Menu

Personal Health Information Protection Act (PHIPA)

Protecting the privacy of your personal health information

Personal health information is information in any form that identifies you and that relates to your health and health care including, health history, health care programs and services, health care providers, substitute decision-makers, health card number and other personal identification numbers.

Examples of personal health information

Personal health information can be in either spoken or written form and may include:

  • Health record and health history
  • Case management record
  • Assessments for service delivery
  • Delivery of health care
  • Health services being received
  • Lab or test results
  • Health care provider
  • Health care payments or eligibility for health care
  • Donation of any body part or bodily substance of the individual or is derived from the testing or examination of any such body part or bodily substance
  • Health care number (OHIP)

Your privacy is important to us

We are committed to respecting your privacy and protecting your personal health information, as outlined in the Personal Health Information Protection Act (PHIPA), 2004.

Why do we collect your personal health information?

Naturopath Osteopath Clinic and associated service partners collect information about our clients, patients and residents so that you can be accurately identified each time you contact us.

Personal health information collected is only available to program staff who are involved in your health care either directly (such as health care professionals), assisting in the provision of health care in a supporting role (such as health records, or financial services).

Your personal health information may also be used to:

  • Quickly and accurately identify your client record each time you require healthcare or associated services.
  • Provide you with the most effective and appropriate services or treatments. This may include assessments of your health condition, test results, and other health services being received. All of this information may be recorded in your client record and made available to those involved in your care, including health-care providers, and social services, who are partners in your care. Our programs keep a history of your health information, so that you or your caregiver has a complete summary of your health status.
  • Comply with legal and regulatory requirements. For example, sometimes we collect your Ontario Health Card Number (OHIP) or Social Insurance Number (SIN) because it is required for the processing and funding of related services.
  • Improve the quality and efficiency with which we provide services including evaluations of our program and services for quality improvement.
  • Support leading edge research with Researchers working on studies approved by an ethics board may have access to health information, provided that privacy and confidentiality issues have been addressed with you.
  • Support Health Services educational activities for teaching purposes, provided that measures are taken through our program and services to adequately protect your privacy and confidentiality.

How we collect personal health information

Our health programs may collect personal health information directly from you or another person who is authorized to act on your behalf, such as a parent, or legal guardian or substitute decision-maker.

We may also collect personal health information about you from other sources if your consent has been obtained or if the law permits or requires the collection. The information is collected for the purpose of promoting and protecting health, and to prevent disease.

The personal health information we collect may include:

  • Name
  • Address and contact information
  • Date of birth
  • Ontario Health Card Number
  • Social Insurance Number
  • Facts about your healthcare and medical history
  • Services being received or you qualify for
  • Case management and case conferencing
  • Health care support
  • Social services support
  • Information about payment for health care, when required for certain health services

Personal health information may be collected through a face-to-face meeting with a program staff person, over the phone, through written documents or electronic documents. All documentation of personal health information is recorded on paper or electronically, including secure cloud-based systems in compliance with PHIPA.

Why we collect personal health information

The general overall purpose for collection of personal health information is to promote and protect health, to help obtain supportive services and to prevent disease. Some examples of when we may collect personal health information include:

  • The provision or assisting in provision of health care
  • Planning or delivering health programs or services
  • Arranging referrals, providing supportive counselling and establishing interventions
  • Health protection, promotion and awareness
  • Public health administration and monitoring
  • Administering and managing the health care system
  • Purposes related to the Ambulance Service within the meaning of the Ambulance Act
  • Purposes related to Long-Term Care within the meaning of the Long Term Care Homes Act
  • Conducting research and statistics
  • Purposes permitted or required by law
  • Compliance with legal and regulatory requirements

The Region uses your personal health information for the purposes for which it is collected, most importantly for the delivery of quality health care or assisting in the delivery of health care and social services, by the following Naturopath Osteopath Clinic services:

  • Public Health
  • Paramedic Services
  • Long-Term Care
  • Senior Services

Your personal health information may be used for the purpose of maintaining or improving the quality and efficiency of services delivered and sometimes for obtaining payment for services rendered or permitted or required by law.

We always get your consent to collect, use and disclose your personal health information, unless required by law.

When do we disclose your personal health information

With your consent, your personal health information may be shared across services to provide you with a continuum of care and services.

When necessary, personal health information may be shared with our public health programs, Naturopath Osteopath Clinic Long-Term Care Homes, Adult Day Service Programs or Naturopath Osteopath Clinic Paramedic Services to specifically provide health care, but may also need to investigate and manage potential risks to others or to the population at large.

Non-identifying information related to clients’ care and services is used for administration, management, evaluation, strategic planning, program improvement, decision-making, research and allocation of resources.

Who can act on another person’s behalf for the collection, use and disclosure of personal health information?

