Personal Health Information Protection Act (PHIPA)
Protecting the privacy of your personal health information
Personal health information is information in any form that identifies you and that relates to your health and health care including, health history, health care programs and services, health care providers, substitute decision-makers, health card number and other personal identification numbers.
Region of Peel Statement of Information Privacy Practices
Under the Personal Health Information Protection Act , 2004, c. 3 (PHIPA), the Regional Municipality of Peel (Region of Peel) has 4 Health Information Custodians. They include:
- Medical Officer of Health, Peel Public Health
- Chief and Director, Peel Regional Paramedic Services
- Director, Peel Long Term Care
- Director, Senior Services Development
Under PHIPA, Health Information Custodians are responsible to ensure that personal health information is collected, used, stored and shared in a way that protects the confidentiality of that information, and the privacy of individuals.
We believe our clients, patients and residents should know what personal health information we collect, how it's used and protected, and who we shared with.
Contact our Privacy Office or call 905-791-7800 to learn more about our privacy practices.
Examples of personal health information
Personal health information can be in either spoken or written form and may include:
- Health record and health history
- Case management record
- Assessments for service delivery
- Delivery of health care
- Health services being received
- Lab or test results
- Health care provider
- Health care payments or eligibility for health care
- Donation of any body part or bodily substance of the individual or is derived from the testing or examination of any such body part or bodily substance
- Health care number (OHIP)
Your privacy is important to us
We are committed to respecting your privacy and protecting your personal health information, as outlined in the Personal Health Information Protection Act (PHIPA), 2004.
Why do we collect your personal health information?
Peel Region and associated service partners collect information about our clients, patients and residents so that you can be accurately identified each time you contact us.
Personal health information collected is only available to program staff who are involved in your health care either directly (such as health care professionals), assisting in the provision of health care in a supporting role (such as health records, or financial services).
Your personal health information may also be used to:
- Quickly and accurately identify your client record each time you require healthcare or associated services.
- Provide you with the most effective and appropriate services or treatments. This may include assessments of your health condition, test results, and other health services being received. All of this information may be recorded in your client record and made available to those involved in your care, including health-care providers, and social services, who are partners in your care. Our programs keep a history of your health information, so that you or your caregiver has a complete summary of your health status.
- Comply with legal and regulatory requirements. For example, sometimes we collect your Ontario Health Card Number (OHIP) or Social Insurance Number (SIN) because it is required for the processing and funding of related services.
- Improve the quality and efficiency with which we provide services including evaluations of our program and services for quality improvement.
- Support leading edge research with Researchers working on studies approved by an ethics board may have access to health information, provided that privacy and confidentiality issues have been addressed with you.
- Support Health Services educational activities for teaching purposes, provided that measures are taken through our program and services to adequately protect your privacy and confidentiality.
How we collect personal health information
Our health programs may collect personal health information directly from you or another person who is authorized to act on your behalf, such as a parent, or legal guardian or substitute decision-maker.
We may also collect personal health information about you from other sources if your consent has been obtained or if the law permits or requires the collection. The information is collected for the purpose of promoting and protecting health, and to prevent disease.
The personal health information we collect may include:
- Address and contact information
- Date of birth
- Ontario Health Card Number
- Social Insurance Number
- Facts about your healthcare and medical history
- Services being received or you qualify for
- Case management and case conferencing
- Health care support
- Social services support
- Information about payment for health care, when required for certain health services
Personal health information may be collected through a face-to-face meeting with a program staff person, over the phone, through written documents or electronic documents. All documentation of personal health information is recorded on paper or electronically, including secure cloud-based systems in compliance with PHIPA.
Why we collect personal health information
The general overall purpose for collection of personal health information is to promote and protect health, to help obtain supportive services and to prevent disease. Some examples of when we may collect personal health information include:
- The provision or assisting in provision of health care
- Planning or delivering health programs or services
- Arranging referrals, providing supportive counselling and establishing interventions
- Health protection, promotion and awareness
- Public health administration and monitoring
- Administering and managing the health care system
- Purposes related to the Ambulance Service within the meaning of the Ambulance Act
- Purposes related to Long-Term Care within the meaning of the Long Term Care Homes Act
- Purposes related to the function of the Medical Officer of Health and Board of Health pursuant to the Health Protection and Promotion Act
- Conducting research and statistics
- Purposes permitted or required by law
- Compliance with legal and regulatory requirements
The Region uses your personal health information for the purposes for which it is collected, most importantly for the delivery of quality health care or assisting in the delivery of health care and social services, by the following Region of Peel services:
- Public Health
- Paramedic Services
- Long-Term Care
- Senior Services
Your personal health information may be used for the purpose of maintaining or improving the quality and efficiency of services delivered and sometimes for obtaining payment for services rendered or permitted or required by law.
