Æ

Protecting Your Privacy (Freedom of Information)

WDMH is committed to protecting your privacy and your personal health information. We do this in accordance with the Personal Health Information Protection Act (PHIPA) and other applicable laws.

Privacy Q&As

Please review these Q&As to help answer any questions you may have:

Does WDMH share health information with other healthcare organizations? Is WDMH part of Epic?

Yes. WDMH is part of the Atlas Alliance, which is a group of healthcare organizations that share the same health information system (called Epic). Other members of the Atlas Alliance group include:

  • Deep River and District Hospital
  • Hawkesbury and District General Hospital
  • Kemptville District Hospital
  • Renfrew Victoria Hospital
  • St. Francis Memorial Hospital
  • The Ottawa Hospital Academic Family Health Team
  • The Ottawa Hospital
  • University of Ottawa Heart Institute

This system allows us to better understand your medical history. It also helps us to collaborate better on the health care we provide to you and to give you, the patient, the to ensure the best care possible, wherever you are. We assume that you want us to share your health information to provide you with care. If not, please call us at 613-774-2420 ext. 6366 and we can put a “lockbox” on your record.

WDMH can also share health information electronically with other partner hospitals and the provincial electronic health record. When you visit one of the hospital partners, your care provider will have up-to-date information about your health. You only have to tell your health story once and your care provider has the information they need to help you make the best decisions for your care.

Can I find out who has viewed my WDMH patient health record?

Yes. If you wish to know who accessed your health record, you can make a request to Alyssa Waldroff, Chief Privacy Officer at 613-774-2420 extension 6366, to obtain an audit report. The Chief Privacy Officer will provide the information to you in a timely fashion (usually within 30 days). If you have further concerns upon receipt of your audit report, you may make a complaint to the Chief Privacy Officer, who will pursue your concerns on your behalf.

Where are my WDMH records and for how long?

All patient records may be stored electronically on computers, on microfilm, or the original paper documents are maintained. Currently, records are stored on-site for those encounters that have taken place within the last 4 years. For all other records considered not active (> 4 years with no visit to the hospital), they are maintained and secured by an external agency - Iron Mountain.

WDMH meets all legal requirements for record retention periods – the Public Hospitals Act requires health records to be maintained for 10 years from the last encounter/visit to the organization. In the case of persons under the age of 18, records are kept for a period of 10 years from their 18th birthday for a total of 28 years.

Due to the limited space to house all of our patient records, WDMH’s storage practice for health records is currently under review. As we move forward with our new Clinical Information System, records currently stored off-site will be scanned into our system and available for future access when required.

I have noticed that many areas of the hospital are open and I can sometimes overhear staff talking to patients or family about health information. Is this not a breach of patient privacy?

There are inherent limitations to the Hospital’s physical environment. Many areas, such as nursing stations, are in public spaces. Despite these physical limitations and the pressures of an acute care hospital setting, staff will take precautions and make every effort to discuss health information confidentially.

When I called the hospital to see how my family member was doing; the WDMH staff would not describe what the problem with my family member was or their condition. Why is that?

The Hospital receives many phone calls from concerned family members and friends regarding our patients. As hospital staff cannot verify who the caller is, hospital staff can only provide limited information to the caller. This policy is in place so that we can protect the private health information of our patients.

Only the following information will be given to a person over the phone:

  • Confirmation whether or not you are a patient at the Hospital;
  • Your general health status (e.g., stable, critical); and,
  • Your location in the Hospital.

If you do not wish for this information to be disclosed, please inform hospital staff. We will respect your rights to complete confidentiality.

In some circumstances, the above information will not be released to anyone. For example, patients that are being treated for sexual assault or domestic violence are treated as completely confidential in order to ensure the personal safety of the patient.

How is my health information protected?

