Proposed amendments to extra-ministerial data integration units in the Freedom of Information and Protection of Privacy Act
Bill or Act:
Freedom of Information and Protection of Privacy Act
Summary of Decision:
The amendments will enable the government to use data integration to support evidence-based decision making that will benefit patients, while enhancing privacy protection and transparency, and accountability for entities that collect, use and disclose government data.
Analysis of Regulatory Impact:
No direct compliance or administrative costs are expected as a result of this proposal.
Through these amendments, the government's technical and resource capacity for data integration would increase, bolstering the government's ability to use integrated de-identified datasets on social determinants of health (e.g., education, social services, health outcomes, etc.), which will inform health-focused policy development, planning, evaluation to deliver more efficient and effective government programs. De-identified data is data where all personal identifiable information has been removed to protect individual identities.
Amendments to FIPPA are required to further support cross-sectoral data integration by external data integrators. The proposed amendments would potentially bolster the government's ability to leverage existing health and administrative data by enabling a broader set of external data integrators to provide timely access to high-quality de-identified datasets. This would establish a more efficient model for sharing health administrative data and facilitate the production of evidence needed to support the improvement and evaluation of government policies and programs.
The proposed amendments will provide greater public trust in the government's ability to leverage and more efficiently share existing personal information to enhance the health care system and deliver improved and timely access to health care for Ontario patients. The amendments will enhance privacy protection, transparency and accountability for entities that collect, use and disclose government data while also reducing regulatory burden.
For more information on Part III.1 Data Integration, please see the attached current version of the legislation, and link to the FIPPA.
February 21, 2023
Summary of Proposal:
On February 21st, the government introduced Bill 60 ,Your Health Act, 2023, to build on the initiatives laid out in the Your Health: Plan for Connected and Convenient Care released on February 2nd. As part of this work, the Ministry of Health, in partnership with the Ministry of Public and Business Service Delivery, are proposing amendments to the Freedom of Information and Protection of Privacy Act (FIPPA). If passed, the amendments would enable the government to use data integration to support evidence-based decision making that will benefit patients, while enhancing privacy protection and transparency, and accountability for entities that collect, use and disclose government data.
Part III.1 Data Integration of the Act authorizes the integration of personal information data across data integration units in a safe, responsible and privacy protective manner. External data integrators are external organizations that would access the personal information data to support the delivery of government programs and services. Amending a regulation under the Act would designate specific external data integrators that can access the data. The Act sets out the parameters within which designated units of internal and external data integrators can collect, use and disclose personal information (PI) for:
(a) the management or allocation of resources.
(b) the planning for the delivery of government programs and services; and
(c) the evaluation of those programs and services.
All internal data integrators, such as the Capacity Planning and Analytics Division of the Ministry of Health, are established within designated ministries (FIPPA Institutions) and are required to comply with the transparency and accountability mechanisms within FIPPA. However, currently the external integrators are only subject to Part III.1 of FIPPA. The government is proposing legislative amendments to operationalize a consistent, enterprise approach to data integration, ensuring that all data integration units - internal and external - are subject to similar requirements.
The proposed legislative amendments under FIPPA are as follows:
• Update a framework for extra-ministerial data integration units (external data integrators), that are not institutions, or part of institutions, by extending the application of the Act, with modifications, in respect of personal information collected under Part III.1.
• Clarify the obligations of extra-ministerial data integration units and ensure alignment with the obligations of units that are part of institutions, including making information available about how to make requests for records, by requiring senior officers of such extra-ministerial data integrations units to publish specified information on an annual basis and report annually to the Information and Privacy Commissioner.
The proposed amendments to FIPPA, if approved, would apply the existing privacy, transparency and accountability provisions under the Act to external data integrators, that are not already FIPPA Institutions.
If passed, the proposed amendments to FIPPA would come into force on a day to be named by proclamation of the Lieutenant Governor. A subsequent amendment to a FIPPA regulation would be required to support the designation of a unit (e.g., ICES) as an external data integrator.
Research, Analysis and Evaluation Branch
Strategic Policy, Planning & French Language Services Division
Ministry of Health
438 University Avenue, 10th Floor
Toronto, Ontario, M5G 2K8
Royal Assent Date:
May 18, 2023