ORDER PO-4272

Appeal PA19-00411

Ministry of Health

June 29, 2022

Summary: The appellant made a request to the Ministry of Health (the ministry) under the Freedom of Information and Protection of Privacy Act  (FIPPA ) for access to billing information about a specified fee code on the Ontario Health Insurance Plan schedule of benefits. The ministry denied access to the requested information on the basis that it is personal health information under the Personal Health Information Protection Act, 2004 (PHIPA) and that, as a result of the application of section 8(1) of PHIPA, FIPPA  does not apply to it. In this order, the adjudicator does not uphold the ministry’s decision and orders that it disclose the information to the requester.

Statutes Considered: Freedom of Information and Protection of Privacy Act , RSO 1990, c F.31 , as amended, sections 2(1)  (definition of “personal information”), 21(1); Personal Health Information Protection Act, 2004,  SO 2004, c 3, Sched A, sections 4(1)  and (2)  (definitions of “personal health information” and “identifying information”), 8(1) and (4).

Orders and Investigation Reports Considered: Orders MO-2332, PO-2811, PO-2892, PO-3643 and MO-4166-I.

OVERVIEW:

[1] The Ontario Health Insurance Plan (OHIP) schedule of benefits identifies medical services that physicians are able to bill to the Ontario government. The fee that the government has agreed to pay physicians for performing each medical service listed in the schedule is identified by a specific code. This order considers an individual’s right of access to information related to a particular OHIP fee code.

[2] An individual made a request to the Ministry of Health (the ministry) under the Freedom of Information and Protection of Privacy Act (FIPPA) for access to billing information related to a fee code for a specific type of chemotherapy involving the supervised administration of complex single-agent or multi-agent chemotherapy infusions used in the treatment of malignant or autoimmune diseases.

[3] Specifically, the requester sought access to the following information:

Regarding OHIP billing code G345A: Complex single agent or multi-agent therapy – chemotherapy and/or biologic agent(s) that can cause vesicant damage, infusion reactions, cardiac, neurologic, marrow or renal toxicities that may require immediate intervention by the physician (75.00):

· name of every individual and organization that submitted billings under code G345A,

· total amount each [physician or group] received in the period,

· total number of times a [physician or group [1] ] billed the code in the period,

· amounts billed by [physician or group] per day during the period,

· total dollar amounts by billing entity [physician or group] postal code.

[4] The appellant specified that his request covers billing information for the period from April 1, 2015 to March 31, 2018.

[5] The ministry issued an interim access and fee decision under FIPPA , granting the appellant partial access to the requested information. In accordance with FIPPA , the ministry requested payment of 50% of the estimated fee of $100 in order to proceed with the request.

[6] Subsequently, the ministry issued a revised access decision stating:

Upon further review of the responsive information, the ministry is now of the view that in providing physician names linked to fee schedule codes billed to the Ontario Health Insurance Plan, […] it is reasonably foreseeable that a knowledgeable person would be able to link the information in the record to other information to identify individual patient(s). As such, the information would be considered personal health information (PHI). Based on this rationale, the ministry is unable to provide the data as the Personal Health Information Protection Act (PHIPA) section 8 states that FIPPA  does not apply to PHI.

[7] The ministry refunded the appellant the fees that he had already paid.

[8] The appellant appealed the ministry’s decision to the Information and Privacy Commissioner of Ontario (the IPC). A mediator was assigned to attempt to facilitate a mediated resolution.

[9] As a mediated resolution could not be reached, the appeal proceeded to the adjudication stage where an adjudicator may conduct an inquiry into the matter.

[10] The adjudicator decided to conduct an inquiry and sought representations from the ministry on the issues set out in a Notice of Inquiry. Prior to submitting representations, the ministry issued a second revised decision, granting partial access to the requested information. Specifically, the information identified as responsive by the ministry consisted of two spreadsheets which the ministry labelled as reports. Report 1, to which it granted access, contained the names of every physician and group that submitted billings under code G345A, the total fee paid out by OHIP for treatment under G345A in the requested period and the total number of treatments under G345A that were billed during the requested period. Report 2 contained the names of each physician and group that submitted billings under G345A, the total fee paid to them by OHIP for G345A per day that the service was billed within the specified time period, as well as the physician or group’s encrypted billing number and postal code. The ministry advised that it continues to deny access to Report 2 (the report), in its entirety, for the same reason given in its first revised decision and provided representations supporting its decision not to disclose that information to the appellant.

[11] The appeal was transferred to me to complete the inquiry. I sought representations from the appellant with a copy of the ministry’s representations, in their entirety, [2] and a Notice of Inquiry, which was amended to reflect the changes resulting from the ministry’s (second) revised decision to disclose some information. The appellant responded with representations, to which the ministry provided a reply. Finally, although the appellant was invited to respond to the ministry’s reply representations, he chose not to.

[12] In this order, I find that because the information is not identifying information about an individual it does not qualify as personal health information under PHIPA  and section 8(1) of PHIPA  does not apply to oust the appellant’s right of access to the information under FIPPA . With respect to the appellant’s right of access to the information under FIPPA , I find that, as the information is not personal information of any identifiable individual, the mandatory personal privacy exemption at section 21(1) does not apply. As no other exemptions have been claimed, and no mandatory exemptions apply, the report is not exempt from disclosure under FIPPA . As a result, I do not uphold the ministry’s decision to withhold it, and I order the ministry to disclose the report to the appellant.

RECORD:

[13] The information responsive to the appellant’s request is compiled in two Excel spreadsheets titled “Report 1” and “Report 2.” Only Record 2 remains at issue in this appeal. In this order, I will refer to Report 2 as “the report.”

[14] The information contained in the report appears under the following headings:

• Fiscal Year
• Encrypted Billing Number
• Physician Name (First, Second, Last)
• Group Name
• Date of Service
• Fee Paid per day (based on service date)
• Physician Postal Code
• Group Postal Code

PRELIMINARY ISSUE:

Does PHIPA or FIPPA, or both, apply in the circumstance of this appeal?

