Patient Privacy

Your personal health information belongs to you and as a custodian of the information, we hold it in trust for you.

Collection of personal health information

We collect your personal health information under the authority of the Personal Health Information Protection Act, 2004 (PHIPA). The personal health information that we collect from patients may include contact information, medical history, medical test results and details of the care you received during prior visits to Sinai Health or to other hospitals. We may also collect personal health information about you from other sources unless you have advised us not to.

Use and disclosure of personal health information

Personal health information is used first and foremost to provide you with clinical care. We also use and/or disclose your personal health information to:

• Obtain payment for treatment and care (from OHIP, WSIB, your private insurer or others)
• Undertake clinical research studies
• Conduct quality improvement activities (such as sending a patient satisfaction survey)
• Conduct risk management activities
• Teach
• Fundraise through the Hospital Foundation, to improve our health-care services and programs (only your name and address are given, unless you instruct us that you prefer that your information not to be shared)
• Plan, administer and manage Sinai Health and its programs
• Compile statistics
• Fulfil other purposes as required by law
• De-identify it, whenever possible, as a way to protect your information when we are handling it for purposes not related to your direct care

De-identification is the process of removing or changing pieces of information that can be used to identify you (such as your name or address). After doing a risk assessment, Sinai Health will use an appropriate method of de-identification to make sure that the de-identified data will likely not be used to re-identify you.

The Canadian Standards Association has developed ten Privacy Principles that underpin both Canadian and Ontario privacy legislation. These form the basis of our Privacy Policy and how Sinai Health collects, uses, discloses and safeguards the personal information (including personal health information) we hold about you.

1. Accountability: We are a health information custodian under PHIPA and are responsible for the collection, use and disclosure of personal health information in our custody or control. Our privacy contact person is accountable for compliance with our Privacy Policy, and can be reached at [email protected] or 416-586-4800 ext. 2101.

2. Identifying purposes for collecting personal information: We will identify the purposes for which personal information is collected at or before the time the information is collected.

3. Consent for collection, use and disclosure of personal information: Your knowledge and consent (or that of a person authorized to consent on your behalf) is required for the collection, use or disclosure of personal health information, except where otherwise permitted or required by law.

4. Limiting collection of personal information: We will limit the collection of personal information to that which is necessary for the authorized purposes identified. Information will be collected by fair and lawful means.

5. Limiting use, disclosure and retention of personal information: Unless the individual consents otherwise or it is required by law, personal information can only be used or disclosed for the purposes for which it was collected. Personal information will be retained only as long as necessary to serve those purposes.

6. Accuracy of personal information: Personal information will be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.

7. Ensuring safeguards for personal information: Personal information will be protected by security safeguards appropriate to the nature and format of the information being stored.

8. Openness about privacy policy: We will provide you with specific information about our policies and practices relating to how we manage your personal information.

9. Individual access to personal information: Upon written request by you or your substitute decision-maker, we will inform you of the existence, use and disclosure of your personal information and will give you access to that information, with limited exceptions. You may challenge the accuracy and completeness of the information and may request to have it amended.

10. Challenging compliance with the privacy policy: You may address a challenge or complaint concerning compliance with the above principles to the Privacy Office at [email protected] or to the provincial Information Privacy Commissioner www.ipc.on.ca.

Should you wish to restrict access to your personal health information, please discuss your options with the admitting clerk, your care provider or contact the Privacy Office at 416-586-4800 ext. 2101.

Some ways to restrict access to your information include:

Phone inquiries: Upon admission to the Hospital, your name, location in the Hospital and general health status will be given to anyone who telephones asking about you, or who comes to the Information Desk. If you wish to be removed from the directory, tell the admitting clerk at the time of admission or contact the Privacy Office at 416-586-4800 ext. 2101.

Fundraising: Please let the admitting clerk or our Privacy Office know if you do not wish to be contacted by the Foundation to be asked to support the Hospital. Otherwise we are permitted by law to share your name and address to the Foundation 60 days after you are discharged.

Religion: Your name and location in the Hospital is given to a hospital chaplain who may visit with you. If you would prefer not be visited by a chaplain you can choose to not provide us with your religion during the admitting process.

Consent: We collect, use and disclose your personal health information for the purpose of your continued care or as required by law. We require your consent for other purposes such as sending your information to your lawyer.

If you believe that the personal health information we have recorded about you is inaccurate or incomplete, please raise this with your care provider or send this Correction Request Form to our Privacy Office.

Where can I get more information about my rights with respect to my personal health information (PHI)?

Contact our Privacy Office:

Phone: 416-586-4800 ext. 2101
Email: [email protected]

Please do not include personal health information in any emails, since email is not a secure method of transfer.

Contact the Information and Privacy Commissioner of Ontario (IPC):

Website: Information and Privacy Commissioner of Ontario
Phone: 416-326-3333 (Toronto area) or 1-800-387-0073 (toll-free in Ontario)

The IPC has extensive information about the protection of health information as it pertains to the legislation.

What are examples of how Sinai Health protects my information?

• Teaching our employees, professional staff, researchers, volunteers and students about confidentiality. They must sign a confidentiality agreement as a condition of their relationship with the Hospital;
• Requiring all staff to wear photo identification at all times while on hospital property to protect against unauthorized individuals accessing information;
• Requiring all staff with access to electronic health information systems to be issued their own user ID and password to access the system, which is subject to timeouts. Staff are not to share their IDs nor leave their systems unattended;
• Applying additional security measures to all electronic health records – for example, firewalls; anti-virus protection; encryption of mobile devices;
• Locking doors and filing cabinets;
• Employing security personnel; and
• Conducting regular, randomized audits on health records.

