ICES and Ontario Privacy Legislation:
The Personal Health Information Protection Act (PHIPA)
ICES uses health information to produce evidence-based knowledge that enhances the effectiveness of health care.
ICES is named as a prescribed entity in Section 45 of the Personal Health Information Protection Act (Ontario Regulation 329/04, Section 18). Under this designation, ICES can receive and use health information without consent for purposes of analysis and compiling statistical information about our health care system. Data may be collected from multiple health information custodians, including the Ministry of Health and Long-Term Care, physicians, hospitals, laboratories, pharmacies, long-term care facilities and other custodians named in the Act.
To have this privilege, however, ICES must have established policies, practices and procedures that have been audited and approved by the Information and Privacy Commissioner (IPC) of Ontario. Furthermore, this audit and review must be done every three years to ensure that ICES not only complies with PHIPA, but is also diligent in its attention to these approved policies and procedures.