Our obligations under the Personal Health Information Protection Act
As a provider of healthcare services to the residents of the Waterloo Region and surrounding area, GRH collects, uses, discloses, retains and protects personal health information and is a personal health information custodian under the Ontario Personal Health Information Protection Act (PHIPA).
GRH is committed to protecting the privacy, confidentiality and security of all personal health information to which it is entrusted. The privacy, confidentiality and security policy incorporates the provisions of Part 1 of the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and includes the ten principles of the Canadian Standards Association's Model Code for the Protection of Personal Information (CAN/CSA-Q830-96), which was published in March 1996 as a national standard of Canada.
The ten fundamental principles of privacy form the basis of the GRH's data protection strategy. Click here to download a PDF file outlining the ten principles of privacy.
Our obligations under the Freedom of Information and Protection of Privacy Act
The Broader Public Sector Accountability Act, 2010 (BPSAA) received Royal Assent on December 8, 2010. The BPSAA establishes new rules and higher accountability standards for hospitals, Local Health Integration Networks (LHINs) and broader public sector organizations. BPSAA impacted the privacy landscape of some public sector employers. One key change was the extension of the Freedom of Information and Protection of Privacy Act (FIPPA) to hospitals. Access to information held by public institutions is a vital ingredient for a free and functioning democratic society. This is a welcome step toward a culture of greater transparency and accountability in our hospitals, something Ontario’s Information and Privacy Commissioner (IPC) has long advocated for. It also addresses the anomaly of Ontario being the only Canadian province in which hospitals were not covered by freedom of information (FOI) legislation.
GRH is committed to promoting a culture of transparency and openness. FIPPA establishes rules for government institutions to follow to ensure the protection of individual privacy. The Act governs the collection, retention, use, disclosure and security of personal information (sections 37–46 of the provincial Act and 27–35 of the municipal Act). Additionally, section 34 of FIPPA requires an institution that is also a health information custodian to make an annual report to the Information and Privacy Commissioner of Ontario. GRH’s FIPPA's practices incorporates the seven fundamental principles of access proposed by the IPC.
Click to download the seven principles of access proposed by the Information and Privacy Commission.