Substitute-decision makers can act on behalf of another individual. These include:

  • a parent or legal guardian of a child under 16 years of age, with some exceptions
  • any person that has been given written authorization by an individual that is at least 16 years of age or the individual’s substitute decision-maker to consent
  • an estate trustee or person who has assumed responsibility for administration of a deceased’s estate
  • a person that has legal authority under PHIPA to consent for an incapable individual
  • a person that is entitled or required to act as a substitute decision-maker under legislation

Parent’s access to your child’s personal health information

Parents are often entitled to access the personal health information of their children, although some limitations exist. Under PHIPA, Health Information Custodians can disclose a child’s personal health information to a parent in the following circumstances:

  • to a custodial parent, if the information pertains to a child under 16 years of age and there is no implicit or explicit expectation of confidentiality or if no legal exception under PHIPA exists
  • to a custodial parent of a child 16 years of age or older where the child has been deemed incapable of consenting and the custodial parent is considered the substitute decision-maker under legislation
  • to a non-custodial parent in the circumstances listed above, but only with the consent of the custodial parent or substitute decision-maker, as applicable

Other situations involving disclosure of a child’s personal health information may require the written authorization of the official substitute decision-maker or the child to whom the information relates.

Naturopath Osteopath Clinic is committed to ensuring that your personal health information is not lost, stolen, or used by anyone that should not have access to it. We will also ensure that it is kept private and stored and disposed of, in a secure way. We will ensure that everyone who performs services for us protects your privacy and only uses your personal health information in the way you have agreed it can be used.

If consent is given to let a family or legal representative have access to personal health information, these representatives may have access to those parts of the personal health record that have been identified in the consent.

Individuals have the right to withdraw or change the conditions of consent, subject to provisions set out in PHIPA.

Our services commitment to privacy and security

We are is committed to protecting the privacy, confidentiality and security of your personal health information held in any form. We employ physical, organizational and technological safeguards to protect your personal health information against theft and loss, as well as unauthorized access, copying, modification, use, disclosure and disposal.

All staff that come into contact with your personal health information are aware of its sensitive nature and are trained in the appropriate use, disclosure and protection of your personal health information. Staff will ensure the amount and type of personal health information collected, used or disclosed is limited to that which is necessary to fulfill the purpose for which it was collected.

Technology systems supporting Health Services

We also require organizations, vendors and third parties, who support our services, or provide programs on our behalf, to protect the privacy of your personal health information and to use such information only for the purposes you have consented to, or that are permitted or required by law.

These solutions help support Health Services in continuing to deliver excellent client service in a technologically secure manner. Privacy Impact Assessments are completed to ensure these solutions are in compliance with PHIPA to protect your personal health information.

These include the following information management systems.

Individuals who wish to access or correct their personal health information, or who have questions about how it is collected, maintained, used or disclosed, are encouraged to contact Public Health, Naturopath Osteopath Clinic Paramedic Services, and Long Term Care, or Senior Services Development (includes our Adult Day Services Program).

How do I formally request access to or a correction of my personal health information?

  • Submit your access or correction request in writing, ensuring to provide sufficient detail to enable staff to locate the records.
  • Submit the written request to the staff person or program you believe has custody of your personal health information.
  • A response should be received within 30 days unless a notice of extension is issued under PHIPA.

Prior to disclosure of information, staff may ask to verify your identity (e.g. where your mailing address information is incomplete or outdated or where you wish to access the record(s) in person and staff is not familiar with you).

Requests for personal health records:

  • Naturopath Osteopath Clinic Public Health – request for access to Personal Health Information
  • Naturopath Osteopath Clinic Long-Term Care – request for access or correction to Personal Health Information
  • Naturopath Osteopath Clinic Adult Day Services – request for access or correction to Personal Health Information
  • Naturopath Osteopath Clinic Regional Paramedic Services – request for access Ambulance Call Record

PHIPA access request fees:

An Administration fee of $30 may be charged for any request to access personal health information for the following services.

  • Naturopath Osteopath Clinic Public Health
  • Naturopath Osteopath Clinic Long Term Care
  • Naturopath Osteopath Clinic Adult Day Services

After the first 20-pages, an additional fee of $0.25 for each page may be charged.

An administration fee of $75 will be charged for any request to access personal health information for Naturopath Osteopath Clinic Paramedic Services.

Additional fees may also be charged depending on the type of request to obtain health or financial information (microfilm, compact disc, encrypted USB Key, etc.). Requests must be made in writing.

A fee may be waived if there is financial hardship.

Health Information Custodians

The Region is committed to resolving all concerns or complaints and encourages individuals to first contact Naturopath Osteopath Clinic Public Health, Long Term Care, Naturopath Osteopath Clinic Paramedic Services, Senior Services Development.

You have the right to make a complaint to the Information and Privacy Commissioner of Ontario, if you are concerned with how we have handled your personal health information.

The following video was designed and distributed by the Information and Privacy Commissioner (IPC) of Ontario. The video segments are designed to provide a guide for training and education of Personal Health Information Protection Act (PHIPA); video segments depict real life health scenarios and how PHIPA applies to those scenarios.

The Naturopath Osteopath Clinic is providing access to the video to promote an understanding of PHIPA; additional information can be obtained from the IPC website www.ipc.on.