Protecting Your Privacy
At Hôtel-Dieu Grace Healthcare, protecting the privacy of our patient's personal health information is an essential component of our commitment to treating our patients with dignity, compassion and social responsibility.
We collect personal health information about you directly from you or from another person acting on your behalf, and we take steps to ensure that everyone who performs services for the Hospital protects your privacy and only uses your personal information for the purposes with which you have consented.
We have security measures in place to ensure that your personal information is protected from theft, loss, and unauthorized access. We conduct audits and complete investigations to monitor and manage our privacy compliance.
Privacy Principles
Hôtel-Dieu Grace Healthcare is responsible for personal health information under our control and is committed to a high standard of privacy for our information practices. Ontario law – the Personal Health Information Protection Act (PHIPA) protects your personal health information and is based on 10 privacy principles.
Accountability for Personal Health Information
Hôtel-Dieu Grace Healthcare is responsible for personal information under our control and has designated individuals (Chief Privacy Officer and Privacy Delegates/Privacy Team) who are accountable for compliance at all sites.
Hôtel-Dieu Grace Healthcare complies with PHIPA by:
- implementing policies and procedures to protect your personal health information, and all other confidential information including information relating to patients, staff and affiliates (affiliates include physicians, students, volunteers, researchers, and contracted individuals who are not paid by Hôtel-Dieu Grace Healthcare but have a working relationship with the organization);
- responding to complaints and inquiries;
- educating our staff and affiliates about privacy policies and practices.
Identifying Purposes for the Collection of Personal Health Information
Hôtel-Dieu Grace Healthcare will identify the purposes for which personal health information is collected at or before the time of collection. These purposes will be conveyed by means of posters, brochures and this web site.
The primary purpose to collect, use and share personal health information is to deliver patient care. We also use your information for administrative purposes, research, teaching, statistics, fundraising, and to comply with our legal and regulatory requirements.
Consent for the Collection, Use, and Disclosure of Personal Information
We rely on your implied consent for some purposes (e.g. patient care), but will seek your written consent for other purposes (e.g. identifiable information used for research).
You have the right to know why we are collecting your information and how it is being used.
You also have the right to withdraw your consent at any time, unless the collection, use or sharing is required or permitted by law.
Limiting Use, Disclosure, and Retention of Personal Information
Personal health information may be used only for the purposes for which it was collected, except with your consent or as required by law.
The information is retained only as long as necessary, and securely destroyed in accordance with legislation, policies, guidelines and procedures.
Ensuring Accuracy of Personal Health Information
Hôtel-Dieu Grace Healthcare will make every effort to ensure the information we hold is accurate, complete and up-to-date. Patients have the right to challenge the accuracy of the information.
Ensuring Safeguards for Personal Information
Hôtel-Dieu Grace Healthcare applies security safeguards appropriate to the sensitivity of personal health information to aim to protect it against loss, theft, unauthorized access, disclosure, copying, use, or modification, regardless of its format. Protection may include physical measures (i.e. locked filing cabinets and restricted access), organizational measures (limiting access on a "need-to-know" basis), and technological measures (use of passwords, encryption and audits). New staff and affiliates are required to complete privacy and confidentiality education and sign a confidentiality agreement as a condition of employment or affiliation. Contracted agents are bound to privacy and confidentiality as a condition of the contract.
Openness About Personal Information Policies and Practices
Hôtel-Dieu Grace Healthcare makes information about their privacy policies and practices available by means of posted notices and brochures at registration points and other public areas as well as on the organization’s Internet site. Information provided includes:
- contact information for Hôtel-Dieu Grace Healthcare’s Chief Privacy Officer and/or delegate, to which complaints or inquiries can be forwarded;
- the process for a patient to access his/her personal health information held by Hôtel-Dieu Grace Healthcare;
- a description of the type of personal health information held by Hôtel-Dieu Grace Healthcare, including a general explanation of its use, and common examples of how the information may be shared.
Individual Access to Own Personal Information
Upon request, within a reasonable time and at a reasonable cost, an individual will be informed of the existence of his or her personal information and will be given access to it. They can challenge its accuracy and completeness and have it amended as appropriate.
Exceptions to providing access will be limited and specific. This may include information that is prohibitively costly to provide, refers to other individuals, cannot be disclosed for legal, security or proprietary reasons, and/or is subject to solicitor-client or litigation privilege.
An individual must provide sufficient information to permit Hôtel-Dieu Grace Healthcare to identify the existence of personal health information, including details of third-party recipients.
Challenging Compliance with the Organization’s Privacy Policies and Practices
An individual will be able to challenge Hôtel-Dieu Grace Healthcare’s compliance with the organization’s policies and privacy law to the Chief Executive Officer and/or Privacy Office delegates. Hôtel-Dieu Grace Healthcare has procedures in place to receive and respond to complaints or inquiries about their policies and practices relating to the handling of personal health information. Hôtel-Dieu Grace Healthcare will investigate all complaints. If a complaint is justified, Hôtel-Dieu Grace Healthcare will take appropriate measures, including, if necessary, amending their policies and practices.