The Model Code

The Model Code’s 10 principles are…

1. Accountability for personal health information

PHO is responsible for personal health information within its custody or control. This applies to information used by PHO and its employees, contractors, consultants, agents, researchers or by a research partner in the course of working for or with PHO.

PHO’s president and chief executive officer and its privacy officer are responsible for PHO’s compliance with policies, practices and procedures to safeguard privacy, confidentiality and security.

2. Identifying purposes for personal health information

PHO will use personal health information and may disclose the information to researchers or other agencies and organizations working with PHO, in accordance with this policy, relevant legislation, and the mandate of PHO. For instance, PHO may use your information to:

• conduct research or compile statistics
• track, monitor or analyze health and disease trends
• inform and address infectious emergencies
• provide laboratory services
• educate the public and health care professionals 
• develop new health care treatments and tools

3. Consent for collection, use, and disclosure of personal health information

PHO acknowledges the principle of consent in respect of the collection, use and disclosure of personal health information. PHO has established procedures for obtaining consent for the direct collection of personal health information from an individual, as required by law, as well as the use and disclosure that follows this manner of collection. PHO will rely on primary information collectors to ensure the appropriate consent is obtained from the individual in all other cases of collection.

4. Limiting collection of personal health information

PHO collects personal health information from health information custodians, government and public agencies, and prescribed registries and entities in accordance with relevant law in order to fulfil its legislative mandate. PHO only collects as much information as is necessary for these purposes.

5. Limiting use, disclosure and retention of personal health information

PHO only uses information for the purposes for which it was collected and information will be retained and/or disclosed only as necessary and in accordance with the law and these policies.

6. Accuracy of personal health information

PHO will ensure that all personal health information within its custody or control will be as accurate, complete, and up-to-date as is required and will comply with legislative provisions respecting accuracy when disclosing information. PHO will ensure that all personal health information disclosed to another party is as accurate, complete, and up-to-date as is required and possible in the circumstances.

7. Safeguards for personal health information

PHO has developed, implemented and will enforce physical, administrative, and technical safeguards to ensure the security and confidentiality of all personal health information within its custody or control. Regular audits are conducted to monitor compliance with privacy requirements and full investigations will be completed to address any real or potential security vulnerabilities.

8. Openness about information practices

Information about PHO’s policies and procedures with respect to privacy and information practices are available in printed and electronic form. Further requests for information or answers to questions or concerns may be obtained from the privacy officer.

9. Access to and correction of personal health information

PHO will assist individuals to access their personal health information to the best of its ability wherever it is required to do so, in accordance with its legislative responsibilities.

In respect of information indirectly collected by PHO from primary or secondary information collectors, the individual will be referred to the original record holder for access to the complete record of personal health information and to request corrections.

10. Challenging compliance

All questions, concerns, and complaints about PHO’s information practices or privacy policy should be directed to the privacy officer. PHO will make every reasonable effort to resolve information and privacy issues and will cooperate with further processes to the best of its ability. Questions or comments regarding PHO’s practices or the administration of the Personal Health Information Protection Act and the Freedom of Information and Protection of Privacy Act may be directed to the Office of the Privacy Officer, by e-mailing privacy@oahpp.ca. 

If your complaint is not resolved to your satisfaction, you have the right to complain to the Information and Privacy Commissioner of Ontario. The Commissioner can be reached at:

The Information and Privacy Commissioner of Ontario
T: 416-326-3333 or 1-800-387-0073
E: info@ipc.on.ca
W: www.ipc.on.ca