Peel Region homepage
Peel Region

Personal Health Information Protection Act (PHIPA)

Protecting the privacy of your personal health information

Personal health information is information in any form that identifies you and that relates to your health and health care including, health history, health care programs and services, health care providers, substitute decision-makers, health card number and other personal identification numbers.

Region of Peel Health Services notice of privacy information practices

Under the Personal Health Information Protection Act , 2004, c. 3 (PHIPA), the Regional Municipality of Peel (Region of Peel) has 4 Health Information Custodians. They include:

Under PHIPA, Health Information Custodians are responsible to ensure that personal health information is collected, used, stored and shared in a way that protects the confidentiality of that information, and the privacy of individuals.

We believe our clients, patients and residents should know what personal health information we collect, how it's used and protected, and who we shared with.

Contact our Health Privacy Contact Person or call 905-791-7800 to learn more about our privacy practices.

Examples of personal health information

Personal health information can be in either spoken or written form and may include:

Other information

Your privacy is important to us

We are committed to respecting your privacy and protecting your personal health information, as outlined in the Personal Health Information Protection Act (PHIPA), 2004.

Why do we collect your personal health information?

The Region collects information about our clients, patients and residents so that you can be accurately identified each time you contact a Health Services Program.

Personal health information collected is only available to program staff who are involved in your healthcare either directly (such as healthcare professionals), or in a supporting role such as Health Records and Financial Services.

Your personal health information may also be used to:

  • Quickly and accurately identify your health record each time you require healthcare.
  • Provide you with the most effective and appropriate healthcare services or treatment(s). This may include assessments of your health condition, test results and other treatments. All of this information is recorded in your health record and made available to those involved in your care, including health-care providers, who are partners in your care. Health Services keeps the history of your health information, so that you or your caregiver has a complete summary of your health status.
  • Comply with legal and regulatory requirements. For example, sometimes we collect your Ontario Health Card Number (OHIP) because it is required for the processing and funding of health-care services.
  • Improve the quality and efficiency with which we provide health-care services including evaluations of our program and services for quality improvement.
  • Support leading edge research with Researchers working on studies approved by an ethics board may have access to health information, provided that privacy and confidentiality issues have been addressed with you.
  • Support Health Services educational activities for teaching purposes, provided that measures are taken through our program and services to adequately protect your privacy and confidentiality.

How we collect personal health information

Our health programs may collect personal health information directly from you or another person who is authorized to act on your behalf, such as a parent, or legal guardian or substitute decision-maker.

We may also collect personal health information about you from other sources if your consent has been obtained or if the law permits or requires the collection. The information is collected for the purpose of promoting and protecting health, and to prevent disease.
The personal health information we collect may include:

  • Name
  • Address & contact information
  • Date of birth
  • Ontario Health Card Number
  • Facts about your healthcare and medical history
  • Information about payment for health care, when required for certain health services

Personal health information may be collected through a face-to-face meeting with a Health Services staff person, over the phone, through written documents and/or electronic documents. All documentation of personal health information by Health Services is recorded on paper and/or secure electronic information systems in compliance with PHIPA.

Why we collect personal health information

The general overall purpose for collection of personal health information is to promote and protect health, and to prevent disease. Some examples of when Health Services may collect personal health information include:

  • The provision or assisting in provision of health care
  • Planning or delivering health programs or services
  • Arranging referrals, providing supportive counselling and establishing interventions
  • Health protection, health promotion and awareness
  • Public health administration and monitoring
  • Administering and managing the health care system
  • Purposes related to the Ambulance Service within the meaning of the Ambulance Act
  • Purposes related to Long-Term Care within the meaning of the Long Term Care Homes Act
  • Purposes related to the function of the Medical Officer of Health and Board of Health pursuant to the Health Protection and Promotion Act
  • Conducting research and statistics
  • Purposes permitted or required by law
  • Compliance with legal and regulatory requirements

The Region uses your personal health information for the purposes for which it is collected, most importantly for the delivery of quality healthcare by the following services:

  • Public Health
  • Paramedic Services
  • Long-Term Care
  • Senior Services

In addition, your personal health information may be used for the purpose of maintaining or improving the quality and efficiency of healthcare delivered and sometimes for obtaining payment for health care rendered or permitted or required by law.

When do we disclose your personal health information

When necessary, personal health information may be shared with our public health programs, Peel Long-Term Care Homes, Adult Day Service Programs or Peel Regional Paramedic Services to specifically provide health care, but may also need to investigate and manage potential risks to others or to the population at large.

Non-identifying information related to clients' care and services is used for administration, management, evaluation, strategic planning, decision-making, research and allocation of resources.

Under the Health Protection and Promotion Act, 1990 c.H.7 the Region’s Medical Officer of Health can disclose personal health information to other health units and to the provincial Ministry of Health and Long-Term Care. Your personal health information may also be shared with health care providers to plan and deliver health care or investigate and manage potential health risks to others.

Who is entitled to act on another person's behalf for the collection, use and disclosure of personal health information?

