Peel Region homepage
Peel Region
Go
main
Go

Personal Health Information Protection Act (PHIPA)

Protecting the privacy of your personal health information

Personal health information is information in any form that identifies you and that relates to your health and health care including, health history, health care programs and services, health care providers, substitute decision-makers, health card number and other personal identification numbers.

Region of Peel Statement of Information Privacy Practices

Under the Personal Health Information Protection Act , 2004, c. 3 (PHIPA), the Regional Municipality of Peel (Region of Peel) has 4 Health Information Custodians. They include:

Under PHIPA, Health Information Custodians are responsible to ensure that personal health information is collected, used, stored and shared in a way that protects the confidentiality of that information, and the privacy of individuals.

We believe our clients, patients and residents should know what personal health information we collect, how it's used and protected, and who we shared with.

Contact our Privacy Office or call 905-791-7800 to learn more about our privacy practices.

Examples of personal health information

Personal health information can be in either spoken or written form and may include:

Other information

Your privacy is important to us

We are committed to respecting your privacy and protecting your personal health information, as outlined in the Personal Health Information Protection Act (PHIPA), 2004.

Why do we collect your personal health information?

Peel Region and associated service partners collect information about our clients, patients and residents so that you can be accurately identified each time you contact us.

Personal health information collected is only available to program staff who are involved in your health care either directly (such as health care professionals), assisting in the provision of health care in a supporting role (such as health records, or financial services).

Your personal health information may also be used to:

  • Quickly and accurately identify your client record each time you require healthcare or associated services.
  • Provide you with the most effective and appropriate services or treatments. This may include assessments of your health condition, test results, and other health services being received. All of this information may be recorded in your client record and made available to those involved in your care, including health-care providers, and social services, who are partners in your care. Our programs keep a history of your health information, so that you or your caregiver has a complete summary of your health status.
  • Comply with legal and regulatory requirements. For example, sometimes we collect your Ontario Health Card Number (OHIP) or Social Insurance Number (SIN) because it is required for the processing and funding of related services.
  • Improve the quality and efficiency with which we provide services including evaluations of our program and services for quality improvement.
  • Support leading edge research with Researchers working on studies approved by an ethics board may have access to health information, provided that privacy and confidentiality issues have been addressed with you.
  • Support Health Services educational activities for teaching purposes, provided that measures are taken through our program and services to adequately protect your privacy and confidentiality.

How we collect personal health information

Our health programs may collect personal health information directly from you or another person who is authorized to act on your behalf, such as a parent, or legal guardian or substitute decision-maker.

We may also collect personal health information about you from other sources if your consent has been obtained or if the law permits or requires the collection. The information is collected for the purpose of promoting and protecting health, and to prevent disease.

The personal health information we collect may include:

  • Name
  • Address and contact information
  • Date of birth
  • Ontario Health Card Number
  • Social Insurance Number
  • Facts about your healthcare and medical history
  • Services being received or you qualify for
  • Case management and case conferencing
  • Health care support
  • Social services support
  • Information about payment for health care, when required for certain health services

Personal health information may be collected through a face-to-face meeting with a program staff person, over the phone, through written documents or electronic documents. All documentation of personal health information is recorded on paper or electronically, including secure cloud-based systems in compliance with PHIPA.

Why we collect personal health information

The general overall purpose for collection of personal health information is to promote and protect health, to help obtain supportive services and to prevent disease. Some examples of when we may collect personal health information include:

  • The provision or assisting in provision of health care
  • Planning or delivering health programs or services
  • Arranging referrals, providing supportive counselling and establishing interventions
  • Health protection, promotion and awareness
  • Public health administration and monitoring
  • Administering and managing the health care system
  • Purposes related to the Ambulance Service within the meaning of the Ambulance Act
  • Purposes related to Long-Term Care within the meaning of the Long Term Care Homes Act
  • Purposes related to the function of the Medical Officer of Health and Board of Health pursuant to the Health Protection and Promotion Act
  • Conducting research and statistics
  • Purposes permitted or required by law
  • Compliance with legal and regulatory requirements

The Region uses your personal health information for the purposes for which it is collected, most importantly for the delivery of quality health care or assisting in the delivery of health care and social services, by the following Region of Peel services:

  • Public Health
  • Paramedic Services
  • Long-Term Care
  • Senior Services

Your personal health information may be used for the purpose of maintaining or improving the quality and efficiency of services delivered and sometimes for obtaining payment for services rendered or permitted or required by law.

We always get your consent to collect, use and disclose your personal health information, unless required by law.

When do we disclose your personal health information

With your consent, your personal health information may be shared across services to provide you with a continuum of care and services.

When necessary, personal health information may be shared with our public health programs, Peel Long-Term Care Homes, Adult Day Service Programs or Peel Regional Paramedic Services to specifically provide health care, but may also need to investigate and manage potential risks to others or to the population at large.

Non-identifying information related to clients' care and services is used for administration, management, evaluation, strategic planning, program improvement, decision-making, research and allocation of resources.

Under the Health Protection and Promotion Act, 1990 c.H.7 Peel Region’s Medical Officer of Health can disclose personal health information to other health units and to the provincial Ministry of Health and Long-Term Care. Your personal health information may also be shared with health care providers to plan and deliver health care or investigate and manage potential health risks to others.

Who can act on another person's behalf for the collection, use and disclosure of personal health information?

