As your doctor, my staff and I are bound by law and ethics to safeguard your privacy and the confidentiality of your personal information.
- Collecting only the information that may be necessary for your care
- Keeping accurate and up-to-date records
- Safeguarding the medical records in my possession
- Sharing information with other health-care providers and organizations on a “need to know” basis where required for your heath care
- Disclosing information to third parties only with your express consent, or when necessary for legal reasons
- Retaining/destroying records in accordance with the law
Your request for care from me implies consent for our collection, use and disclosure of your personal information for purposes related to your care. As noted above, other purposes require your express consent.
You have the right to see your records. You may also obtain copies of your records (please see the receptionist for our fees for this service). Please speak to me if you have concerns about the accuracy of your records.
* If your complaint is not resolved to your satisfaction by my office, you may wish to contact the Information and Privacy Commissioner of Ontario at (416)326-333 or 1(800)387-0073.
WHAT IS PERSONAL HEALTH INFORMATION?
Personal health information is anything that can identify you as an individual such as your name, your health card number, or other personally identifying information which can be connected to your health status or care such as a test result with your name on it. Keeping it private means you as a patient, have the right to know and control how this information is being used in the clinic. It also means MLMC has an obligation to ensure that the information is kept confidential.
PROTECTING YOUR PERSONAL HEALTH INFORMATION
As a patient of MLMC, you will be asked on a number of occasions to provide us with personal health information that will assist us in the provision of your care. You can be assured that the confidentiality of your personal health information will be protected regardless of where or how this information is collected, used or disclosed by MLMC.
The ConnectingOntario solution is a shared information system containing copies of personal health information from patients’ visits to health care organizations across Ontario.
eHealth Ontario operates the ConnectingOntario program and provides services that allow personal health information to be shared electronically by:
- Managing and operating the ConnectingOntario program and information system;
- Assessing the privacy and security of the information system;
- Operating the ConnectingOntario privacy and security program in cooperation with participating health care organizations, including communicating directly with individuals making requests to access or correct their personal health information or individuals with privacy or security questions or complaints;
- Developing and managing the technology needed to support the information system; and,
- Managing service providers who built and support the information system.
When eHealth Ontario provides these services, it has access to the personal health information in the information system. It only uses personal health information to perform these services for health care organizations and does not disclose the personal health information to any other health care organizations.
Patient’s personal health information is made available to participating health care organizations for the purpose of providing the patient with health care and treatment, or to reduce a significant risk of serious bodily harm. All health care organizations involved in the ConnectingOntario program handle a patient’s personal health information securely and confidentially, in accordance with Ontario’s health privacy law (Personal Health Information Protection Act, 2004), as well as other applicable laws, the ConnectingOntario security policies and EHR privacy policies.
MLMC may collect, use or disclose patient personal information for the purpose of:
- Providing health care or assisting in providing health care to the individual;
- Planning or delivering research programs or services funded by Maple Leaf Research (MLR)
- Evaluating, monitoring and allocating resources to programs and services provided by either MLMC or MLR;
- Activities to improve quality of care or quality of any related program or service;
- Processing, monitoring, verifying or reimbursing claims for payment under any Act;
- Research, as approved by a Research Ethics Board;
- Anonymizing or de-identifying the information;
- Teaching and education;
- As otherwise consented to by the individual; and
- As otherwise permitted, authorized or required by law.
All authorized agents and third parties are contractually obligated to protect your personal information privacy on behalf of MLMC. Access may be provided to:
- agents of MLMC such as medical staff, employees and authorized contractors;
- other health care facilities or services that may be providing you with care;
- in the case of an emergency, a person who may be able to contact your relatives or friends;
- the Ontario Ministry of Health and Long Term Care and their designated agents;
- a government approved registry of personal health information that relates to a specific disease or condition or that relates to the storage or donation of body parts or substances e.g. apheresis;
- the Chief Medical Officer of Health or a public health authority established under the laws of Canada;
Patients can contact eHealth Ontario or any health care organization participating in ConnectingOntario for any privacy and security questions, complaints or requests. Please refer to the contact information at the end of this notice. A patient can contact us for the following privacy-related reasons:
Consent and blocking a patient record
Health care organizations may use and share patient personal health information for treatment and care. All health care organizations that use and share patient personal health information in the information system have signed agreements confirming that they follow EHR privacy policies and ConnectingOntario security policies and procedures and Ontario’s health privacy law.