We always get your consent to collect, use and disclose your personal health information, unless required by law.
When do we disclose your personal health information
With your consent, your personal health information may be shared across services to provide you with a continuum of care and services.
When necessary, personal health information may be shared with our public health programs, Peel Long-Term Care Homes, Adult Day Service Programs or Peel Regional Paramedic Services to specifically provide health care, but may also need to investigate and manage potential risks to others or to the population at large.
Non-identifying information related to clients' care and services is used for administration, management, evaluation, strategic planning, program improvement, decision-making, research and allocation of resources.
Under the Health Protection and Promotion Act, 1990 c.H.7 Peel Region’s Medical Officer of Health can disclose personal health information to other health units and to the provincial Ministry of Health and Long-Term Care. Your personal health information may also be shared with health care providers to plan and deliver health care or investigate and manage potential health risks to others.
Who can act on another person's behalf for the collection, use and disclosure of personal health information?
Substitute-decision makers can act on behalf of another individual. These include:
- a parent or legal guardian of a child under 16 years of age, with some exceptions
- any person that has been given written authorization by an individual that is at least 16 years of age or the individual's substitute decision-maker to consent
- an estate trustee or person who has assumed responsibility for administration of a deceased's estate
- a person that has legal authority under PHIPA to consent for an incapable individual
- a person that is entitled or required to act as a substitute decision-maker under legislation
Parent's access to your child's personal health information
Parents are often entitled to access the personal health information of their children, although some limitations exist. Under PHIPA, Health Information Custodians can disclose a child's personal health information to a parent in the following circumstances:
- to a custodial parent, if the information pertains to a child under 16 years of age and there is no implicit or explicit expectation of confidentiality or if no legal exception under PHIPA exists
- to a custodial parent of a child 16 years of age or older where the child has been deemed incapable of consenting and the custodial parent is considered the substitute decision-maker under legislation
- to a non-custodial parent in the circumstances listed above, but only with the consent of the custodial parent or substitute decision-maker, as applicable
Other situations involving disclosure of a child's personal health information may require the written authorization of the official substitute decision-maker or the child to whom the information relates.
Peel Region is committed to ensuring that your personal health information is not lost, stolen, or used by anyone that should not have access to it. We will also ensure that it is kept private and stored and disposed of, in a secure way. We will ensure that everyone who performs services for us protects your privacy and only uses your personal health information in the way you have agreed it can be used.
If consent is given to let a family or legal representative have access to personal health information, these representatives may have access to those parts of the personal health record that have been identified in the consent.
Individuals have the right to withdraw or change the conditions of consent, subject to provisions set out in PHIPA.
Our services commitment to privacy and security
We are is committed to protecting the privacy, confidentiality and security of your personal health information held in any form. We employ physical, organizational and technological safeguards to protect your personal health information against theft and loss, as well as unauthorized access, copying, modification, use, disclosure and disposal.
All staff that come into contact with your personal health information are aware of its sensitive nature and are trained in the appropriate use, disclosure and protection of your personal health information. Staff will ensure the amount and type of personal health information collected, used or disclosed is limited to that which is necessary to fulfill the purpose for which it was collected.
Technology systems supporting Health Services
We also require organizations, vendors and third parties, who support our services, or provide programs on our behalf, to protect the privacy of your personal health information and to use such information only for the purposes you have consented to, or that are permitted or required by law.
These solutions help support Health Services in continuing to deliver excellent client service in a technologically secure manner. Privacy Impact Assessments are completed to ensure these solutions are in compliance with PHIPA to protect your personal health information.
These include the following information management systems.
|Technology System||Used by|
|Connecting Ontario Clinical Viewer - eHealth||Health Services|
|Microsoft Office 365||Health Services|
|Microsoft Skype for Business||Health Services|
|Salesforce Platform||Health Services|
|Lagan Technologies||Health Services|
|iMedic Interdev Technologies –Electronic Ambulance Call Record (eACR)||Peel Regional Paramedic Services|
|Point Click Care – Electronic Health Record||Peel Long Term Care|
|eHealth PANORAMA Immunization Information||Peel Public Health|
|Healthy Child Development - Information Services for Children Information System (HCD-ISCIS)||Peel Public Health – Healthy Babies Healthy Children|
|Integrated Public Health Information System (iPHIS)||Peel Public Health – Communicable Disease|
|MenuStream||Peel Long Term Care|
|Tempo Box||Health Services||Health Partner Gateway||Peel Regional Paramedic Services|
|One Mail||Health Services|
|HedgeHog||Peel Public Health – Environmental Health|
|Residential Assessment Instrument (RAI) – Community Health Assessment (CHA) - (interRAI CHA)||Peel Long Term Care and Seniors Services Development|
Individuals who wish to access or correct their personal health information, or who have questions about how it is collected, maintained, used or disclosed, are encouraged to contact Public Health, Peel Regional Paramedic Services, and Long Term Care, or Senior Services Development (includes our Adult Day Services Program).