There are three components to protecting patient information at WDMH:

  1. Administrative Safeguards: The WDMH Privacy Policy governs the manner in which all WDMH care providers and staff manage patient information. Furthermore, all WDMH staff (employees, physicians and volunteers) must sign a confidentiality agreement as a condition of employment.
  2. Physical Safeguards: WDMH has a number of physical safeguards which range from locked doors to staff wearing photo identification to identify themselves as WDMH employees.
  3. Technical Safeguards: WDMH’s Information Technology Department upgrades the security capabilities of the patient information systems on an ongoing basis. Also, WDMH has implemented access controls for staff, which are based on the staff member’s job role. This access control helps limit the staff members’ access to electronic files on a need-to-know basis to perform their job duties.

The WDMH patient information system also uses passwords to protect the system from inappropriate access from within the Hospital. Finally, a firewall is in place to protect our information systems from external unauthorized access.

Is my health information available on the Internet?

No, health information is not publicly available on the Internet. WDMH may use the Internet to transfer unidentifiable health information securely through a Virtual Private Network or e-mail system. These systems are secured by a combination of authentication and encryption

Can my family physician access my WDMH health information?

WDMH releases discharge summaries to family physicians as directed by the most responsible physician during your stay at Hospital. WDMH will release other information to your family physician with your consent.

Can all WDMH staff access my patient record?

Only WDMH staff involved in your care may access your patient record. All WDMH staff are bound by a strict confidentiality agreement, which is signed as a condition of employment. This agreement seeks to ensure staff only access information on a need-to-know basis to do their work.

What if I am unable to give consent for another person to access my health record?

If you are unable to give consent for a friend or family member to access your chart due to reasons of competency or consciousness, the consent decision falls to the appointed substitute decision-maker such as a parent or guardian. This person is bound by law to act on your behalf, who must make decisions based on their belief of what you would wish done if you were able to decide

Can my family see my health information?

We require your express consent to share any of your health information with a friend or family member.

How can I get a copy of my patient record?

A Release of Patient Record form is required which includes questions to help us search for your record. These questions include: Name, Date of Birth, and Reason for Request etc. There is a service fee, depending on the nature of your request and size of the file. The amount of the service fee will be discussed prior to the processing of your request.

Do I have access to my health information? If so, how can I access my health information at the hospital?

When you are a patient at WDMH, you can ask your health care provider for your health information. The health care providers will work together with you to answer your questions, and provide access to your health information.

After you have left the Hospital, you are welcome to contact the Health Records Department at 613-774-2420 ext. 6360. You will be asked to sign a consent form for the release of information.

Our standard practice is to send a copy of your health record to your family doctor. Your family doctor will then review the health record with you and answer your questions. This process has worked well for patients.

When I am a patient at WDMH, a lot of information is collected about me. What is the information used for?
The information collected is used for the following purposes:
  • Your patient care and treatment;
  • Administration of the hospital, including internal studies for quality assurance and patient satisfaction surveys;
  • Administration of the health care system, where your information is submitted to the Canadian Institute of Health Information (CIHI) and the provincial Ministry of Health and Long-Term Care;
  • Meeting legal and regulatory requirements;
  • Responding to general enquiries about your location within the Hospital and your general health status (e.g., stable, critical).

WDMH is required by law to report certain pieces of information about our patients to health care agencies, including the following: the provincial Ministry of Health (billing information), the Canadian Institute for Health Information (coded discharge abstracts), Public Health and Health Canada (public health surveillance), and Cancer Care Ontario (pathology reports). This is done to ensure the health care system is running optimally, and to conduct statistical comparisons of population health characteristics over a broad geographical range.

Does WDMH ever sell patient information to drug companies, or anyone else?

No, WDMH does not sell patient information to drug companies or to anyone else.

Can other people access my personal infromation?