Patients can opt out of having personal health information used and shared by health care providers by putting a block on personal health information that is shared within the ConnectingOntario solution. The ConnectingOntario solution provides different blocking options, such as preventing certain health care providers from using or sharing personal health information or preventing all health care providers from using or sharing information.
Viewing or obtaining a copy of personal health information
Patients have a right to request to see or obtain a copy of the following:
- The patient’s personal health information in the information system.
- A list of health care professionals who have viewed a patient’s personal health information in the information system.
- A list of times that a patient has put or removed a block on personal health information.
Correcting personal health information
Patients have a right to ask that their personal health information be corrected if they feel it is out-of-date or inaccurate.
Questions or complaints about ConnectingOntario’s practices
Everyone has a right to ask questions or make a complaint about how ConnectingOntario handles personal health information or privacy.
The eHealth Ontario keeps personal health information safe with safeguards including:
- eHealth Ontario has a chief privacy officer and chief security officer who are accountable for health information privacy and security.
- The ConnectingOntario privacy and security committee, made up of representatives from participating health care organizations, oversees the privacy and security programs.
- Health care organizations must ensure that their health care providers are informed of their duties through privacy and security training.
- Agreements, policies and procedures define each organization’s role in protecting the personal information and personal health information. They also define the roles and responsibilities of any people working for the organization or service providers who provide the health care organizations with services.
- Privacy and security assessments are conducted to identify new risks to privacy and security when there is a significant change to the ConnectingOntario program or information system.
- eHealth Ontario as the program office for ConnectingOntario notifies health care organizations of any unauthorized access to personal information and personal health information that the health care organization contributed to the system.
- eHealth Ontario staff, consultants, suppliers and clients must promptly report any privacy and security breaches for investigation.
- The personal information and personal health information is stored in a data centre with cameras, restricted access, alarms, and 24/7 security.
- When servers are no longer needed, the hard disks storing the personal information and personal health information are physically destroyed or permanently erased.
- Information is not physically removed from the data centre.
- Only approved healthcare providers and staff that support them can view the information.
- ConnectingOntario users are authenticated each time they access the system.
- The actions of everyone who views the personal information and personal health information are recorded electronically.
- The personal information and personal health information is always encrypted when it is transmitted to and from participating sites.
- Networks are protected by devices (firewalls and routers) which limit access to and from systems.
- All actions in the information system are logged so that the privacy officers of the health care organizations are able to monitor and audit their health care providers and staff who view personal information and personal health information in the information system.
- Security agents are installed on each system to protect ConnectingOntario from malware and detect intrusions.
- Vulnerability assessments of technical configurations and operational security practices are conducted periodically.
eHealth Ontario has developed policies and procedures to protect the privacy and security of personal health information. All health care organizations participating in the ConnectingOntario program must agree to the EHR privacy policies and ConnectingOntario security policies posted at ehealthontario.on.ca/en/initiatives/resources, as well as the EHR security policies, which are available by request to firstname.lastname@example.org.
Contact eHealth Ontario:
- If you don’t want to share your information in the ConnectingOntario solution
- To receive copies of your information from ConnectingOntario solution
- To request a correction to your information in ConnectingOntario solution
- To make an inquiry or complaint pertaining to the ConnectingOntario solution
eHealth Ontario, privacy office 777
Bay Street, Suite 701 Toronto, ON
You have a right to make a complaint about eHealth Ontario’s information practices by contacting Ontario’s Information and Privacy Commissioner at:
Telephone: (416) 326-3333 or (905) 326-3333
Toll free: 1 (800) 387-0073 (within Ontario)
TDD/TTY: (416) 325-7539
CAN I WITHHOLD CONSENT FOR THE USE OF MY PERSONAL HEALTH INFORMATION?
You have the right to withhold your consent where consent is required, unless it would compromise the care we intend to deliver to you and others.
For research purposes, you will be given an opportunity to opt-out of further contact for these activities should you be contacted by a clinic representative for these reasons following your care.
If you would like to remove your name from our research list or have a question regarding your ability to withdraw consent, please speak with your physician at MLMC. If she/he is unable to help you with your inquiry, she/he will then contact Privacy Officer at MLMC.
GETTING ACCESS TO YOUR HEALTH RECORD
For assistance in submitting a request for access to patient information, please direct your request to the reception at your doctor’s office.