Personal Health Information Protection Act, 2004
The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario’s health-specific privacy legislation. It regulates the manner in which personal health information is collected, used, and disclosed within the health care system.
Personal health information is identifiable information about an individual which relates to:
- Physical or mental health of the individual, including family health history;
- Providing of health care to the individual, including the identification of a person as a provider of health care to the individual;
- Payments or eligibility for health care in respect of the individual;
- Donation by the individual of any body part or bodily substance or which is derived from the testing or examination of any such body part or bodily substance;
- The individual’s health number; or
- Identification of an individual’s substitute decision-maker.
The Collection and Use of Personal Health Information
We collect personal health information about you either from you directly or from a person acting on your behalf. The information that we collect may include your name, date of birth, address, personal and family health history, records of your visits Aurora Medical Clinic and the care that you received. You may enter, modify, and correct your personal health information via the Aurora Medical Clinic Patient Portal. You may also obtain access to or request a correction to your record of personal health information by contacting the Aurora Medical Clinic Staff. We may use your personal health information in order to deliver patient care, administrate health care services, receive payment for your treatment and care, research, compile statistics, fundraise, meet legal requirements, and fulfill other purposes permitted or required by law. Your personal health information may be disclosed to physicians, health care professionals, and staff directly involved in your care. We are also required to disclose patient information to several organizations, such as the Ministry of Health.
We have instituted appropriate safeguards in our efforts to ensure that patients’ personal health information is protected.
Physical safeguards, such as facility access controls, workstation security, and mobile device security requirements, are in place in order to protect patient records.
Our patient information system uses passwords and a firewall to protect the system from inappropriate accesses and from Internet users. The security capabilities of the patient information system are also upgraded on an ongoing basis. In addition, the Aurora Medical Clinic Patient Portal account is password protected, and confidential patient information available through this portal is secured through encryption technologies.
If your personal health information is stolen, lost, or accessed by unauthorized persons, we will notify you at the first reasonable opportunity.
Questions and Concerns
If you have any questions or concerns regarding our information and privacy protection practices, or if you feel that your privacy rights have been violated, please contact the Aurora Medical Clinic staff. If you feel your privacy rights under PHIPA have been violated, you may also submit a written complaint to the Information and Privacy Commissioner of Ontario at the following address:
2 Bloor Street East, Suite 1400