Substitute-decision makers, such as the following persons, are entitled to act on behalf of another individual

  • a parent/legal guardian of a child under 16 years of age, with some exceptions
  • any person that has been given written authorization by an individual that is at least 16 years of age or the individual's substitute decision-maker to consent
  • an estate trustee or person who has assumed responsibility for administration of a deceased's estate
  • a person that has legal authority under PHIPA to consent for an incapable individual
  • a person that is entitled or required to act as a substitute decision-maker under legislation

Parent's access to your child's personal health information

Parents are often entitled to access the personal health information of their children, although some limitations exist. Under PHIPA, Health Information Custodians can disclose a child's personal health information to a parent in the following circumstances:

  • to a custodial parent, if the information pertains to a child under 16 years of age and there is no implicit or explicit expectation of confidentiality or if no legal exception under PHIPA exists
  • to a custodial parent of a child 16 years of age or older where the child has been deemed incapable of consenting and the custodial parent is considered the substitute decision-maker under legislation
  • to a non-custodial parent in the circumstances listed above, but only with the consent of the custodial parent or substitute decision-maker, as applicable

Other situations involving disclosure of a child's personal health information may require the written authorization of the official substitute decision-maker or the child to whom the information relates.

The Region is committed to ensuring that your personal health information is not lost, stolen, or used by anyone that should not have access to it. We will also ensure that it is kept private and stored and disposed of, in a secure way. We will ensure that everyone who performs services for us protects your privacy and only uses your personal health information in the way you have agreed it can be used.

If consent is given to let a family or legal representative have access to personal health information, these representatives may have access to those parts of the personal health record that have been identified in the consent.

Individuals have the right to withdraw or change the conditions of consent, subject to provisions set out in PHIPA.

Our services commitment to privacy and security

Our Health Services Department includes:

  • Peel Public Health
  • Peel Regional Paramedic Services
  • Peel Long-Term Care
  • Senior Services Development

Health Services is committed to protecting the privacy, confidentiality and security of your personal health information held in any form. We employ physical, organizational and technological safeguards to protect your personal health information against theft and loss, as well as unauthorized access, copying, modification, use, disclosure and disposal.

All staff that come into contact with your personal health information are aware of its sensitive nature and are trained in the appropriate use, disclosure and protection of your personal health information. Staff will ensure the amount and type of personal health information collected, used or disclosed is limited to that which is necessary to fulfill the purpose for which it was collected.

Technology systems supporting Health Services

We also require organizations, vendors and third parties, who support our services, or provide programs on our behalf, to protect the privacy of your personal health information and to use such information only for the purposes you have consented to, or that are permitted or required by law.

These solutions help support Health Services in continuing to deliver excellent client service in a technologically secure manner. Privacy assessments are completed to ensure these solutions are in compliance with PHIPA to protect your personal health information.

These include the following information management systems.

Technology System Used by
Connecting Ontario Clinical Viewer - eHealth Health Services
Microsoft Office 365 Health Services
Microsoft Skype for Business Health Services
Salesforce Solution - Customer Relationship Management Health Services
Lagan Technologies Health Services
iMedic Interdev Technologies –Electronic Ambulance Call Record (eACR) Peel Regional Paramedic Services
Point Click Care – Electronic Health Record Peel Long-Term Care
eHealth PANORAMA Immunization Information Peel Public Health
Healthy Child Development - Information Services for Children Information System (HCD-ISCIS) Peel Public Health – Healthy Babies Healthy Children
Integrated Public Health Information System (iPHIS) Peel Public Health – Communicable Disease
MenuStream Peel Long-Term Care
Tempo Box Health Services
Health Partner Gateway Peel Regional Paramedic Services
One Mail Health Services
HedgeHog Peel Public Health – Environmental Health
Residential Assessment Instrument (RAI) – Community Health Assessment (CHA) - (interRAI CHA) Peel Long-Term Care & Seniors Services Development

The following video was designed and distributed by the Information and Privacy Commissioner (IPC) of Ontario. The video segments are designed to provide a guide for training and education of Personal Health Information Protection Act (PHIPA); video segments depict real life health scenarios and how PHIPA applies to those scenarios.

The Region of Peel is providing access to the video to promote an understanding of PHIPA; additional information can be obtained from the IPC website

Protecting the privacy of our clients

The Region take privacy breaches very seriously and is committed to protecting the privacy of our clients, patients and residents, and the confidentiality and security of all personal health information.

What is a privacy breach?

A privacy breach happens when personal health information has been lost or stolen; or accessed, disclosed or disposed of inappropriately in a manner that does not comply with the PHIPA.

What happens when a privacy breach occurs?

As soon as the privacy team learns of a privacy breach, the following steps are taken:

  • Identify the extent of the breach and takes steps to immediately contain it;
  • Investigate the cause of the breach and work to eliminate the risk of it happening again;
  • Notify the individual(s) whose privacy was breached;
  • Notify the Information and Privacy Commissioners Office of Ontario if required by provisions set out in PHIPA: Guidelines for reporting a breach in the health sector..

How does the Region prevent privacy breaches?

The Region has taken a variety of steps to prevent privacy breaches. They include:

  • Creating and enforcing policies that clearly limit access to and protect personal health information
  • Providing training sessions for all Health Services employees
  • Asking all employees to sign a confidentiality agreement which outlines their obligations
  • Performing random audits of information management systems to ensure employees are not accessing more client information than is necessary to do their jobs
  • Providing employees with locked offices, filing cabinets and secure methods to dispose of documents
  • Restricting client information to only those employees who need to know
  • Ensuring all relevant computers are password-protected and encrypted
  • Ensuring all mobile computing devices are strongly encrypted

If you believe a privacy breach has occurred, contact Health Privacy or call 905-791-7800 and ask to speak with the Health Privacy Contact Person.