[15] There is no dispute that the ministry is both a health information custodian within the meaning of paragraph 7 of section 3(1) of, and subject to, PHIPA , and an institution within the meaning of the definition in section 2(1) of, and subject to, FIPPA . PHIPA  and FIPPA  have their own rules governing access to information.

[16] PHIPA  (Part V) grants an individual a right of access to records of their own personal health information that are in the custody or under the control of a health information custodian, subject to certain limited exceptions. Section 52(1) of PHIPA  reads:

52(1) Subject to this Part, an individual has a right of access to a record of personal health information about the individual that is in the custody or under the control of a health information custodian unless,

[Subsections (a) through (f) identify limited exceptions to an individual’s right of access to a record of their own personal health information]. [3]

[17] FIPPA (Part II) grants an individual a right of access to records of general information. Section 10 of FIPPA  reads:

10(1) Subject to subsections (1.1) and 69(2), every person has a right of access to a record or part of a record in the custody or under the control of an institution unless,

(a) the record or part of the record falls within one of the exemptions under sections 12 to 22; or

(b) the head is of the opinion on reasonable grounds that the request for access is frivolous or vexatious.

[18] FIPPA  also grants an individual a right of access to their own personal information (Part III) in the custody or under the control of an institution, subject to certain limited exceptions. Section 47(1) reads:

Every individual has a right of access to,

(a) any personal information about the individual contained in a personal information bank in the custody or under the control of an institution; and

(b) any other personal information about the individual in the custody or under the control of an institution with respect to which the individual is able to provide sufficiently specific information to render it reasonably retrievable by the institution.

[19] As the ministry is subject to both PHIPA  and FIPPA , and the ministry has claimed that PHIPA  applies to the record before me, I must consider whether the appellant’s right of access to the report is to be determined under PHIPA , FIPPA  or both.

[20] In order to determine which statute governs a requester’s right of access, it is necessary to first determine whether the record contains any “personal health information,” as that term is defined in section 4(1) of PHIPA . [4] If it contains the requester’s own personal health information, the right of access will initially be determined under PHIPA . [5]

[21] Under PHIPA, the right of access to personal health information belongs to the individual to whom the information relates, or to a person authorized to make a request for access on the individual’s behalf. [6] PHIPA  does not otherwise provide a general right of access to records of personal health information. Therefore, if the records do not contain the requester’s personal health information, but only the personal health information of other individuals, the requester does not have a right of access under PHIPA . In that case, if the health information custodian is also an institution under FIPPA , and if the personal health information can be reasonably severed from the record, the appellant’s right of access to the remainder of the record will be determined under FIPPA . [7]

[22] If the record is not a record of personal health information (in other words, if it does not contain anyone’s personal health information), PHIPA  does not apply at all. In cases where the health information custodian is also an institution under FIPPA , access to the records is considered only under FIPPA .

[23] In this case, the appellant made his access request under FIPPA , not PHIPA . He does not claim that he has a right of access to the responsive information under PHIPA . He does not argue that he has a right of access to the personal health information of other individuals. The appellant makes it clear that he seeks access to general billing information related to the fee code identified in his request, not the personal health information of any individual. In his representations, he specifically submits that the information that is responsive to his request neither contains nor is relevant to his own personal health information.

[24] The ministry argues that the report contains the personal health information of identifiable individuals other than the appellant. It does not argue that the report contains the appellant’s personal health information.

[25] Where a body, such as the ministry, that is both an institution under FIPPA  and a health information custodian under PHIPA , receives an access request for a record that contains personal health information, sections 8(1) to (4) of PHIPA  provide guidance in considering the interaction between the two statutes. [8] Those sections read:

8 (1) Subject to subsection (2) [containing certain exceptions that are not relevant to this complaint], the Freedom of Information and Protection of Privacy Act  and the Municipal Freedom of Information and Protection of Privacy Act do not apply to personal health information in the custody or under the control of a health information custodian unless this Act specifies otherwise…. [9]

(4) This Act does not limit a person’s right of access under section 10 of the Freedom of Information and Protection of Privacy Act or section 4 of the Municipal Freedom of Information and Protection of Privacy Act to a record of personal health information if all the types of information referred to in subsection 4 (1)  are reasonably severed from the record.

[26] The ministry claims that section 8(1) of PHIPA  applies to oust the appellant’s right of access to the report under FIPPA .

[27] Having regard to the above, prior to considering the appellant’s right of access to the report under FIPPA , I will first consider the ministry’s argument that section 8(1) applies to oust the appellant’s right of access under FIPPA . As, for the reasons set out below, I find that it does not, I will then consider the extent of the appellant’s right of access to the report, under FIPPA .

ISSUES:

A. Does section 8(1) of PHIPA  oust the appellant’s right of access to the report under FIPPA ?

A.1 Does the report contain personal health information? If so, can it reasonably be severed?

B. Does the appellant have a right of access to the report under FIPPA ?

B.1 Does the report contain “personal information?” If so, to whom does the personal information relate?

B.2 Is the report, or portions of the report, exempt from disclosure under the personal privacy exemption at section 21(1) of FIPPA ?

DISCUSSION:

Issue A: Does section 8(1) of PHIPA oust the appellant’s right of access to the report under FIPPA?

[28] In this case, the ministry denies access to the report, in its entirety, on the basis that it is a record of personal health information to which the appellant has no right of access under FIPPA  as a result of the application of section 8(1) of PHIPA . Section 8(1) of PHIPA  is reproduced above. For ease of reference, I reproduce it again here:

8 (1) Subject to subsection (2) [containing certain exceptions that are not relevant in this complaint] [10] , the Freedom of Information and Protection of Privacy Act  and the Municipal Freedom of Information and Protection of Privacy Act do not apply to personal health information in the custody or under the control of a health information custodian unless this Act specifies otherwise.