Personal information must not be disclosed to anyone other than the individual to whom it relates, except:

  • where prior written request or consent of the individual, if the record is one to which the individual is entitled to have access
  • in compelling circumstances affecting the health or safety of an individual
  • personal information collected and maintained specifically for the purpose of creating a record available to the general public
  • under an Act of Ontario or Canada that expressly authorizes the disclosure
  • for a research purpose if specific conditions are met
  • the disclosure is consistent with the conditions or reasonable expectations of disclosure under which the personal information was provided, collected or obtained,
  • if the disclosure does not constitute an unjustified invasion of personal privacy

How can I access records of a deceased patient?
For access to a deceased relatives record, we require: A copy of the deceased patient’s Will naming you as the Executor, or in the absence of a Will, a “Certificate of Appointment of Estate Trustee” signed by a Registar of the Court

How do I access my Medical Imaging?
Medical Images can be accessed through PocketHealth. You can get started by visiting https://www.pockethealth.com/ and selecting “Access My Records”. Your Provincial Health Card Number or hospital Medical Record Number is required to sign up.

Access to Information

The Freedom of Information and Protection of Privacy Act (FIPPA), R.S.O. 1990 (the "Act") is provincial legislation that came into effect on January 1, 1988. On January 01, 2012, Hospitals in Ontario were added to the list of public bodies to which the Act applies.

The Act has two main purposes:

  • To make public bodies more open and accountable by providing the public with the right of access to records; and
  • To protect personal information from unauthorized collection, use or disclosure by public bodies.

The Act applies to records in the custody or control of the Hospital. Upon request, certain records must be made available, subject to limited exemptions as provided for in the Act.

How to Make a Request for Information

Step 1: Find out if a FIPPA request is necessary

You do not always need to submit a formal freedom of information request to access information from the Hospital.

  • A lot of information is posted on our website.
  • If you cannot find the information that you seek online, consider requesting the information informally. This means requesting information from the department or area of the hospital that you think may have what you are looking for. You will be assisted with your request and told whether the information can be provided to you informally, or whether you will have to submit a freedom of information request

Step 2: Make a formal written request

You may request access to information by making a written request through the Freedom of Information (FOI) Coordinator. For this purpose, an Access/Correction Request form is available on our website (see below). However, any request made in writing will be accepted, as long as the following information is included:

  • date of request
  • identification of the specific record(s) to which you are requesting access
  • statement that you are making this request through FIPPA
  • $5 application fee
  • your contact information
  • An original signature of requester.

Please remember the more specific your request, the more quickly and more accurately it can be answered.

Please note that requests received by electronic mail are not accepted since the legislation requires that requests be authenticated by an original signature.

Step 3: Pay the application fee

Once the Access or Correction Request form is completed, return it to the Finance department, along with a $5 application fee. Processing of the request will commence once the completed form and the receipt of payment are both received by the FOI Coordinator. If the total cost of completing your request exceeds $100, you will be provided with a fee estimate before processing begins and you will be required to pay a deposit of 50% of the total estimate before the Hospital will begin to process your request.

Step 4: Your request is reviewed

Your request will be reviewed by the FOI Office in accordance with FIPPA. The Hospital will then send you an acknowledgment letter and notify you of an estimate of any fees that may apply. Every effort will be made to resolve the request within 30 days. However the Hospital may advise you of the need for a time extension. Once a determination has been made, a decision letter will be sent to the requestor. This letter will outline all the details of the decision, including any exemptions that may apply, a calculation of any incurred fees, and if applicable, a schedule of disclosure, and directions regarding the actual access to the identified records. Records to which exemptions apply may be withheld entirely or be "severed" (i.e. portions blacked-out). A decision letter will explain in detail the exemptions applied and give reasons. If you request access to records containing personal information about yourself the Hospital may ask you to present yourself in person to the FOI Office with one piece of picture ID before the records are disclosed to you.

All decisions made by WDMH, including the final determination and any fees or time extensions, may be appealed to the Information and Privacy Commissioner (IPC) of Ontario. You have thirty-days (30) from the date of the Hospital's decision letter to request a review by Ontario’s IPC.

Information/Privacy Commissioner of Ontario at:
2 Bloor Street East, Suite 1400, Toronto, Ontario, M4W 1A8.
Tel: (416) 326-3333, or 1-800-387-0073
Email: info@ipc.on.ca
Web: http://www.ipc.on.ca/

FIPPA FAQs

What is the difference between a request for ‘general information’ and a request for ‘personal information’?

