Modern health technology relies on increased availability and quality of personal health information to improve the quality of treatment and prevent diseases. However, it is no secret that data in its non-identifying form is also valuable in the health care context, as it can drive innovation and inform decision-makers on public health matters and health system planning. Further, the surge of artificial intelligence in health care often requires large datasets to ensure the development, improvement, and overall accuracy of such technology.

This insight focuses on a recent decision (the Decision) of Ontario’s Information and Privacy Commissioner (the IPC), concerning a group of medical clinics (the custodians) collecting and using personal health information in the course of providing health care, which then sold de-identified information derived from this personal health information to a third-party corporation. To do so, the custodians retained the services of one service provider to de-identify the personal health information on their behalf, and the services of another service provider to enter a sale agreement with the purchaser of the de-identified information.

Read more here.

Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Kirsten Thompson

About Kirsten Thompson

Kirsten Thompson is a partner and the national lead of Dentons’ Privacy and Cybersecurity group. She has both an advisory and advocacy practice, and provides privacy, data security and data management advice to clients in a wide variety of industries.

Full bio

Sasha Coutu

About Sasha Coutu

Sasha Coutu is an associate in the Privacy and Cybersecurity group and the Litigation and Dispute Resolution group at Dentons.

RELATED POSTS