Kinesiologists are expected to know and understand their obligations in the event of a privacy breach, including (but not limited to):
- Notifying the individual whose information has been stolen, lost, used or disclosed inappropriately;
- Notifying the Information Privacy Commissioner of Ontario when required (refer to section 6.3 under the General Regulation (O.Reg. 329/04) of the Personal Health Information Protection Act, 2004 (PHIPA, 2004)); and
- Informing the Health Information Custodian at your earliest convenience if the kinesiologist who caused the privacy breach is an agent of a Health Information Custodian.
As per section 17.1 of PHIPA, 2004, kinesiologists who are Health Information Custodians are required to make a report to the appropriate regulatory College if:
- Disciplinary action is taken against a member of a College, who is an employee or an agent of the Health Information Custodian, for a privacy breach; OR
- The employee or agent of the Health Information Custodian resigns and the Health Information Custodian has reasonable grounds to believe that the resignation is related to investigation or other action relating to a privacy breach.
Additional resources
Guide-to-PHIPA-2020-Update.pdf (coko.ca)
What-You-Need-to-Know-About-Privacy-Law-2020-Update.pdf (coko.ca)
Questions? Email the Professional Practice Manager, Brian Fehst, at professionalpractice.coko.ca.