Personally identifiable information
Personally identifiable information (PII) is any data that could potentially identify a particular individual. PII can be any information that can be used to distinguish one person from another and that can be utilized for de-anonymizing anonymous data.
PII can be sensitive or non-sensitive.
Non-sensitive PII is information that can be transmitted in an unencrypted format without resulting in harm to the individual.
Non-sensitive PII can be easily gathered from public records, phone books, corporate directories and websites.
The Freedom of Information and Protection of Privacy Act (FIPPA) defines Personal Information (PI) as follows:
“personal information” means recorded information about an identifiable individual, including,
- Information relating to the race, national or ethnic origin, color, religion, age, sex, sexual orientation or marital or family status of the individual,
- Information relating to the education or the medical, psychiatric, psychological, criminal or employment history of the person or information relating to financial transactions in which the individual has been involved,
- Any identifying number, symbol or other particular assigned to the individual,
- The address, telephone number, fingerprints or blood type of the person,
- The personal opinions or views of the individual except where they relate to another individual,
- Correspondence sent to an institution by the individual that is implicitly or explicitly of a private or confidential nature, and replies to that correspondence that would reveal the contents of the original correspondence,
- The views or opinions of another individual about the individual, and
- The person’s name where it appears with other personal information relating to the individual or where the disclosure of the name would reveal other personal information about the individual;
In this module, students will learn how to recognize sensitive PII and the measures they can take to protect their information in storage and transit, as well as the federal laws that involve personally identifiable information.
Personal Health Information
Personal health information (PHI), also referred to as protected health information, generally relates to demographic information, medical history, test and laboratory results, insurance information and other data that a healthcare professional collects to identify an individual and determine appropriate care.
The Personal Health Information Act (PHIA) is a health-sector specific privacy law that establishes rules that custodians of personal health information must follow when collecting, using and disclosing individuals’ confidential personal health information.
The Personal Health Information Protection Act, also known as PHIPA, is Ontario-specific legislation passed in November 2004. PHIPA is one of two components of the Health Information Protection Act. The latest version of PHIPA was approved late in 2016 and will improve protection of PHI based on new rules to who has access to sensitive PHI information
The Personal Health Information Protection Act defines Personal Health Information (PHI) as follows:
- “personal health information”, subject to subsections (3) and (4), means identifying information about an individual in oral or recorded form, if the information,
- Relates to the physical or mental health of the individual, including information that consists of the health history of the individual’s family,
- Refers to the providing of health care to the individual, including the identification of a person as a provider of health care to the individual,
- Is a plan of service within the meaning of the Long-Term Care Act, 1994 for the individual,
- Relates to payments or eligibility for health care, or eligibility for coverage for health care, in respect of the person,
- Refers to the donation by the individual of any body part or bodily substance of the person or is derived from the testing or examination of any such body part or physical substance,
- Is the individual’s health number, or
- How to determining individual’s substitute decision-maker.
In this module students will learn about the PHI standard in Canada, the rules involving collecting, using and disclosing an individual’s confidential personal health information as well as the rules that govern PHIPA.