[29] As noted above, section 8(1) is often read with section 8(4) of PHIPA  which reads:

(4) This Act does not limit a person’s right of access under section 10 of the Freedom of Information and Protection of Privacy Act or section 4 of the Municipal Freedom of Information and Protection of Privacy Act to a record of personal health information if all the types of information referred to in subsection 4 (1)  are reasonably severed from the record.

[30] Read together, sections 8(1) and 8(4) of PHIPA  preserve an individual’s right of access under FIPPA  to certain information in records of personal health information, the right of access to which is otherwise governed by PHIPA . Section 8(1) of PHIPA  only applies to oust a right of access under FIPPA  if the record to be examined contains personal health information and if it is not possible to reasonably sever that personal health information as considered in section 8(4). If the personal health information can reasonably be severed from the record, the appellant’s right of access under FIPPA , to the information that remains, is preserved.

[31] Therefore, to determine whether section 8(1) applies to oust an individual’s right of access under FIPPA , in this case, the appellant’s right, the key determination that I make is whether the record at issue contains personal health information and, if so, whether that personal health information can reasonably be severed so as to trigger the application of the exception to section 8(1), at section 8(4).

Issue A.1: Does the report contain personal health information? If so, can it reasonably be severed?

[32] The ministry submits that the report contains personal health information that is under its custody or control as a health information custodian, and that, as a result of the application of section 8(1) of PHIPA , FIPPA  does not apply. The ministry does not specifically address section 8(4) of PHIPA .

[33] As I explain below, neither section 8(1) nor section 8(4) is engaged here because the report does not contain personal health information.

Personal health information

[34] Personal health information is defined in section 4 of PHIPA . The ministry withholds the report in full, claiming that all of the information is personal health information under sections 4(1)(a) and (b) of PHIPA . Those sections read:

“personal health information”, subject to subsections (3) and (4), means identifying information about an individual in oral or recorded form, if the information,

(a) relates to the physical or mental health of the individual, including information that consists of the health history of the individual’s family,

(b) relates to the providing of health care to the individual, including the identification of a person as a provider of health care to the individual…. [11]

[35] Section 4(2)  defines “identifying information” referred to in section 4(1) :

(2) In this section,

“identifying information” means information that identifies an individual or for which it is reasonably foreseeable in the circumstances that it could be utilized, either alone or with other information, to identify an individual.

[36] Section 4(3) addresses identifying information that is not personal health information:

(3) Personal health information includes identifying information that is not personal health information described in subsection (1) but that is contained in a record that contains personal health information described in that subsection.

[37] Considering the provisions set out above, information is personal health information only if it is “identifying information” about an individual–that is, the information must in itself identify the individual (for example, by consisting of the individual’s name), or else it must be reasonably foreseeable in the circumstances that the information could be used, either alone or with other information, to identify the individual.

Representations on whether the report contains “personal health information”

The ministry’s representations

[38] The ministry submits that the information in the report falls within the definition of personal health information under sections 4(1)(a) and (b) of PHIPA  as it constitutes “identifying information about an individual.”

[39] The ministry submits that although the names of individual patients are not included in the report, the information it contains is identifying information within the meaning of section 4(2) of PHIPA . The ministry submits that it is reasonably foreseeable that the information in the report could be utilized with other information to identify a patient, or to identify the physician listed in the report as the provider of health care to the patients, thereby identifying the patients.

[40] The ministry submits that unlike some other fee codes within the Schedule of Benefits which are of a general nature, the G345A fee code “carries embedded information regarding the medical condition of any individual associated with a fee code claim.” It also submits:

…[A]n individual could use the information publicly available on the College of Physicians and Surgeons of Ontario (CPSO) website to find a physician’s specialty information or practice address, and the group information could be linked with practice websites and the CPSO website to obtain additional information regarding the practice. The specialty designation can be readily linked to the information in [the report] manually or through an automated web-scraping process.

[41] The ministry further explains:

In the event that a patient had been linked to a G345A claim, it would reveal that they are suffering from a significant medical condition. This information may also reveal a more specific and very sensitive medical condition afflicting the individual. For example, G345A claims submitted by gynecologists may be expected to relate to treatment of ovarian cancer, as these specialists do not usually treat any of the other conditions associated with this billing code.

[42] In support of its position, the ministry refers to Order PO-2744, in which the adjudicator referenced the Guide to the Ontario Personal Health Information Protection Act, [12] stating:

In the [PHIPA Guide], the authors examine an approach to determining whether information constitutes personal health information, and in particular, in determining whether the information is “identifying information” and whether it is “reasonably foreseeable in the circumstances” that the information could be used to identify an individual. The PHIPA Guide states, in part, at pages 76-79:

…The issue of whether particular information constitutes identifying information is not always black and white. “Data identifiability can be characterized as a continuum or sliding scale, in which the divisions between degrees of “identifiability” and “anonymity” are not always clear cut.”

…[I]t is probable that it is reasonably foreseeable in the circumstances that information can be used to identify an individual when the recipient of the information is known to have access to other information that, when combined with the information that it received, would identify the individual to whom the information relates… As a result, it is necessary to consider the resources of the recipient of the information.

…The collection of certain data elements may increase the likelihood of a patient being identified. These data elements include the following:

· geographic location (e.g., location of residence, location of health event, especially where the location is not heavily populated);

· names of health care facilities and providers

· rare characteristics of the patient (e.g. unusual health condition); or

· highly visible characteristics of the patient (e.g., ethnicity in certain locales).

In the context of [PHIPA ], the [IPC] has supported a conclusion that the “identifiable” threshold may be met where the information to be disclosed would lead one to identify a group of fewer than five individuals to whom the information may relate … [and] has also had the opportunity to consider the impact of one data element, the postal code, on the identifiability of an individual … of the patient (e.g., ethnicity in certain locales).

