This policy applies to all Royal Victoria Regional Health Centre (RVH) staff, privileged medical staff and volunteers, who use, collect and maintain personal health information, personal information and all other types of hospital information.
It is RVH policy that all information collected, used, maintained and disclosed by the hospital or its staff shall be treated in accordance with the Personal Health Information Protection Act (PHIPA) and the Freedom of Information and Protection of Privacy Act (FIPPA).
The first purpose of this policy is to identify the key legislatively defined terms to ensure a consistent understanding of “information”. The second purpose of this policy is to identify the guiding principles for the collection, use, maintenance, dissemination and protection of information that is in the custody or control of RVH.
Personal Health Information (PHI) refers to all health related information, as defined in PHIPA (Section 4) that is linked to identifying information about an individual in either oral or recorded form. Health related information is defined in the legislation as information that:
Personal information, as defined in FIPPA (Section 2) is recorded information about an identifiable individual including:
Privacy is the right of an individual to control his or her own personal information. In other words, a person can determine how, when, and to what extent, they will share information with others. With respect to health information, the right of privacy includes a patient’s right to know of, and exercise control over, any information about them.
Personal Health Information Protection Act (PHIPA)
The PHIPA outlines privacy policies and practices for health information custodians in the province of Ontario. The purposes of the PHIPA are as follows:
Freedom of Information Privacy Protection Act (FIPPA)
Any record created or which came into the hospital’s custody or control after January 1, 2007 is subject to FIPPA. The purposes of FIPPA are as follows:
Consistent with the Personal Health Information Protection Act, (2004) (PHIPA), the hospital’s enterprise-wide approach incorporates the following ten privacy principles:
Staff, privileged medical staff and volunteers shall provide access to recorded information that is in the hospital’s custody or under its control in balance with the protection of personal privacy of individuals. This shall be done in a manner that is compliant with the Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Health Information Protection Act (PHIPA).
Further, RVH shall ensure systems, policies and procedures are in place to protect the privacy of personal health information and/or personal information under its custody and control in accordance with relevant legislations.
Freedom of Information and Protection of Privacy Act R.S.O 1990, CHAPTER F.31
Personal Health Information Protection Act S.O. 2004, CHAPTER 3
Hospital Privacy Toolkit: Guide to the Ontario Personal Health Information Protection Act, Ontario Hospital Association, September 2004