Find out more about your health privacy rights in Ontario.
Ontario’s health privacy legislation, the Personal Health Information Protection Act (PHIPA), establishes a set of rules regarding your personal health information (PHI). PHIPA gives you the right to:
- be informed of the reasons for the collection, use and disclosure of your personal health information;
- be notified of the theft or loss or of the unauthorized use or disclosure of your personal health information;
- refuse or give consent to the collection, use or disclosure of your personal health information, except in certain circumstances;
- withdraw your consent by providing notice;
- expressly instruct that your personal health information not be used or disclosed for health care purposes without your consent;
- access a copy of your personal health information, except in limited circumstances;
- request corrections be made to your health records;
- complain to our office if you are refused access to your personal health information;
- complain to our office if you are refused a correction request;
- complain to our office about a privacy breach or potential breach; and
- begin a proceeding in court for damages for actual harm suffered after an order has been issued or a person has been convicted of an offence under PHIPA.
Health information custodians who have custody or control of your personal health information are required to:
- designate or take on the role of a contact person to:
- respond to your access/correction requests;
- receive complaints about alleged breaches of PHIPA;
- respond to inquiries about their information practices.
- obtain your consent when collecting, using and disclosing your PHI, except in limited circumstances, such as a medical emergency;
- collect PHI as permitted or required by PHIPA, but no more than is reasonably necessary;
- take reasonable precautions to safeguard PHI against theft, loss, as well as unauthorized use, disclosure, copying, modification or disposal of your PHI;
- notify you, at the first reasonable opportunity, of the theft or loss or of the unauthorized use or disclosure of PHI;
- inform you of any uses and disclosures of your PHI without your consent that occurred outside of their information practices;
- ensure that your health records are as accurate, up-to-date and complete as necessary for the purposes which they are used or disclosed;
- ensure that your health records are retained, transferred and disposed of in a secure manner;
- ensure that all employees, staff and agents are appropriately informed of their duties and obligations under PHIPA.