Protecting your privacy and confidentiality in everything we do

As a Health Information Custodian (HIC) under the Personal Health Information Protection Act (PHIPA) and other applicable provincial legislations, Osler takes great care to protect the privacy, confidentiality and security of your personal health information.  

Your personal health information:  click here for everything you need to know about accessing your own personal health information/medical record, from Osler's Health Information Management (HIM) Office

Statement of Information Practices

Our Statement of Information Practices describes Osler's accountability and openness, how we use the personal health information that we collect from you, how we protect your information, and the purposes and conditions under which we may share it. We value the trust you have placed in us and we are committed to ensuring that your information remains confidential and secure.

Accountability and openness

Osler is accountable in protecting the privacy of personal health information in our custody or under our control. We also keep a strong focus on performance excellence by ensuring that we monitor how we are doing. We use these results to continuously improve the way in which we protect your right to privacy.
Read more
At William Osler Health System we are open about how we protect the privacy of your personal health information. We have assigned a contact person to address your privacy-related inquiries or privacy investigations, complaints and your requests for access to your personal health information records.

Notice and collection

We have posted notices at key areas in our hospital. The notices explain why we collect, use and disclose your personal health information and tell you where to get more detailed information.
Read more

Osler collects personal health information for the purpose of providing you with appropriate health care. If you are unable to provide us with the information we need to treat you, we may collect the information from other health care professionals who are or who have been involved in your treatment or someone who has been designated as your substitute decision-maker.

We will also collect personal health information about you from someone other than yourself if you provide us with consent to do so or if we are authorized to do so by legislation. We will only collect the information we need to treat you.

Consent

Read more
  • When you provide us with your personal health information we assume that you understand that the information will be used and/or disclosed to others involved in your health care
  • If you do not wish your personal health information to be used or shared, you have the right to refuse to provide all or part of the information to us at the time we request the information or anytime afterwards.
  • We may not be able to fulfill your wishes if they impact our ability to deliver quality health care to you or if we are legislated to use or disclose the information to which you object. In these cases we will discuss the impact of your objection with you.
  • If we find it necessary to disclose your information for purposes other than providing health care, we will notify you of the purpose for the disclosure and ask you for consent to disclose the information.
  • The way we collect your consent may vary depending on the purpose for the consent.

Use and safeguards

We will use your personal health information to:
Read more
  • Plan and enhance our services to you, including:
    • Evaluation and monitoring of our programs
    • Chart reviews
    • Monitoring or preventing fraud or any unauthorized receipt of services or benefits
    • Educating our agents to provide health care
    • Contacting you to gather information on your satisfaction with or concerns about your visit. This will help us to continuously improve our services to you
  • Contact you for donations. Our hospital foundation will always provide you with an opportunity to decline further contact.
Our staff, physicians and volunteers are required to abide by our privacy policy and sign an agreement to that effect. We use up-to-date technology standards to secure your information, and we monitor internal compliance with our information and privacy practices. In some cases we may share your personal health information with third party data processors, vendors, suppliers or providers responsible for administering our programs. These organizations must sign a contract with us to follow privacy and health information practices that are the same or similar to our own.

Disclosure

William Osler Health System is a member of shared health information systems. These shared systems permit health care providers with the ability to securely access and use electronic patient health information. This access ensures the delivery of more timely, and patient-centered care. The information below highlights the systems that William Osler is currently a member of:
Read more

Accuracy, individual access and correction

We strive to keep your personal health information as accurate, complete and up-to-date as possible, taking into account its uses and your interests.
Read more

We establish and maintain a record of your personal health information. You have the right to access your health record by submitting a written request to our HIM department.

For access to your own personal health information/medical record contact Osler's HIM Office.

We must provide you with access to your file within 30 days of your request. If your request requires us to conduct a lengthy search, we may request an extension for another 30 days.

You may request corrections to the information in your file by providing us with additional information that supports your request. If your file contains information that was not provided by our hospital, we may not have the knowledge to correct that particular information and you may need to go back to the source to request the correction.

Inquiries and challenging compliance

You may direct any inquiries about our privacy practices, or complaints with respect to our compliance with our privacy practices, to our Privacy Office at 905-494-2120 ext.29466 or download and complete our Privacy Incident Form and send it to PrivacyOffice@williamoslerhs.ca.
Read more

You may direct any inquiries or requests for your own personal health information record/health chart, to Osler's HIM Office. If you are unable to resolve your complaint by working with our Privacy Office you may contact the Information and Privacy Commissioner (IPC) at:

Information and Privacy Commissioner/Ontario
2 Bloor Street East Suite1400
Toronto, Ontario M4W1A8
(416) 326-3333
Website: www.ipc.on.ca

Health Information Network Provider (HINP) Responsibilities 

As a designated Health Information Network Provider (HINP) of the Integrated Assessment Record (IAR), Osler regularly assesses the threats, risks and impacts associated with the IAR systems.  This risk management strategy ensures the safeguarding of Personal Health Information within Osler’s hosted systems.  If you are a member of a concerned party such as a Health Service Provider (HSP) in Ontario and are interested in obtaining a summary copy of the most recent IAR assessment findings, please contact the Osler Privacy Office at 905-494-2120 ext. 29466 or PrivacyOffice@williamoslerhs.ca.

In addition to Osler's responsibilities as a HIC, within the capacity of a HINP, Osler adheres to additional requirements.

Get more information on Osler’s role in the Integrated Assessment Record.

In the capacity of a HINP, Osler meets the following requirements:

  • Manage changes in roles and responsibilities as it pertains to PHIPA (HIC, HINP, and Agent) and establish appropriate agreements
  • Manage an Integrated-Privacy and Security Incident Identification and Management across the participating organizations
  • Maintain a Privacy Contact Person(s) for addressing any and all privacy issues, concerns, and/or complaints, including defining and communicating the complaint procedures
  • Implement retention and disposal policies
  • Make available plain-language safeguards to both the public and the participating organizations (i.e. Health Information Custodians)
  • Implement Logging, Auditing, and Monitoring Policies and Procedures including communication of these controls to all "authorized users"
  • Completion of a system Privacy Impact Assessment ("PIA") and Threat/Risk Assessment ("TRA") 

Electronic Service Provider (ESP) responsibilities

Within the capacity of an ESP, Osler adheres to additional requirements. 

Osler acts as an ESP under PHIPA in that we supply services for the purpose of enabling a HIC to use electronic means to collect, use, modify, disclose, retain or dispose of Personal Health Information and who is not an Agent of the HIC.

 

Related Information

Resource Center

Helpful links to the most useful lists and forms for health professionals.

Latest Tweets