[43] The ministry submits that the combination of the particular data elements in the report increases the likelihood of a patient’s being identified because the data elements in the report include:

• the treatment being provided to the patient,
• the name of the group associated with the provision of the treatment, if relevant,
• the date that the treatment was billed to OHIP by the physician or group,
• the total fee that was billed, the postal code of the physician’s primary practice location,
• the postal code of the group location, if relevant.

[44] The ministry submits that disclosure of the treatment identified by the fee code, which is a form of chemotherapy, reveals a very sensitive health condition of the patient (for example, treatment for a malignant or autoimmune disease). It also submits that where it is combined with information such as the particular medical specialty that is practiced by the physician or group, it might reveal a specific health condition (for example, if a gynecologist ordered the treatment it could reveal the patient has ovarian cancer).

[45] The ministry submits that disclosure of the date that the treatment was billed to OHIP would reveal the date of treatment. It further submits that the date of treatment could be combined with other data elements, such as the total amount billed which, because the billing amount per treatment is a set fee and publicly available, would reveal the number of treatments provided on that date. The ministry submits that on days where a small pool of individuals was treated under the fee code, of the number of treatments could subsequently be utilized to identify a patient. The ministry submits that providing billing information about this particular fee code on specific dates rather than aggregated information on a quarterly or monthly basis increases the risk of identification of a patient.

[46] Regarding disclosure of the postal code of either the physician’s primary practice location or of the group location, the ministry submits that it would reveal “probabilistic information about the location of where the chemotherapy treatment was provided to the patient….” It submits that, while there are some physicians with multiple practice locations or groups that might have more than one location, in cases where the treatment was provided in small populations, there is a high probability that the disclosure of the postal codes would reveal the location where the treatment was provided.

[47] More specifically, the ministry submits that the combination of the physician name with the daily billing information and postal code information would result in the identification of individual patients. It submits that providing the physician name in combination with the date of service, fee paid on the date of service and postal code would reveal who provided the service, where they provided the service, the date they provided the service and, the amount billed on the particular date. The ministry submits that the combination of these data elements would reveal how many times the service was billed by a particular physician on a specific date at a specific location thereby increasing the likelihood of the identification of a patient receiving the treatment.

[48] The ministry submits that with this information, particularly in cases where the daily count is one, it is a reasonable concern that due to “the rarity of the service” a knowledgeable individual could use this information with other information to potentially identify an individual patient or patients. It further submits that some of the locations where the services are provided are within communities with very small populations, which would further increase the likelihood of potential identification of patients who have received the service.

[49] The ministry submits that in previous IPC orders, such as Order PO-2811, the IPC explained:

The term small cell count refers to a situation where the pool or possible choices to identify a particular individual is so small that it becomes possible to guess who the particular individual might be, and the number that would qualify as small cell count varies, depending on the situation.

[50] The ministry submits that the number at issue in this appeal (the number of services provided by the physician per day) would qualify as a small cell and that the relevant pool is the same size. It submits that given the wording of the request, the relevant pool consists of the number of people who have received this treatment by a physician. The ministry submits that, for example, the report reveals that in one fiscal year the number of services provided by each billing physician per day was less than five 78% of the time and was one 35% of the time.

[51] The ministry submits that with this information, particularly in cases where the daily count is one, it is reasonably foreseeable that an individual could use the information in the report with other information, such as physician or clinic group specialty information, an individual’s chemotherapy schedule, or smart phone location information, or linking ministry information by provider, to potentially deduce the identity of patient. As an example, the ministry points to the possibility of an administrative assistant with access to an employee’s calendar or an employer that received a doctor’s note from an employee for an absence on a particular date. It submits that, in these scenarios, with the information in the report, consisting of the physician’s name and date of service, and knowing the date of the employee’s absence, an individual’s particular medical treatment or condition could be revealed to the employer, particularly where the physician only provided one service on a particular date.

[52] The ministry also submits that anonymized cell phone location information is collected by telecommunications companies and may be purchased on the commercial market. It submits that these datasets contain the location histories of cell phone subscribers and are available for purchase in the public domain. The ministry submits that this information could be linked to the information in the report with the date of treatment and the name of the providing physician. The ministry further submits that many individuals store their location data on their cloud network which, through linked hardware such as a home computer, may be available to other individuals, for example a household member, who can map and link the location data onto the location information in the report.

[53] Finally, the ministry submits that the combination of data elements sought by the appellant increases the likelihood of linking and re-identifying patients more than if the same data were aggregated on a quarterly or monthly basis. It submits that an individual could link the information in the report with other information that could be obtained from the ministry. It submits that the report reveals the total number of distinct patients who received chemotherapy treatment from a specific physician on a specific date and when coupled with other related information, for example, information from the ministry narcotics monitoring system database, an individual could discern the total number of patients who received a prescription for a controlled product authorized by the same provider on the same date of service. It submits that the information from these two data tables could be matched and inferences could be drawn which would increase the likelihood of identifying a patient.

[54] The ministry concludes by submitting that by providing the physician names linked to the specific fee code billed to OHIP, it is reasonably foreseeable that a knowledgeable person would be able to link the information in the records to other information to identify individual patients. The ministry submits that this “is due to the nature of the information in the record and the small number of individuals/services involved.”

Appellant’s representations

[55] The appellant disagrees that the report contains personal health information. He submits that it does not contain the names of individual patients who received the medical services related to the particular fee code.

[56] In response to the ministry’s submission that disclosure of the G345A claims submitted by gynecologists would reveal that the patient is being treated for ovarian cancer, the appellant disagrees that it would reveal patient data. He states: “[t]here is no patient data included in the request. Period.”

[57] The appellant submits that he does not have access to any personal health information of other individuals that could be combined with the information in the report in a manner that would permit him to identify any individual patient who received treatment under fee code G345A.

