Annual Reporting of Privacy Breach Statistics – Requirements for the Health Sector

Today the IPC issued annual privacy breach reporting requirements to the health sector. Starting in March 2019 health information custodians will be required to provide our office with an annual report on the number of privacy breaches that occurred during the previous calendar year.

Under the Personal Health Information Protection Act, custodians must inform us of incidents where personal health information in their care was lost, stolen, or used or disclosed without authorization.

To prepare for this reporting requirement, custodians must start tracking their privacy breach statistics as of January 1, 2018. Health privacy breach statistics will be collected through the IPC’s Statistics Submission Website in early 2019.

Reporting a Privacy Breach to the Commissioner
Reporting requirements

If you have any questions about tracking or submitting privacy breach statistics to the IPC, contact us at or 1-800-387-0073.

This post is also available in: French

Media Contact

For a quick response, kindly e-mail or phone us with details of your request such as media outlet, topic, and deadline:
Telephone: 416-326-3965

Social Media

The IPC maintains channels on Twitter, YouTube and Linkedin in its efforts to communicate to Ontarians and others interested in privacy, access and related issues.