Personal Information is defined as recorded information about an identifiable individual such as information relating to the race, national or ethnic origin, colour, religion, age, sex, sexual orientation or marital or family status of the individual, information relating to the education or the medical, psychiatric, psychological, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved, any identifying number, symbol or other particular assigned to the individual, the address, telephone number, fingerprints or blood type of the individual, the personal opinions or views of the individual except where they relate to another individual, correspondence sent to an institution by the individual that is implicitly or explicitly of a private or confidential nature, and replies to that correspondence that would reveal the contents of the original correspondence, the views or opinions of another individual about the individual, and the individual’s name where it appears with other personal information relating to the individual or where the disclosure of the name would reveal other personal information about the individual.

Personal information does not include the name, title, business address, and business contact numbers of an employee. The personal information for individuals deceased more than 30 years is no longer protected by the Freedom of Information and Protection of Privacy Act (FIPPA).

General information relates to all other information that is not considered personal information as defined above.

Why can I not have access to certain records?

FIPPA stipulate that every person has a right of access to a record in the custody or under the control of the Hospital. However certain records are excluded from the purview of the Act (i.e. labour relations (s. 65(6)), research and teaching materials (s.65 (8.1))). Also, there are mandatory and discretionary exemptions for other types of records that apply and determine the disclosure of the records (i.e. third party information (s. 17), economic interests (s. 18), solicitor-client privilege (s. 19), and personal privacy (s. 21)).

Is there a cost to make a request? How much?

There is an initial fee of $5 to make a request under FIPPA. Other fees may follow. Costs can be It is possible to reduce the costs of a request by being very specific with your request. An example that could help reduce fees would be to include in your request to eliminate all information sent or received by you

How do you calculate the estimates and final fees?

The fees are calculated in accordance to the FIPPA regulation 460 R.R.O. 1990. The fee breakdown is as follows:

FIPPA estimates and final fees
ActionFees
Making an access request$5 fee must accompany written request
Change in personal information No fee required besides the $5 request fee and photocopy fees
Photocopies and computer printouts $0.20 per page
CD ROMs $10 per disk
Encrypted USB Drive $50/ usb
Manually searching a record$30 per hour ($7.50 for each 15 minutes) spent by any person
Preparing a record for disclosure, including severing part of the record $30 per hour ($7.50 for each 15 minutes) spent by any person
Developing a computer program or other method to produce a record from a machine-readable record $60 per hour($15 for each 15 minutes) spent by any person
Cost, including computer costs, incurred to locate, retrieve, process and copy record(s) as specified in an invoice received by the hospitalActual costs

Who do I make my cheque payable to?

Cheques for the initial application fee may be made payable to Winchester District Memorial Hospital. All further fees must be paid by cash, certified cheque or money order to Winchester District Memorial Hospital.

Can my request form be faxed or emailed?

Since the request must be accompanied by a $5.00 application fee before the searches can begin, the request must be sent by mail, courier, or may be dropped off in person.

How specific do I need to be with my request?

Please be as specific as possible in describing the information you are seeking. The more specific your request, the quicker and more accurately it can be answered. This includes adding details such the area the information should be searched in, the key words that you find appropriate to conduct the search and the period of the request (date). Please note that the search dates of a request ends on the day that the request has been received.

If you are requesting your own personal information, please be sure that you give: your full name; any other names that you have previously used; and any identifying number that relates to the records, such as your employee or student number, or other identification number.

Where can I find the form to make a formal request?