[58] The appellant also responds to the ministry’s “small cell” argument that were the report disclosed, it would lead to the identification of a group of fewer than five individuals to whom the information may relate. He submits that the ministry has not made out its small cell count argument. He also questions the data elements that the ministry points to as potentially identifying individuals. He submits that the postal code referred to is that of the provider, not the patient, and that that information is already in the public realm. He submits that “[p]atients seeking treatment are unlikely to reside in a postal code assigned to a commercial non-resident location.” He also submits that the postal code of the physician “is not relevant to patients who might have to travel long distances to receive treatment, even in highly populated urban areas.” He submits that “[in many] cases, and in particular in remote areas, patients are aggregated for treatment in order to increase throughput and efficiency of an infusion clinic. In some areas only hospitals can provide the necessary service.”

[59] Regarding the nature of the type of treatment, the appellant submits that: “conditions can range from cancer to inflammatory bowel disease to rheumatoid arthritis, etc. There are hundreds of thousands of patients undergoing treatment for these conditions.”

[60] The appellant submits:

While the ministry submits that it is protecting the personal information of individuals, which is commendable, it is in reality protecting those who are potentially abusing the system with inappropriate billing practices. This request is only a matter of examining a particular billing practice – no more. The request is actually in service to the ministry which is under resourced and lacks the capacity itself to perform the due diligence necessary to identify inappropriate billing….

The ministry’s reply representations

[61] In its reply representations, the ministry clarifies that it did not withhold the information in the report, such as the postal codes, on the basis that it would identify or reveal the personal information of physicians but rather that it would reveal the personal health information of patients. It clarifies its argument by saying that the combination of the particular data elements in the report, including physician postal codes, used together with other information increases the likelihood of a physician being identified as a provider of health care to the patient, thereby increasing the likelihood of the patient being identified.

[62] The ministry also repeats a number of the arguments already made to support its general submission that it is reasonably foreseeable that the information at issue could be utilized in combination with other information to identify the individual patients who received the treatment from a particular physician.

[63] In response to the appellant’s submission that the physician’s postal code in the report is not relevant to patients who have travelled long distances to receive treatment, the ministry submits that such patients are more vulnerable to the “re-identification techniques” described in the ministry’s original representations. Specifically, it submits:

[T]he utility of overlaying anonymized cell phone location data on the data requested in [the report] would be enhanced in scenarios where a greater distance exists between the medical provider’s address and the patient’s starting location. This is a consequence of the increased probability that such an individual’s GPS location (as embedded within the cell phone data) would be unique. Although the postal code information provided in [the report] generally reflects the location of the physician, for the reasons set out in the ministry’s original submission, it is reasonably foreseeable that information would be utilized in combination with other information to identify individuals as recipients of health care from that provider.

[64] Regarding its small cell count argument, the ministry submits that “approximately 80% of the information in the report are small cell counts.” It reiterates the statistics provided in its original representations.

[65] The ministry clarifies that it is not suggesting that the appellant himself has access to additional information that, combined with the information in the report could be used to identify the individual patients who received the treatment under the particular fee code. The ministry submits that the effect of releasing the information in the report to the appellant is that the information would be released into the public domain and could be disclosed by the appellant to others, used for any purpose and combined with other information that is available to the public.

[66] The ministry concludes its reply representations by stating that its access decision is based on its review and analysis of the information in the report and the definition of “identifying information” under PHIPA . It reiterates that its decision is based on its position that the report contains personal health information. It submits:

[I]t is reasonably foreseeable in the circumstances that [the personal information] could be utilized with other information to potentially identify a patient that received [treatment under the G345 fee code] on a particular date….

Analysis and finding on whether the report contains “personal health information” as that term is defined in section 4(1) of PHIPA.

[67] There is no question that the record contains information about the provision of health care to individuals. However, under section 4(1) of PHIPA , information must be “identifying information about an individual” in order to be personal health information. Section 4(2) , which is reproduced above, defines “identifying information” as “information that identifies an individual or for which it is reasonably foreseeable in the circumstances that it could be utilized, either alone or with other information, to identify an individual.” Therefore, to determine whether the report contains personal health information, it must be determined whether it is reasonably foreseeable that an individual or any individuals could be identified by the disclosure of the information in the report.

[68] The report contains billing information related to a treatment provided under a particular fee code including the names of the physicians who billed OHIP under that code, the dates on which they billed under that code, the total amounts billed on each date and the postal codes of the physician and/or group (medical clinic) that administered the treatment. As the fee per treatment is publicly available, the number of patients treated on a particular date can be determined from the total amount billed on that date. The report does not contain the names of individual patients who received the particular treatment identified by that fee code or any information that relates directly to them.

[69] The ministry takes the position that the report is “identifying information” as defined in section 4(2) . It argues that, even without the names of the patients who received treatment, the information is personal health information within the meaning of that term in section 4(1)  because it is reasonably foreseeable that a knowledgeable individual could utilize the information in the report with other available information to identify individual patients (section 4(1) (a)) or a physician listed in the report, as a provider of health care to a particular patient (section 4(1) (b)).

[70] For the reasons set out below, I disagree. Having considered the representations before me and the information contained in the report, I do not accept that, even if considered with other information, it is reasonably foreseeable that its disclosure could identify an individual. I do not accept the ministry’s arguments to this effect and find that they are speculative, at best. Accordingly, I find that the ministry has not provided sufficient evidence that it is reasonably foreseeable that an individual could be identified from the disclosure of the report, either alone or when combined with other information.

Identifiability

[71] There are two components to the ministry’s claim that the information in the report could foreseeably lead to the identification of the individual patients receiving treatment under the particular fee code. The ministry argues that there is information available in the public realm that could be utilized, together with the information in the report, to identify individual patients. The ministry also argues that the small cell count concept applies; specifically, that the pool of individuals receiving the treatment indicated by the fee code is so small that from the information in the report alone, it is reasonably foreseeable that it would enable someone to guess who the individual patients might be.

