The NSHA has provided the OIPC with the names and contact information for the 353 physicians who referred patients to the Clinic within the last year. [...] The Clinic is a facility of the NSHA, and as such the NSHA is responsible for the Clinic’s compliance with the Personal Health Information Act (PHIA). [...] See, for instance: the Office of the Privacy Commissioner of Canada, “Key Steps for Organizations in Responding to Privacy Breaches”; the Office of the Information and Privacy Commissioner for British Columbia, “Privacy Breaches: Tools and Resources”; the Office of the Information and Privacy Commissioner of Alberta, “Key Steps in Responding to Privacy Breaches”; and the Office of the Information [...] The business owner reported the breaches to the OIPC and turned over the records to our office. [...] Each physician made clear to us that he or she recognized the sensitivity of the personal health information breached, and was concerned to ensure the patient was notified of the breach and that the breach was contained.