CanucktAI
Glossary

PHIPA

PHIPA is Ontario’s health-privacy law, which sets the rules that hospitals, clinics, and other health information custodians must follow when collecting, using, and disclosing personal health information.

Ontario’s Personal Health Information Protection Act (PHIPA) applies to “health information custodians” — hospitals, doctors, pharmacies, long-term care homes, and others — and to their agents. It requires consent for most collection, use, and disclosure of personal health information, subject to specific exceptions such as providing care.

PHIPA mandates safeguards, patient access to their own records, and correction rights. Custodians must notify affected individuals of a privacy breach and, in defined circumstances, report it to the regulator.

It is overseen by the Information and Privacy Commissioner of Ontario, who can investigate complaints and, in serious cases, refer matters for prosecution.

Our own compliance

We run our own compliance programme inside Valdra — the product we sell. Our SOC 2, ISO 27001 and ISO 42001 programmes are actively in progress; we do not claim certifications we do not yet hold.

Valdra compliance badge — click to verify
  • PIPEDA
  • Law 25 (Quebec)
  • CASL
  • Data hosted in Canada 🇨🇦
  • AI governance
View our Trust Centre

Self-declared, not audited by a third party. Click the badge to verify it is genuine and see what it covers.

PHIPA — definition | Canuckt AI