Identifiability when the report is linked with other available information

[72] The ministry submits that the report provides sufficient information that it is reasonably foreseeable that it could be used with other publicly available information that would permit someone to “potentially deduce the identity of a patient or that a physician is a provider of health care to a patient.” As examples of the types of other information that could be used in this way, the ministry refers to information about physician or clinic speciality, an individual’s chemotherapy schedule or dates of doctor appointments, and an individual’s cell phone location. It further submits that identification in this manner is even more likely where the physician only provided one treatment on a particular date.

[73] Having considered the ministry’s arguments regarding the identifiability of individuals resulting from the information in the report being linked with other available information, I find that it has not provided sufficient evidence to establish its position.

[74] The issue of the identifiability of individuals resulting from the disclosure of information in a record combined with information that already exists in the public realm has recently been referenced in relation to PHIPA . In Interim Order MO-4166-I, a district health unit argued that while daily summaries containing reporting information about COVID-19 cases did not contain information that could be construed as “personal health information” under PHIPA , were those daily summaries modified to report the same information on a municipal, rather than district, level (which was the format requested), disclosure of the modified information could lead to an individual’s being identified. Because the modified information was not contained in any records before her, the adjudicator reserved her finding on the issue of identifiability in that case. However, she provided general guidance to the district health unit to help it assess whether disclosure of the information as requested would result in identification, pointing it to prior IPC and court decisions, and other resources addressing “identifiability” and “small cell count.”

[75] The adjudicator in Interim Order MO-4166-I first noted the Divisional Court in Ontario (Attorney General) v Pascoe [13] has explained the relationship between personal information and identification in the following terms:

The test then for whether a record can give personal information asks if there is a reasonable expectation that, when the information in it is combined with information from sources otherwise available, the individual can be identified. A person is also identifiable from a record where he or she could be identified by those familiar with the particular circumstances or events contained in the records.

[76] The adjudicator in Interim Order MO-4166-I then noted that the issue of identifiability has also been addressed in previous IPC orders under FIPPA  and the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA). [14] I agree with her analysis of the relevance of these orders and find that the discussions on identifiability in those previous IPC orders are helpful for me to consider when reviewing the issue in this appeal.

[77] In particular, in Orders MO-2337 and PO-2892, former Commissioner Brian Beamish [15] made statements on the issue of identifiability resulting from combining information in the public realm with information, the disclosure of which was being considered. In those orders, the Commissioner acknowledged that there will be situations where a limited number of people may already be independently aware of individuals referred to in anonymized records. He determined, however, that this does not affect a decision to disclose such records since disclosure of the anonymized information itself would not result in those unnamed individuals being identified to the vast number of people who are unaware of the individuals’ identities.

[78] Additionally, in Order PO-3643, the adjudicator considered the issue of identifiability resulting from information that exists in the public realm, particularly, information known to people close to the individual whose information was contained in the records. That order addressed whether the disclosure of statistical information related to suicides in Ontario hospitals and psychiatric facilities could be linked to information known to others in a manner that would identify the individuals reflected in the statistics. On the issue of identifiability, the adjudicator stated:

Identifiability must result from the disclosure of the information at issue on its own or in combination with other available information. Identifiability does not result simply because someone who already knows the information, in this case a friend or family member of an individual who committed suicide and who already knows about the individual’s suicide, recognizes a statistic in the form of a year and a facility as representing the deceased individual’s suicide. Obviously, there are people who know about these suicides by virtue of their relationship with or knowledge of a deceased individual, including the staff at the facilities who assisted the deceased individual. However, the prior personal knowledge of a few does not establish identifiability in the general public when the withheld information does not disclose any personal information about the deceased.

[79] I agree with the guidance provided by the adjudicator of Interim Order MO-4166-I, and find applicable in the circumstances here, the reasoning expressed in Orders MO-2337, PO-2893 and PO-3643 on identifiability and will take a similar approach to my determination of whether the report contains identifying personal health information.

[80] As I noted above, the information in the report does not contain any information or personal identifiers that may, on their own, lead to the identification of any of the patients who received treatment of the type subject to the specified fee code. Therefore, I must consider whether it is reasonably foreseeable that information in the report could be combined with other information, and in particular the examples of the specific types of information that the ministry provided in its representations, to identify the patients. For the reasons below, I find that I have insufficient evidence to conclude that it is reasonably foreseeable that the disclosure of the information in the report could be combined with other information in a manner that would lead to the identification of any of the patients who received the treatment associated with the billing number in question, as reflected in the report.

[81] The ministry submits that it is reasonably foreseeable that people connected to a patient whose treatment is reflected in the report might have information in their knowledge that could be combined with the information in the report in a way that would result in the identification of that particular patient. In my view, not only is any information that might be known to individuals as a result of their personal connection to the patient not information that can be said to exist generally in the public realm, it is also information that would be known to a very limited number of individuals. As noted in Order PO-3643, identifiability must flow from the information itself, not from prior personal knowledge being reflected in the records. In my view, this statement is relevant here. I do not accept that information that is already known as a result of a personal connection to the patient establishes identifiability in the general public when the withheld information itself does not, on its own or in association with other publicly available information disclose any personal information about the patient.

[82] I also do not accept that the type of information that the ministry suggests could be combined with the information in the report to reveal personal health information would establish identifiability in the general public or to, as Commissioner Beamish stated: “the vast number of people who are unaware of the individuals’ [here, the patients’] identities.” I acknowledge the ministry’s argument that an individual connected to the patient who already has within their knowledge certain personal information about an identifiable individual could gather other personal health information about the patient that the individual might not otherwise know. However, considering the specific information in the report, I find that this possibility is remote and not reasonably foreseeable.

[83] In its representations, the ministry refers to several types of information that it submits are available in the public realm and could be combined with the information in the report to lead to the identification of a patient whose treatment billing information appears in that report. Specifically, the ministry refers to information about a physician or clinic’s speciality, cell phone location information and information from other ministry sources, such as the narcotics monitoring system database.