Does Sinai Health sell patient information?

No. Sinai Health does not sell patient information to anyone.

Is my personal health information shared with any external electronic systems?

Sinai Health may disclose your PHI to electronic systems that are shared (accessible) by multiple health-care organizations across Ontario. These systems can be accessed by care providers outside of Sinai Health who are involved in your “circle of care”, only if the information is needed to provide you with care or assess whether it is appropriate to provide you with care (for example, to refer or transfer you).

Sinai Health also contributes to other prescribed registries and entities that support quality patient care, as permitted or required by law.

Some of the systems we contribute to include:

• ConnectingOntario (cON)
• Ontario Laboratory Information System (OLIS)
• Ontario Clinical Imaging Network (OCINet)
• the electronic Child Health Network (eCHN)
• BORN Ontario
• CorHealth Ontario
• CytoBase
• Institute for Clinical Evaluation Services (ICES)
• Canadian Institute for Health Information (CIHI)

When may I be required to provide consent? What happens if I am unable to provide consent?

Examples include consent for researchers to store and use your personal health information for clinical studies, or consent to disclose your personal health information to your private insurance company to facilitate payment of your bill.

If you are unable to provide consent directly to the Hospital regarding your personal health information, your substitute decision-maker (such as your spouse, parent, adult child or guardian) or someone you have designated under a power of attorney for personal care or property will have the authority to make decisions for you. This person is bound by law to act on your behalf and to make decisions based on their interpretation of your prior capable wish, if known, or otherwise based on your values and beliefs.

How do I appoint a friend as my attorney for personal care so that this person can access my personal health information and make related decisions?

The Office of the Public Guardian and Trustee (OPGT) provides helpful information kits about writing a Power of Attorney for Personal Care (as well as a Power of Attorney for Property). Visit the OPGT online here, or you can call them directly in Toronto at 416-314-2800 or toll-free at: 1-800-366-0335.

If you are capable to make decisions about your own information, you can simply give consent to share your personal health information with someone else; you can also delegate any decisions to that person. If you have been found incapable of making these information decisions, your substitute decision-maker under PHIPA (or for treatment under the Health Care Consent Act) will make them according to an established ranking. While you do not technically need a power of attorney, many people choose to sign one in order to set out their specific health care and information wishes, or to choose a different substitute decision-maker.

How can my family and friends find out where I am in the Hospital?

Patient inquires for Mount Sinai can be made to the switchboard at 416-596-4200 and for Hennick Bridgepoint at 416-461-8252. An operator will confirm that you are in hospital and provide your location to the visitor or caller. If you do not want this information released, please tell the admitting clerk who registers you, a member of the health-care team or contact the Privacy Office at 416-586-4800 ext. 2101.

Will my family and friends be able to call and get information about me over the phone?

When someone calls the Hospital, staff has no way to verify who is calling and their relationship to you. Normally, in order to protect patient privacy, only minimal information is given out over the phone, unless as mentioned above, you have advised us that you do not want any information released.

We ask patients to appoint one family or friend representative with whom to share information about you over the telephone. All other persons telephoning will be directed to you and/or the representative.

Personalized and/or password protected internet web pages offer a safe and efficient way to share information about a patient with family and friends. There is no fee for this service.

Will my family see my personal health information?

Although you have the right to access your health record, this right does not automatically extend to family members and/or friends. If you consent to have a friend or family member see your record, he/she will be able to access all or part of the record you have consented to share with them. If you become incapable to consent to treatment, or to give consent to collect, use or disclose your personal health information, your substitute decision-maker will have access to any personal health information required in order to assist him or her to make decisions on your behalf.

Will you contact me after I am discharged as a patient?

The law allows us to contact you for purposes of fundraising through Sinai Health Foundation or patient satisfaction surveys, subject to certain rules. If you do not wish to be contacted for these purposes, please contact the Privacy Office at 416-586-4800 ext. 2101 to ask to have your name removed from these lists.

How do I report a privacy concern?

Privacy concerns and questions can be raised directly with the Privacy Office at 416-586-4800 ext. 2101. Concerns will be investigated and if a privacy breach has occurred, we will follow up with staff and will also keep you informed.

If you are dissatisfied with the response you receive from Sinai Health, you have the further right to raise your concerns with the Information and Privacy Commissioner of Ontario (IPC), toll-free at 1-800-387-0073.

Can I take photos or audio/visual recordings during my visit?

We recognize that patients and visitors may want to capture their hospital experience for a variety of reasons. In many cases, recordings can benefit patients by helping them understand and remember the information they are being provided by their care team. However, it is not permitted to photograph, video/audio record, or livestream anyone without their explicit consent or in a manner that interferes with care. Consent must be obtained from all members of your care team who may be included in any images or footage before you proceed with any photography or audio/video recording.

All patients and visitors are also expected to comply with any signage prohibiting the use of phones and other recording devices while on hospital premises.

You may be asked to stop taking a photo, video, or audio recording and delete any recordings taken if your actions interfere with care or services being provided. Please note that failure to comply with these guidelines may result in escalation to hospital security.

These rules are in place to support people’s privacy, the patient/provider therapeutic relationship, and a respectful environment. We appreciate your anticipated cooperation.

Does any of my health information leave Canada?

At Sinai Health, we generally process and store your data within Canada. However, there are circumstances where support services are provided by vendors outside of the country.

When your PHI is processed or stored abroad, it is subject to the laws of that jurisdiction, which may be different than Canadian laws. We work with the vendor to implement adequate safeguards to protect your information in accordance with Ontario’s health privacy law.