You may find the form to make a formal request below

DAX Co-Pilot
WDMH and Microsoft + Nuance DAX Copilot FAQs
The Winchester District Memorial Hospital (WDMH) is introducing the innovative software DAX Copilot. This document is designed to provide you with comprehensive information to ensure your confidence when in use during your healthcare visit.
How does DAX Copilot work?
Using generative artificial intelligence (AI), DAX Copilot securely records clinician-patient conversations during in-person appointments. Once the visit is complete, the conversation is converted into medical notes for the physician to review and finalize. Patients will have access to the notes from the visit through the MyChart patient portal.
What are the benefits of using this technology?
Physicians spend around 10 hours each week on administrative tasks, such as charting after patient appointments. Using DAX Copilot will reduce the time they spend on manual documentation, by an average of seven minutes per encounter, freeing up more time to interact with patients.
It may also allow physicians to see more patients during their clinic time, helping to reduce wait times and increase both access to and quality of care.
Drafting clinical notes using DAX Copilot will also help ensure that no health information between patients and physicians gets overlooked.
What am I consenting to?
Your consent allows the provider to record the conversation, which gets analyzed by DAX Copilot’s generative AI and is converted into a draft clinical note. This draft note is reviewed by a physician before being finalized and added to the patient’s electronic medical chart. Should a patient have concerns with the information, they can request a review if necessary.
You are also consenting to the use of your information to improve the technology. AI systems are constantly learning and improving so they can create better outputs. Rest assured that your data will be de-identified to protect your privacy during data use and storage, and it will solely be used to train and refine the system. The developer of DAX Copilot is required to comply with Canadian health privacy law, ensuring your information is handled with the utmost care and confidentiality.
During the trial period, Microsoft data servers containing information used to help improve the technology will be hosted in the United States. DAX Copilot-obtained information is not sent, processed, or stored outside the US and Canada.
Do I need to consent to this?
Your physician will only use DAX Copilot to record your appointment if you provide explicit consent. However, it is your choice. You do not need to agree to the use of Copilot, and the quality of care you receive will not be impacted by this decision.
What if I change my mind?
Your physician can stop DAX Copilot from recording the conversation at any time. DAX Copilot’s recording can also be restarted if necessary (ex. your provider can restart Copilot to capture any important medical information you forgot to say during the initial recording). If you wish to withdraw consent after your appointment, please contact our Chief Privacy Officer at 613 774 2420 x6366. If possible, the recording will be deleted upon withdrawal of consent.
Is my health information secure?
After the recording is transformed into a clinical note, it will be permanently deleted or de-identified within 90 days and become inaccessible. You (the patient) can then review the clinical note from your appointment via MyChart.
The developer of DAX Copilot is contractually obligated to keep your information secure and protect against inappropriate disclosure. WDMH has reviewed the company’s privacy practices to ensure patient information is secure.
What are the potential risks?
Your personal health information is protected by Ontario’s privacy laws, but there are always some risks with using AI. These include documentation inaccuracies, biases, or misuse of data.
Your physician will review the AI-generated notes for accuracy before finalizing them to ensure there are no inaccuracies in your medical note, and we have put safeguards in place to prevent against misuse (as described above).
Why is AI used in healthcare?
Like other sectors, there are many benefits to using AI in healthcare. Using AI can help streamline workflows, improve access to and quality of care, and reduce administrative burdens and wait times. It also allows staff to focus more on delivering or supporting patient care, by reducing time spent on manual tasks.
Is there a plan to expand the use of AI at WDMH in the future?
We are taking a careful and responsible approach to using AI, while everyone continues to learn about the technology. It is important to expand in a way that meaningfully helps clinicians and patients.
AI is used in a few areas of our hospital, including Ambulatory Care and Medical Imaging. For example: our Radiologists use AI imaging platforms in breast imaging and lung screening.
Does DAX Copilot work if there’s more than one provider in the room?
Yes, there can be multiple people contributing to the conversation (ex. a second consulting physician, a POA/family member attending the appointment with the patient), and DAX Copilot will capture the relevant health information and include it in the draft clinical notes.
Only the patient needs to consent to the use of DAX Copilot, as it is the patient’s information that will be recorded and used.
How does DAX Copilot handle “chit-chat” between people?
DAX does a good job at filtering out conversation that isn’t relevant to the medical evaluation taking place. It only records clinical information, so your casual conversation won’t be included in your medical note.
How do I view the note in the MyChart patient portal?
To view your clinical notes, log on to MyChart and click the “Health” tab. MyChart is a secure online patient portal that makes it easy for you to access your health information, at any time. You can access the portal or obtain more information and sign up here: MyChart.
Who can I contact if I have questions?
If you have questions about your privacy, contact our Chief Privacy Officer at 613 774 2420 x6366

