The collection and sharing of personal health information for healthcare, research, and health system administration purposes has become both prevalent and complex. Provincial health privacy laws have been enacted or amended, and privacy compliance in healthcare has become one the biggest challenges for health sector organizations to manage.

Our health privacy experts are at the forefront of these changes and are leaders in privacy law. We advise health sector clients on all aspects of federal and provincial privacy and freedom of information legislation. Among our other key experiences, we were the lead authors of the Ontario Hospital Association’s Hospital Freedom of Information (FOI) Toolkit: A Guide to the Freedom of Information and Protection of Privacy Act, in connection with the 2012 extension of that Act to public hospitals in Ontario. We regularly provide advice and strategies for embedding privacy-by-design into our clients’ operations.

Our Clients

We act for publicly funded organizations, professional colleges, charities, private corporations and individuals that provide, fund, regulate or service the provision of health care delivery. Our clients include hospitals and health authorities, long-term care homes, pharmacies, health care professionals and their regulatory colleges, home care companies, family health teams, family health organizations, independent health facilities and private clinics, among others. We also advise health sector vendors and service providers regarding privacy compliance, including policy and contractual matters.

Our Expertise

We can advise you with respect to:

  • Privacy impact assessments, privacy audits
  • Privacy policy and procedure development
  • Privacy compliance programs
  • Data governance and safeguards
  • Unauthorized collection/use/disclosure (including privacy breach responses)
  • Ownership issues regarding patient records
  • Privacy access requests, freedom of information requests
  • Record imaging, retention and destruction
  • Data sharing agreements
  • Data processing agreements
  • Cross-border data transfer requirements
  • Responding to patient complaints
  • Privacy Commissioner investigations
  • Privacy compliance in health research
  • Compliance with Canada’s anti-spam law
  • Employee privacy issues, including investigations and surveillance