Substitute-decision makers can act on behalf of another individual. These include:

  • a parent or legal guardian of a child under 16 years of age, with some exceptions
  • any person that has been given written authorization by an individual that is at least 16 years of age or the individual's substitute decision-maker to consent
  • an estate trustee or person who has assumed responsibility for administration of a deceased's estate
  • a person that has legal authority under PHIPA to consent for an incapable individual
  • a person that is entitled or required to act as a substitute decision-maker under legislation

Parent's access to your child's personal health information

Parents are often entitled to access the personal health information of their children, although some limitations exist. Under PHIPA, Health Information Custodians can disclose a child's personal health information to a parent in the following circumstances:

  • to a custodial parent, if the information pertains to a child under 16 years of age and there is no implicit or explicit expectation of confidentiality or if no legal exception under PHIPA exists
  • to a custodial parent of a child 16 years of age or older where the child has been deemed incapable of consenting and the custodial parent is considered the substitute decision-maker under legislation
  • to a non-custodial parent in the circumstances listed above, but only with the consent of the custodial parent or substitute decision-maker, as applicable

Other situations involving disclosure of a child's personal health information may require the written authorization of the official substitute decision-maker or the child to whom the information relates.

Peel Region is committed to ensuring that your personal health information is not lost, stolen, or used by anyone that should not have access to it. We will also ensure that it is kept private and stored and disposed of, in a secure way. We will ensure that everyone who performs services for us protects your privacy and only uses your personal health information in the way you have agreed it can be used.

If consent is given to let a family or legal representative have access to personal health information, these representatives may have access to those parts of the personal health record that have been identified in the consent.

Individuals have the right to withdraw or change the conditions of consent, subject to provisions set out in PHIPA.

Our services commitment to privacy and security

We are is committed to protecting the privacy, confidentiality and security of your personal health information held in any form. We employ physical, organizational and technological safeguards to protect your personal health information against theft and loss, as well as unauthorized access, copying, modification, use, disclosure and disposal.

All staff that come into contact with your personal health information are aware of its sensitive nature and are trained in the appropriate use, disclosure and protection of your personal health information. Staff will ensure the amount and type of personal health information collected, used or disclosed is limited to that which is necessary to fulfill the purpose for which it was collected.

Technology systems supporting Health Services

We also require organizations, vendors and third parties, who support our services, or provide programs on our behalf, to protect the privacy of your personal health information and to use such information only for the purposes you have consented to, or that are permitted or required by law.

These solutions help support Health Services in continuing to deliver excellent client service in a technologically secure manner. Privacy Impact Assessments are completed to ensure these solutions are in compliance with PHIPA to protect your personal health information.

These include the following information management systems.

Technology System Used by
Connecting Ontario Clinical Viewer - eHealth Health Services
Microsoft Office 365 Health Services
Microsoft Skype for Business Health Services
Salesforce Platform Health Services
Lagan Technologies Health Services
iMedic Interdev Technologies –Electronic Ambulance Call Record (eACR) Peel Regional Paramedic Services
Point Click Care – Electronic Health Record Peel Long Term Care
eHealth PANORAMA Immunization Information Peel Public Health
Healthy Child Development - Information Services for Children Information System (HCD-ISCIS) Peel Public Health – Healthy Babies Healthy Children
Integrated Public Health Information System (iPHIS) Peel Public Health – Communicable Disease
MenuStream Peel Long Term Care
Tempo Box Health Services
Health Partner Gateway Peel Regional Paramedic Services
One Mail Health Services
HedgeHog Peel Public Health – Environmental Health
Residential Assessment Instrument (RAI) – Community Health Assessment (CHA) - (interRAI CHA) Peel Long Term Care and Seniors Services Development

The following video was designed and distributed by the Information and Privacy Commissioner (IPC) of Ontario. The video segments are designed to provide a guide for training and education of Personal Health Information Protection Act (PHIPA); video segments depict real life health scenarios and how PHIPA applies to those scenarios.

The Region of Peel is providing access to the video to promote an understanding of PHIPA; additional information can be obtained from the IPC website www.ipc.on.ca

Protecting the privacy of our clients

Peel Region takes privacy breaches very seriously and is committed to protecting the privacy of our clients, patients and residents, and the confidentiality and security of all personal health information.

What is a privacy breach?

A privacy breach happens when personal health information has been lost or stolen; or accessed, disclosed or disposed of inappropriately in a manner that does not comply with the PHIPA.

What happens when a privacy breach occurs?

As soon as the privacy team learns of a privacy breach, the following steps are taken:

  • Identify the extent of the breach and takes steps to immediately contain it;
  • Investigate the cause of the breach and work to eliminate the risk of it happening again;
  • Notify the individual(s) whose privacy was breached;
  • Notify the Information and Privacy Commissioners Office of Ontario if required by provisions set out in PHIPA: Guidelines for reporting a breach in the health sector..

How does Peel Region prevent privacy breaches?

We have taken a variety of steps to prevent privacy breaches. They include:

  • Creating and enforcing policies that clearly limit access to and protect personal health information
  • Providing privacy training sessions for all Health Services employees and service delivery partners or vendors using our cloud-based systems.
  • Asking all employees and service delivery partners to sign a confidentiality agreement which outlines their obligations
  • Performing random audits of information management systems to ensure employees are not accessing more client information than is necessary to do their jobs
  • Providing employees with locked offices, filing cabinets and secure methods to dispose of documents
  • Restricting client information to only those employees who need to know
  • Ensuring all relevant computers are password-protected and encrypted
  • Ensuring all mobile computing devices are strongly encrypted

If you believe a privacy breach has occurred, email our Access to Information and Privacy Team or call 905-791-7800 and ask to speak with the Privacy Contact Person.