Who can use and see your personal health information

Who can use and see your personal health information 

Implied Consent to Use and Give Out Your Information in Order to Provide You with Health Care

When you seek health care from us, we assume that we have your permission to collect, use and share your personal health information among your health care providers, including the doctors, nurses, social workers, therapists, and other professionals or their support staff within our facility, who provide or assist in providing health care to you. We may also give your personal health information to your outside physician or other health care providers so they can provide you with ongoing health care and follow-up. Staff in our facility who do not provide or assist you with health care are generally not allowed to see your health information. You should let our staff know if you do not want us to use, share or give out some or all of your personal health information to provide you with health care.

 

Express Consent to Give out Your Information to Other People

Sometimes we are not allowed to assume we have your permission to give personal health information about you to others. For example, except where the law allows otherwise, we must ask your permission to give your personal health information to:

  1. people who do not provide you with health care, like a family member who does not have the legal authority to act for you, or to insurance companies; or
  1. to a health care professional who is not involved in your care.

 People outside the health system who receive your personal health information can only use it or give it out for the reasons that they received it or as allowed or required by law.

 

Limits on Using and Giving Out Your Personal Health Information

In some circumstances, you can tell us not to use, share or give out some or all of your personal health information to other people who provide you with health care.

If you choose to limit how we give out some or all of your personal health information, you should be aware that when we give out your personal health information to others, we are required to tell them when we think the information is inaccurate or incomplete, including when we think the missing information could affect your health care.

 

When Your Consent is Not Required

We are allowed or may be required to use and/or give out some of your personal health information without consent in the following situations:

  • to process payments through government programs, like the Ontario Health Insurance Plan (“OHIP”)
  • to report certain information, such as health conditions that make you unfit to drive, or to report certain diseases to public health authorities
  • when we suspect certain types of abuse
  • to identify a person who has died
  • to give the spouse or child of the person who has died personal health information
  • to assist them in making decisions about their own care
  • to reduce a significant risk of serious bodily harm to a person or the public
  • to give information to certain registries or planning bodies that use personal health information to improve health care services or health system management, as long as strict privacy protections are in place
  • to assist health researchers for research, as long as strict privacy requirements are met
  • to improve or maintain the quality of care or any related program or service
  • for risk management and legal purposes
  • to allocate resources to our programs and services
  • to assess the ability of a person to make health care and other important decisions
  • for administration or enforcement of laws about the practices of health care providers, including to allow professional Colleges and other legal bodies to regulate the practices of health care professionals
  • for the purpose of a legal proceeding or complying with a court order, or other legal requirement
     

Providing Information to Family, Friends, and Others

There are times when we may give out information about residents to their families, friends, and others.

We are allowed to give out general information about you, like whether you are a resident here, how you are doing (e.g., that your condition is stable or improving), and where you can be found (e.g. your room number). Before doing so, at our first opportunity we will ask you if you do not want us to give out this kind of information. 

You should let our staff know if you do not want us to give out this kind of information about you. You may not want us to give such information out to anyone, or you may only want to give the information to certain people who you can name or describe. For example, you may not want us to give out information about you to anyone other than your spouse or children. 

We are also allowed to give out your name and location here to a representative of a religious or other organization where:

  • you have told us about your connection to the organization; and
  • we gave you the chance to let us know that you do not want us to give this kind of information to the organization, and you did not object.

You should let our staff know if you do not want us to give this kind of information about you to religious and other organizations. 

You may have other family or friends to whom you would like us to give more detailed information about your health, like whether you are doing well or how treatment is working. You can let our staff know that they can discuss your health with family and friends. Let our staff know if you would like us to give more detailed information about your health to someone.

