How do you know your personal health information is safe?

When sensitive personal data falls into the wrong hands, a lot can go wrong. Imagine a hacker or unauthorized party having access to your full name, address, phone number, health insurance details, and financial information. With the development of private information being transferred online (for example, electronic health record technology), security and privacy are more important now than ever before. Many of our clients transfer highly confidential information that must adhere to strict privacy standards.


What is HIPAA?

In the United States, data privacy and security provisions for safeguarding personal health information are protected by HIPAA (Health Insurance Portability and Accountability Act), which was established in 1996.  Becoming certified for HIPAA compliance is done through private companies. When a company is HIPAA compliant, it means that the company ensures all the required physical, network, and process security measures have been put in place to protect the personal health information of individuals.


What is PHIPA?

In Ontario, Canada, we have the Personal Health Information Protection Act, also known as PHIPA, which was established in 2004 to govern personal health information. Specifically, PHIPA establishes the rules for the collection, use, and disclosure of personal health information of individuals.

Personal health information comes in oral and written forms and identifies an individual or could be utilized along with other information to help identify an individual. Information pertains to matters such as the individual’s physical or mental health, the providing of health care to the individual, payments or eligibility for the individual’s health care, the donation of a body part or bodily substance by the individual, or even the individual’s health number. Reasonable steps must be taken to ensure information is protected against theft, loss, unauthorized use and disclosure, unauthorized copying, modification, or disposal.

PHIPA applies to “health information custodians,” which includes healthcare providers (for example, doctors and nurses), hospitals, care homes, pharmacies, and so on. Health information custodians are responsible for collecting, using, and disclosing personal health information on behalf of clients. “Agents” are persons authorized by a health information custodian to collect, use, or disclose personal health information on their behalf.

Under PHIPA, an individual has the right to ask how their personal health information is collected, used, and disclosed, as well as the right to gain access to their personal health information and to correct any errors if needed.


Canadian Web Hosting is 100% PHIPA Compliant.

Customers should understand that as part of PHIPA compliance, information stored and user consent is not given to the hosting provider, but to the healthcare provider that obtains and maintains the personal health information. In accordance with the Information and Privacy Commissioner of Ontario, all Canadian Web Hosting servers and infrastructures are located in Canada. Canadian Web Hosting guarantees the following:

  • A notification of any privacy breach will be sent out to the custodian immediately
  • Plain language description of our services is provided
  • An audit trail feature to track the use of our database is provided
  • A risk assessment of our system is written

Canadian Web Hosting fulfills the requirements indicated by the Information and Privacy Commissioner of Ontario (

Find out more about our compliance programs and certifications here and contact us if you have any questions.

Photo by rawpixel on Unsplash