Southlake Regional Health Centre is committed to protecting your privacy, and the confidentiality of personal information/personal health information (“information”). Whether you are working for our hospital or visiting, you trust us with your information. To honour that trust, we are committed to using your information for legitimate purposes and take reasonable steps to protect it from theft, loss, unauthorized access, copying, modification, use, disclosure and disposal.
As part of this commitment, Southlake has adopted the 10 Privacy Principles established by the Canadian Standards Association's Model Code for the protection of Information.
Southlake Regional Health Centre’s Privacy Principles:
All Southlake staff, physicians and volunteers are responsible for Information under their custody or control. Southlake Health’s Chief Privacy Officer oversees compliance with the Privacy Principles as well as the Personal Health Information Protection Act (PHIPA), and the Freedom of Information and Protection of Privacy Act (FIPPA). .
2. Identifying Purpose
Southlake’s privacy practices are governed by PHIPA and FIPPA. In accordance with these Acts, we collect information about you either from you or from the person/organization authorized to act on your behalf.
Southlake also collects personal information though recorded images using our video surveillance system for safety and security operations at the hospital.
The information we collect from you is used and provided as reasonably necessary to:
- To treat and provide care when visiting our hospital, including personal health information from both inpatient and outpatient services. This information may be shared among your doctors, nurses, residents, and all other health team members who provide care and assistance to you.
- To obtain payment for your treatment and care.
- To conduct quality improvement and risk management activities.
- To conduct research (for approved health research, and typically only using de-identified data)
- To fundraise for the improvement of our programs and services.
- To plan, administer and manage our internal operations.
- To comply with legal and regulatory requirements.
- To evaluate and track performance on employment related matter.
Southlake collects uses and discloses your Information with your knowledge and consent, except where otherwise required or permitted to do so by law.
In accordance with PHIPA, Southlake advises visitors and callers of an individual’s presence in hospital, unless the individual “opts-out” of those processes, usually at the time of registration.
If using information for “secondary” purposes (i.e. those not included in our list of primary purposes), Southlake will only do so with your expressed consent.
These would include:
- Disclosures to certain healthcare providers or services that lie outside of your obvious “circle of care”.
- Health research where some personal identification of your information is required and the hospital’s research ethics committee requires that specific consent be sought.
4. Limiting Collection
Southlake limits the collection of your Information to only those details that are necessary for the purposes identified.
5. Limiting Use, Disclosure, Retention
Your Information will only be used or disclosed for the purpose for which it was collected, unless you have otherwise consented, or when it is required or permitted by law. Southlake retains your Information for the period of time prescribed by our retention policy.
Southlake keeps Information that is collected as accurate, complete and up-to-date as necessary to fulfill the purposes for which it was collected.
Southlake takes reasonable steps to ensure your personal information is protected. The following are some examples of the specific steps we take to protect your privacy while delivering safe, high-quality care:
- Physical measures: for example, use of lockable filing cabinets and restricting access to offices;
- Organizational measures: for example, limiting access to personal information on a “need-to-know” basis;
- Technological measures: for example, the use of passwords, system access controls and encryption where appropriate;
- Regular audits of system access and use, including appropriate disciplinary action for non-compliance with legal or hospital requirements governing access to information.
Information about our policies and practices is readily available upon request as well as through posters and brochures.
You have the right to access and/or correct records of your information. To obtain access and/or request a correction to your personal health information (i.e. medical records); please visit our Heath Information webpage. For access to general records of personal information please proceed to the Freedom of Information webpage.
10. Challenging Compliance
For more information about our privacy practices, or to raise a concern you may have about these practices, please contact:
Office of Access and Privacy at Southlake Regional Health Centre
You may also make a complaint to the Information and Privacy Commissioner of Ontario if you believe we have violated your privacy rights. The Commissioner can be reached at:
Information and Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400
Tel: (416) 326-3333