Protecting your privacy and confidentiality in everything we do
As a Health Information Custodian (HIC) under the Personal Health Information Protection Act (PHIPA) and other applicable provincial legislations, Osler takes great care to protect the privacy, confidentiality and security of your personal health information.
Your personal health information: click here for everything you need to know about accessing your own personal health information/medical record, from Osler's Health Information Management (HIM) Office.
Statement of Information Practices
Our Statement of Information Practices describes Osler's accountability and openness, how we use the personal health information that we collect from you, how we protect your information, and the purposes and conditions under which we may share it. We value the trust you have placed in us and we are committed to ensuring that your information remains confidential and secure.
Health Information Network Provider (HINP) Responsibilities
As a designated Health Information Network Provider (HINP) of the Integrated Assessment Record (IAR), Osler regularly assesses the threats, risks and impacts associated with the IAR systems. This risk management strategy ensures the safeguarding of Personal Health Information within Osler’s hosted systems. If you are a member of a concerned party such as a Health Service Provider (HSP) in Ontario and are interested in obtaining a summary copy of the most recent IAR assessment findings, please contact the Osler Privacy Office at 905-494-2120 ext. 29466 or PrivacyOffice@williamoslerhs.ca.
In addition to Osler's responsibilities as a HIC, within the capacity of a HINP, Osler adheres to additional requirements.
Get more information on Osler’s role in the Integrated Assessment Record.
In the capacity of a HINP, Osler meets the following requirements:
- Manage changes in roles and responsibilities as it pertains to PHIPA (HIC, HINP, and Agent) and establish appropriate agreements
- Manage an Integrated-Privacy and Security Incident Identification and Management across the participating organizations
- Maintain a Privacy Contact Person(s) for addressing any and all privacy issues, concerns, and/or complaints, including defining and communicating the complaint procedures
- Implement retention and disposal policies
- Make available plain-language safeguards to both the public and the participating organizations (i.e. Health Information Custodians)
- Implement Logging, Auditing, and Monitoring Policies and Procedures including communication of these controls to all "authorized users"
- Completion of a system Privacy Impact Assessment ("PIA") and Threat/Risk Assessment ("TRA")
Electronic Service Provider (ESP) responsibilities
Within the capacity of an ESP, Osler adheres to additional requirements.
Osler acts as an ESP under PHIPA in that we supply services for the purpose of enabling a HIC to use electronic means to collect, use, modify, disclose, retain or dispose of Personal Health Information and who is not an Agent of the HIC.