 

People Who can Make Decisions for You

We will presume that you are able to make your own decisions about your personal health information. If we determine that you cannot, another person, usually a family member, will be asked to make decisions for you. The law tells us who to turn to first on a list of “substitute decision-makers”. For example, if you have a substitute decision-maker for treatment, that person will make decisions about your health information that is related to that treatment. Since a substitute decision-maker needs information about a person’s health to make these kinds of decisions, our facility can give them that kind of information. Your substitute decision-maker can also ask us to see your records and our staff will give him or her information about your health. 

We will ask for your consent, or your substitute decision-maker’s consent, before giving your personal health information to your other family members. You may also decide in advance who should act as your substitute decision-maker when you are no longer capable to make these decisions. 

 

Your Health Number

The number on the front of your Ontario Health Insurance Plan, or “OHIP,” card is your “health number” and is a special kind of health information, with special rules:

  • Only people and organizations that provide you with health care or goods or services funded by Ontario, like health care covered by OHIP, can require you to show your health card
  • A health care provider can collect, use and give out your health number, in order to treat you and to get paid by OHIP
  • People outside the health system can only collect, use, and give out your health number as health privacy law allows. For example, they may collect and use a health number for a purpose related to providing health care or goods funded by OHIP. School boards and daycare centres may collect children’s health numbers for this purpose. They may also collect a health number from a health care provider and use the number for the purpose for which the provider gave the number.
  • You can choose to use your health card as identification, for example, to identify yourself so you can get a library card.

 

FUNDRAISING AND MARKETING

In many communities, hospitals, long-term care facilities and other health care organizations raise funds for improving health care services, such as buying new medical equipment. To support these efforts, the law allows limited information about you to be shared for fundraising. 

Details about your health condition cannot be shared. But fundraisers do need your name and address, so that they can contact you or someone who is acting on your behalf. 

You can tell us at any time if you do not want to be contacted. Otherwise, you may receive a letter about donating once 60 days have passed from the time you first became a resident at our facility. 

The law also protects you by making sure your health information is never shared for marketing purposes unless you want it to be. For example, if your health care provider knows that a particular medical device could help you, he or she would have to ask you before giving your name to someone who wanted to sell you the device. 

 

RESEARCH, EDUCATION AND HEALTH SYSTEM PLANNING

Research - Your personal health information may be used for research projects, including those that are designed to improve health care. Sometimes, we will ask you before we give your personal health information to researchers. However, with some research projects, an independent ethics review board will look at the goals and benefits of the research, the safeguards for your information and whether it would be impractical to ask for your consent. If the researcher meets these and other tests, your consent may not be required. If that happens, researchers are not allowed to use your personal health information for any other purpose and will not contact you unless you have said they can. Sometimes, a research ethics board will require us to have your consent before we can give information about you to a researcher. 

Education, Planning and Management - We are allowed to use your personal health information without your consent to educate our staff and students and to plan and manage the services and programs we offer. We use personal health information for risk management and error management and for other activities to improve or maintain the quality of the care we provide. 

Planning and Management of the Health Care System - We are allowed to give your personal health information to certain organizations that are responsible for planning and managing the health care system. These organizations compile personal health information to help study and plan the delivery of health care. Currently, the law allows us to give your personal health information to:

  • Cancer Care Ontario, the Ministry of Health’s principal advisor on cancer issues, which manages the Ontario Cancer Registry and other cancer care programs.
  • The Canadian Institute for Health Information, an independent organization that maintains statistics and analysis about the performance of the Canadian health care system, the delivery of health care services and the status of Canadians’ health.
  • The Institute for Clinical Evaluative Sciences, an independent organization that does research to improve health care and the delivery of health care services.
  • The Pediatric Oncology Group of Ontario, which works to ensure that all of Ontario’s children have access to advanced diagnosis, treatment and other cancer care services.

If relevant, we can give your personal health information to:

  • Cardiac Care Network of Ontario, an advisory body to the Ontario Ministry of Health and Long-Term Care which coordinates all advanced cardiac services for adults throughout Ontario, and maintains a registry of cardiac services for this purpose.
  • Inscyte Corporation, an information system that manages health care services for cervical disease.
  • London Health Sciences Centre, which maintains the Ontario Joint Replacement Registry to collect data on hip and knee joint replacements.
  • Canadian Stroke Network, which maintains the Canadian Stroke Registry and conducts research and training to reduce the impact of stroke.

