Rouge Valley Health System Failed to Protect Patient Health Information

A review by the Information and Privacy Commissioner of Ontario (IPC) of two significant privacy breaches involving the sale of new mothers’ personal health information for financial gain has determined that Rouge Valley Health System (hospital) failed to put in place reasonable technical and administrative safeguards to protect patient information.

In an Order issued today, Acting Commissioner Brian Beamish found the hospital was not in compliance with its obligations under the Personal Health Information Protection Act, 2004 (PHIPA) and ordered the hospital to implement changes to its electronic information systems, revise its privacy and audit policies, as well as deliver privacy training to all staff.

Leave a Reply

avatar
  Subscribe  
Notify of