not given to the hosting provider, but to the healthcare provider that obtains and maintains the personal health information. In accordance with the Information and Privacy Commissioner of Ontario, all Canadian Web Hosting servers and infrastructures are located in Canada. Canadian Web Hosting ensures a notification of any privacy breach will be sent to the custodian immediately, a plain language description of our services is provided, an audit trail feature to track the use of our database is provided, and a risk assessment of the system is written.

Canadian Web Hosting fulfills the requirements indicated by the Information and Privacy Commissioner of Ontario (

See our compliance programs and certifications here.