[84] I acknowledge that a physician or clinic’s specialty is generally publicly available information found on the CPSO website or through a general internet search. However, the ministry has not sufficiently explained how information about a physician or clinic’s specialty could be utilized with the information in the report in a manner that would result in the disclosure of the identity of a particular patient. While I accept that knowledge of a physician’s speciality, coupled with the particular fee code, might identify a particular medical condition that is being treated, the ministry has simply not adduced sufficient evidence to establish that this information could be utilized in a way that might identify an individual patient. To do so would require the individual to also have personal information about the patient being treated by virtue of a personal connection with that patient rather than as a result of such information existing in the public realm. For the same reasons as those explained above, I do not accept that this renders the information in the report information about identifiable individuals.

[85] Another type of information provided by the ministry as an example of information available in the public realm that, it submits could be combined with the information in the report to identify patients who received treatment under that fee code, is cell phone location information. The ministry argues that cell phone location information, purchased on the commercial market, could be used to identify individual patients receiving the treatment services under the particular fee code by linking them to a physician or clinic on a particular date. I find that the ministry arguments in this respect are not only speculative but also unsubstantiated. Even if the cell phone location information can be linked to an identifiable individual and reveal that they attended the physician or clinic on a particular date, the ministry has not provided sufficient evidence to demonstrate how, out of the total number of patients who attended the physician or clinic on a particular date, one could discern, with any certainty, the identity of a patient who was also the recipient of the particular treatment billed under the specified fee code. I find this argument to be speculative and does not support a conclusion that it is reasonably foreseeable that cell phone location data could be used to determine the identities of the patients who received treatment related to the billing information in the report.

[86] Finally, the ministry submits that an individual could link the information in the report with other information that could be obtained from the ministry, such as information from the ministry narcotics monitoring system database, and identify individuals. The ministry submits that through the coupling of this information, an individual could discern the total number of patients who received a prescription for a controlled medication authorized by the same provider on the same date of service. As with the information about physician or clinic specialty, in my view, the ministry has not provided sufficient evidence to demonstrate how that information could be combined in such a way to identify an individual patient connected to the treatments referenced in the report, without having prior personal knowledge of additional information resulting from a personal connection with the patient.

[87] Other than physician or clinic specialty information, cell phone location information and information that can be obtained of the narcotics monitoring system database, I have insufficient evidence before me about any other information which could reasonably foreseeably utilized, together the information in the report, in a manner that would identify any of the patients who are the recipients of the treatment referenced under the specific fee code billed by the physicians on the dates identified in the report.

[88] I have considered the approach taken in Orders MO-2337, PO-2892 and PO-3643 in light of the evidence before me. I am not persuaded that an individual, without any prior personal knowledge of any of the patients whose treatment is reflected in the billing information in the report, would be able to identify an individual patient based on the disclosure of that report. I am also not persuaded that it is reasonably foreseeable in the circumstances that an individual, without any prior personal knowledge of a patient whose treatment is reflected in the billing information in the report would be able to utilize the information in the report, either alone or in combination with other information, to identify an individual as a recipient of the treatment represented by fee code G345A.

Identifiability due to the small cell count concept

[89] The ministry submits that the treatment identified by the specified fee code is rare and, therefore, combining it with the data elements in the report (name of physician or clinic, date of treatment, amount billed under the fee code for that treatment on that date and the postal code of the physician or clinic), one is able to establish a small pool of patients who received the specific treatment on a particular date through a particular clinic or physician. The ministry submits that due to the small size of the pool of patients receiving the particular treatment, particularly in locations where the physician or clinic postal code reveals that the treatment was provided in a community with a very small population, it is reasonably foreseeable that someone would be able to link the information in the report with the identity of individual patients. It is on this basis that the ministry submits that the small cell count concept applies to the information in the report.

[90] As I noted above, the small cell count concept has been recently referenced in relation to PHIPA  in Interim Order MO-4166-I and it has been considered in previous IPC orders issued under FIPPA . These orders are helpful to its consideration in this appeal. In Order PO-2811, which was upheld by the Supreme Court of Canada, [16] the adjudicator considered the small cell count concept to determine the identifiability of five or fewer sex offenders listed on the sex offender registry. He found that the ministry had misapplied the concept of small cell count by taking the position that the relevant pool of individuals to be considered was a pool of 5, the offenders on the registry. The adjudicator found that the relevant pool was instead, the pool of total residents in each of the defined areas set out in by the registry.

[91] In Order PO-2811, the adjudicator described the term “small cell” count and the ministry’s misapplication of it in the following way:

[T] Ministry submits that there are five or fewer registered sex offenders residing in 45% of Ontario’s FSAs [Forward Sortation Areas or areas defined by groupings of postal codes]. The Ministry submits that this comprises a “small cell” count. The term “small cell” count refers to a situation where the pool of possible choices to identify a particular individual is so small that it becomes possible to guess who the individual might be, and the number that would qualify as a “small cell” count varies depending on the situation. The Ministry has misapplied the concept of “small cell” count here. If, as the Ministry argues, 5 individuals is a “small cell” count, this would mean a person was looking for one individual in a pool of 5. By contrast, the evidence in this case indicates that one would be looking for 5 individuals in a pool of anywhere from 396 to 113, 918 [the range of populations of the FSAs]. This is not a “small cell” count.

[92] More recently, in Order PO-3643, mentioned above, the adjudicator considered small cell count and identifiability arguments in determining whether the disclosure of statistical information about suicides in Ontario hospitals and facilities could identify individuals. In that order, the adjudicator found that the relevant pool, or size of the group, was the total number of deaths at each facility for each year in question and that the small cell count concept would apply if any facility at which at least one suicide occurred had fewer than five total deaths in one year. She found that the evidence did not support such a conclusion as the information was aggregate data that had been stripped of any personal identifiers that could lead to the identification of individuals.

