- Download the Part X guide
- Terms used in this guide
- Does Part X of the CYFSA apply to you?
- Collection, use, and disclosure of personal information
- Consent and capacity
- Elements of consent
- Consent may be implied in some cases
- Consent may be written or verbal
- Presumption of consent’s validity
- Conditional consent and withdrawal of consent
- Capacity to consent
- Substitute decision-makers
- Safeguarding and managing personal information
- Access to records of personal information
- Individual’s right of access
- Access exceptions
- Is the record dedicated primarily to the provision of service to the individual?
- How are access requests made?
- Service provider’s response to access requests
- Substitute decision-makers can request access
- Correction of records
- Offences and immunity
- The role of the Information and Privacy Commissioner
Are you subject to other privacy legislation?
Once you have determined that you are a service provider, the next step is to consider whether you are already subject to privacy legislation. You are exempt from much of Part X if you are:
- a health information custodian under the Personal Health Information Protection Act, when collecting, using or disclosing personal health information
- an institution under the Freedom of Information and Protection of Privacy Act or its municipal counterpart, the Municipal Freedom of Information and Protection of Privacy Act
Are you a health information custodian under PHIPA?
PHIPA governs the collection, use and disclosure of personal health information by health information custodians. Section 3 of PHIPA sets out who is a custodian, while section 4 sets out what is personal health information.
If you are a service provider who is also a custodian under PHIPA, the core rules of Part X do not apply to your collection, use or disclosure of personal health information (PHIPA would apply instead).7 The only sections of Part X which do apply are:
- sections 283-284 (Minister’s powers to collect, use and disclose personal information)
- section 285 (Application of Part X)
- section 293 (Disclosure for planning and managing services)
- section 294 (Records of mental disorders)
Note that if you are a health information custodian who collects, uses and discloses personal information that is not personal health information, then Part X may apply to that information.
A multi-service organization operates a children’s aid society. It also runs a children’s mental health program, for which it collects information about its clients’ health history and provides health care as its primary purpose.
Both PHIPA and Part X of the CYFSA would apply to different parts of this organization. For example, if a client wanted to access their records of personal health information from the organization’s mental health program, they could do so under PHIPA. If they wanted to access their records of personal information from the children’s aid society, they would do so under Part X of the CYFSA.
Are you an institution under FIPPA or MFIPPA?
FIPPA is a law that applies to provincial public institutions including the Ministry of Children, Community and Social Services. MFIPPA is its municipal counterpart – it applies to school boards, municipalities and other municipal institutions.8
If you are a service provider and an institution under FIPPA or MFIPPA, the core rules of Part X do not apply to you.9 The only sections of Part X which do apply are:
A father wants access to his records of personal information from a program operated directly by the Ministry of Children, Community and Social Services. Can he make an access request?
Yes, but not under Part X of the CYFSA. Because the ministry is an institution under FIPPA, the core rules of Part X, including the rules about access to records of personal information, do not apply to the ministry. The father would need to make an access request under FIPPA.
This post is also available in: French