 

Facilitating Health Care - We are also allowed to give your personal health information to certain organizations that gather health information to improve and make health care delivery easier. These organizations carry out important work, such as keeping track of which people need special health care services, like treatment for a particular disease, to make sure they get the care they need. 

 

YOUR RIGHTS AND CHOICES

Seeing your Information
Correcting Your Record
If we do not respond to your request quickly enough, or at all, or if we do not give you access to the record, or charge more than is allowed, you may complain to the Information and Privacy Commissioner of Ontario and they will review the matter. You may also complain if we refuse to correct your records or attach a statement of disagreement, or if you believe that the correction was not done properly.

You have a right to see your personal health information and to get a copy of it by asking us for it, or by writing to us, and paying a reasonable fee. 

Some exceptions may apply. For example, when the information is only about monitoring the quality of health care we provide, you will not get to see the record. We may not give you the record in a few situations, including if the record relates to law enforcement, legal proceedings or another individual. 

We must respond to your request as soon as possible and within 30 days. There may be a delay if we have to ask others about the records or where it will take time to find the record. You have the right to be notified of such delays. If you require the record urgently, we must consider responding as soon as possible. 

Once you have seen your record of personal health information, if you believe it is inaccurate or incomplete, you may write to us and ask for a correction. 

We must reply to your request within 30 days, or later if it is reasonable to do so. You are entitled to be told how long it will take to get back to you if it is longer than 30 days. 

We may not correct a record that was created by someone else and we do not know enough about the record to change it or where, for example, the opinions or observations in the record were made in good faith. You are entitled to be told the reasons for not making a correction and of your right to have a statement of disagreement attached to your records. You can also ask to have this statement made available to those who see the record. 

Where we correct a record, it must be done carefully so that the full corrected record remains visible or by ensuring that the corrected version is readily available.


Our Contact Person
  • If you have a question about our privacy policies and practices in handling your personal health information
  • If you would like to see our Privacy Statement that describes what we do and our safeguards in greater detail
  • If you wish to talk to someone about your health information, or want to know more about how to consent, withdraw consent or withhold consent to part of your personal health information being given out to someone else
  • If you want to see your personal health information or to correct it
  • If you are wondering about something that may have happened to your personal health information, and want more detailed information

Please come to us first if you are not happy about something that has been done with your personal health information. If you wish to make a complaint, we want to resolve your concerns with you. To discuss your concern and see what can be done to fix the situation, please speak to our Privacy Officer. 

 

THE INFORMATION AND PRIVACY COMMISSIONER OF ONTARIO

Sometimes we may be unable to resolve all of your concerns about how your personal health information has been handled. In this case, you may wish to contact the Information and Privacy Commissioner of Ontario. The Commissioner is the person who has general responsibility for ensuring that the Act is followed. 

You can make a complaint to the Commissioner about any decision, action or inaction that you believe is not in compliance with the Act, including

  • if you are unable to resolve with us a complaint or concern about how your personal health information has been handled,
  • if you are unable to see all of your personal health information, or want to complain about a delay in responding to your request,
  • if you feel your personal health information in your record is incorrect and you have been unable to persuade us to correct the information; or
  • if you disagree with the fee that we charged for you to see or get a copy of your personal health information.

You must make your complaint within one year of the matter you are complaining about, and it should be in writing. The Commissioner will try to resolve the matter through mediation in her office. If your complaint cannot be resolved in this way, the Commissioner has the power to investigate and to make an order that sets out what must happen.  

You can contact the Commissioner in writing at:
Information and Privacy Commissioner/Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario M4W 1A8
Telephone: 416 326 3333 or 1 800 387 0073
Facsimile: 416 325 9195 TTY: 416 325 7539
Website: www.ipc.on.ca
Email address: info@ipc.on.ca