[93] The ministry submits that in this case, the number of services provided by each physician per day qualifies as a small cell and the relevant pool is the number of individuals who received the treatment, on that date, by a particular physician. It notes that the report reveals that the number of treatments billed under the fee code provided by each physician per day was less than five 78% of the time and one 35% of the time. From the ministry’s submission, it appears to be arguing that the relevant pool, or size of group, that must be considered in this case is the number of people that received treatment under the particular fee code on each particular date that it was billed.

[94] I am not persuaded by the ministry’s argument and I find that the small cell count concept does not apply here. First, I disagree with the ministry’s characterization of the relevant pool of individuals to consider. The ministry submits that the relevant pool is the number of individuals receiving the treatment under fee code G345, by a particular physician or group per day. In my view, the relevant pool to be considered is the pool of total patients for each physician or group. I find that the ministry has not provided me with sufficient evidence to demonstrate that the small cell count concept applies in this context.

[95] Second, while I acknowledge that in some contexts, the small cell count concept is a useful tool to determine whether the disclosure of non-identifying information relating to a small number of individuals may allow the identification of a specific individual, the fundamental determination that must be made is whether it is reasonably foreseeable that an individual could be identified as a result of the disclosure of the information. In this case, the ministry has not explained how, even in a small community, disclosure of the information in the report could result in the identification of a patient who received treatment under the identified fee code.

[96] Even in a small community where only one physician or clinic might have billed treatment under fee code G345A for one patient on a particular date, to discern the identity of the patient, an individual would have to have a fairly significant amount of additional knowledge, unrelated to the report, that one would only be able to acquire as a result of a personal connection to the patient. Additionally, as this treatment is used for a variety of conditions, even if there are only a small number of patients receiving treatment under fee code G345A, even with additional knowledge about a patient’s medical condition resulting from a personal connection, I do not accept that it would be reasonably foreseeable that a patient’s identity could be discerned from disclosure of the report. As a result, I find speculative the ministry’s suggestion that the information in the report could reasonably be used to identify one of the patients who received treatment under fee code G345A or reveal the personal health information of an identifiable individual.

[97] For the above reasons, I conclude that it is not reasonably foreseeable that the disclosure of the report would result in the identification of any individual, namely any of the patients who received the treatment under the fee code reflected in the billing information.

Summary conclusion on whether the report contains “personal health information” as that term is defined in section 4(1) of PHIPA.

[98] On consideration of the information before me, including the representations of the parties and the specific data elements in the report, I am not persuaded that it is reasonably foreseeable that the information in the report could be utilized, either alone or with other publicly available information, to identify any individual.

[99] Having concluded that the report does not contain identifying information about an individual or individuals under PHIPA , because the definition of personal health information in section 4(1) of PHIPA  requires that the information in question be “identifying information about an individual,” I find that the report does not contain personal health information and PHIPA  does not apply to it.

[100] Further, as the report does not contain personal health information, section 8(1) of PHIPA  does not apply to oust the appellant’s right of access to the report under FIPPA . As a result, I must now consider the extent of the appellant’s right of access to the report under FIPPA .

ACCESS UNDER FIPPA

Issue B: Does the appellant have a right of access to the report under FIPPA?

[101] In the Notice of Inquiry, I asked that the ministry to consider potentially relevant exemptions claims under FIPPA . The ministry declined to claim any, maintaining that the report consists of the personal health information of other individuals, to which the appellant does not have an access under PHIPA  and which, as a result of the application of section 8(1) of PHIPA , ousts his right of access to the information under FIPPA . Notwithstanding the ministry’s position, I have considered whether any of the mandatory exemptions in FIPPA  may apply in the circumstances. The only possibly relevant mandatory exemption is the personal privacy exemption in section 21(1) of FIPPA , and I will review its possible application below.

[102] I have found above that the report does not contain personal health information as defined in PHIPA . For similar reasons, I find that the report also does not contain personal information as defined in FIPPA . Therefore, the section 21(1) exemption cannot apply.

Section 21(1) does not apply

[103] The exemption at section 21(1) of FIPPA  only applies to personal information. It reads, in part:

A head shall refuse to disclose personal information to any person other than the individual to whom the information relates[.]

[104] In order to decide whether the mandatory personal privacy exemption at section 21(1) applies to the report, I must determine whether the report contains “personal information” because section 21(1) can only apply to “personal information” as defined in the Act.

[105] Section 2(1) of the Act defines “personal information” as “recorded information about an identifiable individual;” and sets out some examples. [17] The list of examples of personal information under section 2(1) is not a complete list. This means that other kinds of information could also be “personal information.” [18]

[106] Similar to PHIPA , information is about an “identifiable individual” if it is reasonable to expect that an individual can be identified from the information either by itself or if combined with other information. [19]

[107] For the same reasons that I found that the report does not contain personal health information under section 4(1) of PHIPA , because it does not consist of identifying information about any individual under section 4(2) of that act, I also find that the report does not contain personal information under FIPPA . I find that it is not reasonably foreseeable that a patient can be identified as a result of the disclosure of the information in the report, either assessed alone or in combination with other information. As the definition of “personal information” in section 2(1) of FIPPA  requires that the information be “recorded information about an identifiable individual,” I find that the information in the report does not qualify as personal information under FIPPA .

[108] As I have found that the report does not contain personal information because the information is not about identifiable individuals, section 21(1) of FIPPA  does not apply to exempt the report from disclosure. As no other exemptions have been claimed, and no other mandatory exemptions apply, I will order the ministry to disclose the report to the appellant.

ORDER:

1. I do not uphold the ministry’s decision to deny access to the report.
2. I order the ministry to disclose the report to the appellant by August 5, 2022 but not before August 1, 2022, and to provide me with a copy of its disclosure correspondence to the appellant.

Original Signed By:		June 29, 2022
Catherine Corban
Adjudicator