PHIPA COMPLIANCE — ONTARIO
Personal health information, handled in Canada
What is PHIPA?
The Personal Health Information Protection Act (PHIPA, 2004) governs the collection, use, and disclosure of personal health information in Ontario. It applies to health information custodians (clinics, hospitals, physicians, pharmacists, etc.) and their agents.
How Callara aligns with PHIPA
Callara is not a custodian — we're a service provider acting as your agent. Our job is to follow the Office of the Information and Privacy Commissioner of Ontario (IPC) guidance for agents: data residency in Canada, encryption in transit (TLS 1.3) and at rest (AES-256), full audit logs, deletion on request.
What we offer
Agent Agreement on request, full access logs, deletion within 30 days of request, breach notification to your Privacy Officer within 24 hours, hosting on Supabase ca-central-1 (Toronto) — your data never leaves Canada.
For Ontario clinics
If you're an Ontario clinic, ask us for our PHIPA Data Processing Addendum (DPA) and Privacy Impact Assessment (PIA). For Quebec clinics, see our Loi 25 page.
Official source: Information and Privacy Commissioner of Ontario ↗