Skip to content

Brought to you by

Dentons logo

Dentons Data

Your trusted advisor for all things digital.

open menu close menu

Dentons Data

  • Home
  • About Us

Considerations for de-identifying personal health information: Guidance from Ontario’s Information and Privacy Commissioner

By Kirsten Thompson and Sasha Coutu
June 24, 2022
  • Cybersecurity
  • Data
  • Guidance
  • Privacy
  • Technology
Share on Facebook Share on Twitter Share via email Share on LinkedIn

Modern health technology relies on increased availability and quality of personal health information to improve the quality of treatment and prevent diseases. However, it is no secret that data in its non-identifying form is also valuable in the health care context, as it can drive innovation and inform decision-makers on public health matters and health system planning. Further, the surge of artificial intelligence in health care often requires large datasets to ensure the development, improvement, and overall accuracy of such technology.

This insight focuses on a recent decision (the Decision) of Ontario’s Information and Privacy Commissioner (the IPC), concerning a group of medical clinics (the custodians) collecting and using personal health information in the course of providing health care, which then sold de-identified information derived from this personal health information to a third-party corporation. To do so, the custodians retained the services of one service provider to de-identify the personal health information on their behalf, and the services of another service provider to enter a sale agreement with the purchaser of the de-identified information.

Read more here.

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Kirsten Thompson

About Kirsten Thompson

Kirsten Thompson is a partner and the national lead of Dentons’ Privacy and Cybersecurity group. She has both an advisory and advocacy practice, and provides privacy, data security and data management advice to clients in a wide variety of industries.

All posts Full bio

Sasha Coutu

About Sasha Coutu

Sasha Coutu is an associate in the Privacy and Cybersecurity group and the Litigation and Dispute Resolution group at Dentons.

All posts

RELATED POSTS

  • Artificial Intelligence
  • Privacy

Key legal considerations with generative AI

By Bob Tarantino
  • Class Actions
  • Privacy

Defendants Awarded Costs Where Bringing Breach Class Action Was “Questionable”

By Kirsten Thompson
  • Anonymization
  • Artificial Intelligence
  • Privacy

Use of personal data in training and deployment of AI

By Kirsten Thompson and Charles Giroux

About Dentons

Redefining possibilities. Together, everywhere. For more information visit dentons.com

Grow, Protect, Operate, Finance. Dentons, the law firm of the future is here. Copyright 2023 Dentons. Dentons is a global legal practice providing client services worldwide through its member firms and affiliates. Please see dentons.com for Legal notices.

Categories

Subscribe and stay updated

Receive our latest blog posts by email.

Stay in Touch

Dentons logo in black and white

© 2025 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site