Skip Ribbon Commands
Skip to main content
Privacy

Protecting Personal Health Information at PHO

Statement of Fair Information Practices: Introduction

Public Health Ontario (PHO) is an arm's-length government agency dedicated to protecting and promoting the health of all Ontarians and reducing inequities in health. As a hub organization, PHO links public health practitioners, front-line health workers and researchers to the best scientific intelligence and knowledge from around the world.

PHO provides expert scientific and technical support relating to infection prevention and control; surveillance and epidemiology; health promotion, chronic disease and injury prevention; environmental and occupational health; health emergency preparedness; and public health laboratory services to support health providers, the public health system and partner ministries in making informed decisions and taking informed action to improve the health and security of Ontarians.

PHO’s general policies and procedures with respect to information practices and privacy principles are available for public viewing in printed and electronic forms. In addition, specific purposes for collection of information are identified prior to the collection of information in research and other data sharing arrangements permitted by law and necessary for PHO’s objectives.

In order to carry out its legislated tasks of research and support, PHO will need to collect personal health information from health care providers and organizations as well as public health and government agencies. This may include identifying information as well as health histories, records of hospital visits, and follow-up medical care.

The framework for PHO’s privacy standards is founded on internationally recognized Fair Information Practices; including the CSA Model Code for the Protection of Personal Information (CAN/CSA-Q830-96). This Model Code is the basis of Canadian and provincial privacy legislation.

PHO is governed by the requirements of the Personal Health Information Protection Act and the Freedom of Information and Protection of Privacy Act. PHO is required to comply with the requirements of the legislation and does so by incorporating the principles of the Model Code, widely agreed upon privacy principles, standards and other relevant guidance.

PHO’s Statement of Fair Information Practices discusses each principle individually as it applies to the operation of the agency.

The Model Code’s 10 principles are:

 

1. Accountability for personal health information

PHO is responsible for personal health information within its custody or control. This applies to information used by PHO and its employees, contractors, consultants, agents, researchers or by a research partner in the course of working for or with PHO.

PHO’s president and chief executive officer and its privacy officer are responsible for PHO’s compliance with policies, practices and procedures to safeguard privacy, confidentiality and security.

2. Identifying purposes for personal health information

PHO will use personal health information and may disclose the information to researchers or other agencies and organizations working with PHO, in accordance with this policy, relevant legislation, and the mandate of PHO. For instance, PHO may use your information to:

  • conduct research or compile statistics
  • track, monitor or analyze health and disease trends
  • inform and address infectious emergencies
  • provide laboratory services
  • educate the public and health care professionals 
  • develop new health care treatments and tools

3. Consent for collection, use, and disclosure of personal health information

PHO acknowledges the principle of consent in respect of the collection, use and disclosure of personal health information. PHO has established procedures for obtaining consent for the direct collection of personal health information from an individual, as required by law, as well as the use and disclosure that follows this manner of collection. PHO will rely on primary information collectors to ensure the appropriate consent is obtained from the individual in all other cases of collection.

4. Limiting collection of personal health information

PHO collects personal health information from health information custodians, government and public agencies, and prescribed registries and entities in accordance with relevant law in order to fulfil its legislative mandate. PHO only collects as much information as is necessary for these purposes.

5. Limiting use, disclosure and retention of personal health information

PHO only uses information for the purposes for which it was collected and information will be retained and/or disclosed only as necessary and in accordance with the law and these policies.

6. Accuracy of personal health information

PHO will ensure that all personal health information within its custody or control will be as accurate, complete, and up-to-date as is required and will comply with legislative provisions respecting accuracy when disclosing information. PHO will ensure that all personal health information disclosed to another party is as accurate, complete, and up-to-date as is required and possible in the circumstances.

7. Safeguards for personal health information

PHO has developed, implemented and will enforce physical, administrative, and technical safeguards to ensure the security and confidentiality of all personal health information within its custody or control. Regular audits are conducted to monitor compliance with privacy requirements and full investigations will be completed to address any real or potential security vulnerabilities.

8. Openness about information practices

Information about PHO’s policies and procedures with respect to privacy and information practices are available in printed and electronic form. Further requests for information or answers to questions or concerns may be obtained from the privacy officer.

9. Access to and correction of personal health information

PHO will assist individuals to access their personal health information to the best of its ability wherever it is required to do so, in accordance with its legislative responsibilities.

In respect of information indirectly collected by PHO from primary or secondary information collectors, the individual will be referred to the original record holder for access to the complete record of personal health information and to request corrections.

10. Challenging compliance

All questions, concerns, and complaints about PHO’s information practices or privacy policy should be directed to the privacy officer. PHO will make every reasonable effort to resolve information and privacy issues and will cooperate with further processes to the best of its ability. Questions or comments regarding PHO’s practices or the administration of the Personal Health Information Protection Act and the Freedom of Information and Protection of Privacy Act may be directed to the Office of the Privacy Officer, by e-mailing privacy@oahpp.ca.

If your complaint is not resolved to your satisfaction, you have the right to complain to the Information and Privacy Commissioner of Ontario. The Commissioner can be reached at:

The Information and Privacy Commissioner of Ontario
T: 416-326-3333 or 1-800-387-0073
E: info@ipc.on.ca
W: www.ipc.on.ca

 

You have a choice

 

Internet communications that contain personal information are neither secure nor verifiable. It is recommended that unencrypted personal information should never be circulated over the Internet or by e-mail.  If you choose not to use the Internet to provide personal information to PHO, you can contact us by mail.

Uncontrolled print copy. Valid only on day of Print: [date]
Page updated on [date/time] 29/07/2016 8:17 AM
© , Ontario Agency for Health Protection and Promotion