How do I formally request access to or a correction of my personal health information?
- Submit your access or correction request in writing, ensuring to provide sufficient detail to enable staff to locate the records.
- Submit the written request to the staff person or program you believe has custody of your personal health information.
- A response should be received within 30 days unless a notice of extension is issued under PHIPA.
Prior to disclosure of information, staff may ask to verify your identity (e.g. where your mailing address information is incomplete or outdated or where you wish to access the record(s) in person and staff is not familiar with you).
Requests for personal health records:
- Peel Public Health - request for access to Personal Health Information
- Peel Long-Term Care - request for access or correction to Personal Health Information
- Peel Adult Day Services - request for access or correction to Personal Health Information
- Peel Regional Paramedic Services – request for access Ambulance Call Record
PHIPA access request fees:
An Administration fee of $30 may be charged for any request to access personal health information for the following services.
- Peel Public Health
- Peel Long Term Care
- Peel Adult Day Services
After the first 20-pages, an additional fee of $0.25 for each page may be charged.
An administration fee of $75 will be charged for any request to access personal health information for Peel Regional Paramedic Services.
Additional fees may also be charged depending on the type of request to obtain health or financial information (microfilm, compact disc, encrypted USB Key, etc.). Requests must be made in writing.
A fee may be waived if there is financial hardship.
Health Information Custodians
The Region is committed to resolving all concerns or complaints and encourages individuals to first contact Peel Public Health, Long Term Care, Peel Regional Paramedic Services, Senior Services Development at:
Medical Officer of Health
7120 Hurontario Street
Mississauga, ON L6T 4B5
Email Peel's Medical Officer of Health
Chief and Director, Peel Regional Paramedic Services
1600 Bovaird Drive East
Brampton, ON L6R 3S8
Email Peel Regional Paramedic Services
Director, Long Term Care
10 Peel Centre Dr., Suite B
Brampton ON L6T 4B9
Email Long Term Care
Director, Senior Services Development
10 Peel Centre Dr., Suite A
PO Box 2009, STN B
Brampton ON L6T 0E5
Email Seniors Services Development
You have the right to make a complaint to the Information and Privacy Commissioner of Ontario, if you are concerned with how we have handled your personal health information.
The Commissioner can be reached at:
The Information and Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400
Toronto ON M4W 1A8
The following video was designed and distributed by the Information and Privacy Commissioner (IPC) of Ontario. The video segments are designed to provide a guide for training and education of Personal Health Information Protection Act (PHIPA); video segments depict real life health scenarios and how PHIPA applies to those scenarios.
The Region of Peel is providing access to the video to promote an understanding of PHIPA; additional information can be obtained from the IPC website www.ipc.on.ca
Protecting the privacy of our clients
Peel Region takes privacy breaches very seriously and is committed to protecting the privacy of our clients, patients and residents, and the confidentiality and security of all personal health information.
What is a privacy breach?
A privacy breach happens when personal health information has been lost or stolen; or accessed, disclosed or disposed of inappropriately in a manner that does not comply with the PHIPA.
What happens when a privacy breach occurs?
As soon as the privacy team learns of a privacy breach, the following steps are taken:
- Identify the extent of the breach and takes steps to immediately contain it;
- Investigate the cause of the breach and work to eliminate the risk of it happening again;
- Notify the individual(s) whose privacy was breached;
- Notify the Information and Privacy Commissioners Office of Ontario if required by provisions set out in PHIPA: Guidelines for reporting a breach in the health sector..
How does Peel Region prevent privacy breaches?
We have taken a variety of steps to prevent privacy breaches. They include:
- Creating and enforcing policies that clearly limit access to and protect personal health information
- Providing privacy training sessions for all Health Services employees and service delivery partners or vendors using our cloud-based systems.
- Asking all employees and service delivery partners to sign a confidentiality agreement which outlines their obligations
- Performing random audits of information management systems to ensure employees are not accessing more client information than is necessary to do their jobs
- Providing employees with locked offices, filing cabinets and secure methods to dispose of documents
- Restricting client information to only those employees who need to know
- Ensuring all relevant computers are password-protected and encrypted
- Ensuring all mobile computing devices are strongly encrypted
If you believe a privacy breach has occurred, email our Access to Information and Privacy Team or call 905-791-7800 and ask to speak with the Privacy Contact Person.