The Osgoode Certificate in Privacy Law and Information Management in Healthcare

Globally, healthcare accounted for more privacy breaches than any other industry in 2018. The number of incidents continues to rise as healthcare institutions are frequently in the news for mismanaging personal health information. Breaches and missteps can result in significant reputational risk and institutional liability.

Maintaining adequate privacy around health information is a core priority of patients, medical institutions and professionals, software vendors, and clinical researchers. A web of regulatory instruments and best practices have developed to protect sensitive medical data. These ensure that only those who require access for treatment or research purposes are able to view this most personal category of private information. Failure to adopt adequate protective initiatives can leave patients vulnerable to the loss of highly sensitive personal information and medical organizations liable for breeches that can lead to class actions and a loss of trust by their patient populations.

If you are a healthcare risk manager, privacy officer, director of care/professional practice, a lawyer advising on privacy and information management issues, nurse or nurse educator, it is critical that you have a current understanding of the key issues and how to deal with them. Or, if you are involved in healthcare IT or software, you should be able to understand the complex regulatory web and your clients’ needs. Designed by an expert multidisciplinary faculty, the Osgoode Certificate in Privacy Law and Information Management in Healthcare will explore the range privacy interests that must be protected in the day-to-day treatment of patients, the development of information systems and the creation of institutional policies. It will provide practical strategies for complying with regulatory and contractual obligations and designing viable procedures for governing health data systems and partnerships.

What You Will Learn:

Over the course of one week, comprised of instructional sessions and practical, hands-on learning, you will get up-to-date on topics, including:

  • Demystifying the regulatory landscape: PHIPA, PIPEDA, MFIPPA, FIPPA and other targeted or sector-specific laws (such as Public Hospitals Act, Mental Health Act, Health Protection and Promotion Act, Long-Term Care Homes Act and Privacy Act)
  • Strategies and tactics for lost or stolen devices, including best practices for storing data
  • Responding to privacy breaches
  • Creating effective consent directives
  • Managing data sharing agreements with vendors and other patient services
  • Best practices for effective data management and ensuring data integrity
  • Determining and minimizing risk: medical devices and other sources of patient information
  • Conducting privacy impact assessments
  • Managing threat risk assessments
  • Understanding how to meet audit requirements and managing the costs of data verification
  • Guidelines for cross border data sharing (particularly in cloud-based services)

Who Should Take This Program:

  • Health records leaders/custodians
  • Lawyers advising on privacy issues and information technology or health law
  • Privacy officers and other privacy professionals working in healthcare settings
  • Corrections / Policing
  • EMR vendors
  • IT security managers
  • Family health teams
  • Directors/VPs of nursing
  • Clinicians
  • Class action litigators
  • Risk Managers
  • Government Policy Makers
  • Regional Health Authorities


Program Chair

  • Kate Dewhirst, Kate Dewhirst Health Law

Program Lawyer

If you have any questions or would like more information please contact: Bernard Sandler at