Who does BORN collect my data from?
BORN Ontario is funded by the Ministry of Health to collect, analyze, and share data from health care organizations including hospitals, midwifery practice groups, fertility clinics and labs. BORN links and analyzes data before packaging it into information that healthcare providers use to improve care and guide decision making. The results are a better healthcare system providing improved healthcare experiences for you and your children. Like all prescribed health registries, the Information and Privacy Commissioner of Ontario reviews our policies and procedures every three years to ensure they are compliant. BORN collects data from healthcare providers pursuant to the authority afforded to it in the Personal Health Information Protection Act (PHIPA).
Registries play a vital role in gathering, using, and sharing clinical care information. Personal health information is collected from networks of providers to improve healthcare experiences for you and your children. Province-wide data collection helps ensure that health quality efforts, and the detection of specific missed care opportunities and health outcomes are equally captured and do not hide health inequities.
Is my/my child’s identity included? How and why?
The identity of the child and pregnant individual are collected at time of birth and when services are provided.
Identity is used to support patient care by informing care providers of care gaps, for example, missed health screening, and to ensure that records received from multiple sources can be linked accurately. It is extremely important for health quality measurement that providers be able to accurately identify who is receiving care and their health status.
Has the information that was taken been misused/posted publicly?
At this time, there is no evidence to suggest that any of the data involved in this incident has been misused for any fraudulent purposes or posted publicly. We will continue to monitor the dark web for any activity related to this incident. If we become aware of any future misuse of the information, we will provide an update on our website.
It is important to always remain vigilant in protecting your information by monitoring your online accounts, creating and maintaining strong, unique passwords for your online accounts, and reporting any unusual activity to the police and service providers.
BORN Ontario will never contact you by email, text, or phone requesting any sensitive personal information.
How can I find out what specific information of mine was accessed?
Unfortunately, due to the complex nature of the incident, we are not able to provide a personalized breakdown of your specific information affected. We deeply apologize for this incident. While attacks on third-party software are difficult to prevent, we have taken measures to further strengthen our security controls to limit the potential for this type of incident to happen again. For more information on the types of data affected based on the type of care you received, please see the “Am I Impacted” tab on our website. You do not need to take any additional steps.
Why didn’t I receive a letter in the mail or a phone call that indicates that I was affected by this privacy breach?
Fertility, pregnancy, and newborn care is sensitive information. There is no evidence that the information copied in this breach has been misused for any fraudulent purpose or made public. BORN Ontario is maintaining the privacy and identity of those impacted and is not creating any written material that links people to their history of fertility treatment, childbirth, or pregnancy. This website offers information to notify you of the incident and help you determine if you or a family member were impacted.
I’ve read the questions and I still am not sure if I’m impacted.
Please refer to the “Am I Impacted” tab on our website. You can also call our bilingual (English or French) hotline at 1 833 622 1361 available Monday-Friday 9 AM to 5 PM. Due to the complexity of this incident, we are not able to provide any personal details about the information involved.
Does BORN collect from data providers outside of Ontario?
As a prescribed Registry in Ontario, BORN does not collect personal health information from Health Information Custodians located outside of Ontario.
However, to provide quality-advancing information about fertility care quality and outcomes, progress year over year, and to provide Canadian data to compare with other jurisdictions internationally, de-identified data are collected from fertility clinics across Canada.
Data from IVF clinics outside of Ontario, reflecting only in-vitro fertilization or egg banking treatments from January 2013 through May 2023, were impacted in this incident.
These data do not include:
- Postal codes
- Phone numbers
- Health card numbers
- Patient emails
IVF clinic names are also not identified in the affected data. Under the authority given to us by Ontario’s Personal Health Information and Protection Act, BORN collects identifiers from Ontario-based clinics. This allows us to link those records to pregnancy, birth and child health data, providing richer analysis and information for Ontario about the outcomes experienced by patients who use, and pregnancies that result from, fertility enhancing technology. This information informs policy and care decision-making.