Your Health Privacy Rights
- Hospitals, doctors, mental health agencies etc. have obligations to protect privacy.
- Enforced by the Information and Privacy Commission (//www.ipc.on.ca/health/)
- Ontario’s health privacy legislation is the Personal Health Information Protection Act(PHIPA), establishes a set of rules regarding your personal health information (PHI).
PHIPA gives you the right to:
- be informed of the reasons for the collection, use and disclosure of your personal health information;
- be notified of the theft or loss or of the unauthorized use or disclosure of your personal health information;
- refuse or give consent to the collection, use or disclosure of your personal health information, except in certain circumstances;
- withdraw your consent by providing notice;
- expressly instruct that your personal health information not be used or disclosed for health care purposes without your consent;
- access a copy of your personal health information, except in limited circumstances;
- request corrections be made to your health records;
- complain to our office if you are refused access to your personal health information;
- complain to our office if you are refused a correction request;
- complain to our office about a privacy breach or potential breach; and
begin a proceeding in court for damages for actual harm suffered after an order has been issued or a person has been convicted of an offence under PHIPA.
Privacy Tip: Consent
Do you remember signing a consent or getting privacy information when you started with a new doctor, agency or health service? Did you have a choice to sign the consent if you wanted to receive service? Consent explanations from the IPC bit.ly/2E83GK9 Real CONSENT:
- must be your consent or the consent of your substitute decision-maker
- must be knowledgeable
- must relate to the information that will be collected, used or disclosed
- must not be obtained through deception or coercion
Consent should be time limited and it should only be for certain uses. For example, I want supportive housing but I might not want to have my information shared with a rehab facility. +
Privacy Principles for Health orgs
Key is consent, limited collection, limited use, and accountability / complaints process:
Principle 1 – Accountability
Principle 2 – Identifying Purposes for collecting
Principle 3 – Consent
Principle 4 – Limiting Collection
Principle 5 – Limiting Use, Disclosure, and Retention
Principle 6 – Accuracy
Principle 7 – Safeguards
Principle 8 – Openness
Principle 9 – Individual Access
