Our obligations under the Personal Health Information Protection Act
As a provider of healthcare services to the residents of the Waterloo Region and surrounding area, Grand River Hospital collects, uses, discloses, retains and protects personal health information and is a personal health information custodian under the Ontario Personal Health Information Protection Act.
Grand River Hospital is committed to protecting the privacy, confidentiality and security of all personal health information to which it is entrusted. The privacy, confidentiality and security policy incorporates the provisions of Part 1 of the federal Personal Information Protection and Electronic Documents Act and includes the ten principles of the Canadian Standards Association's Model Code for the Protection of Personal Information (CAN/CSA-Q830-96), which was published in March 1996 as a national standard of Canada.
The ten fundamental principles of privacy form the basis of the Grand River Hospital's data protection strategy. Click here to read more about the ten principles
Our obligations under the Freedom of Information and Protection of Privacy Act
The Broader Public Sector Accountability Act, 2010 (BPSAA) received Royal Assent on December 8, 2010. The BPSAA establishes new rules and higher accountability standards for hospitals, Local Health Integration Networks (LHINs) and broader public sector organizations. BPSAA impacted the privacy landscape of some public sector employers. One key change was the extension of the Freedom of Information and Protection of Privacy Act (“FIPPA”) to hospitals. Access to information held by public institutions is a vital ingredient for a free and functioning democratic society. This is a welcome step toward a culture of greater transparency and accountability in our hospitals, something Ontario’s Information and Privacy Commissioner has long advocated for. It also addresses the anomaly of Ontario being the only Canadian province in which hospitals were not covered by FOI legislation.
Grand River Hospital is committed to promoting a culture of transparency and openness. The Freedom of Information and Protection of Privacy Act establishes rules for government institutions to follow to ensure the protection of individual privacy. The Act governs the collection, retention, use, disclosure and security of personal information (sections 37–46 of the provincial Act and 27–35 of the municipal Act). Additionally, section 34 of FIPPA requires an institution that is also a health information custodian to make an annual report to the Information and Privacy Commissioner of Ontario (Information and Privacy Commission). Grand River Hospital’s FIPPA's practices incorporates the 7 fundamental principles of access proposed by the Information and Privacy Commission.
Click here for more information on the seven fundamental principles of access proposed by the Information and Privacy Commission