Your privacy is important to us.
The Personal Health Information Protection Act (PHIPA, 2004) establishes a privacy framework for protecting personal health information in Ontario. Under the Act, the eHealth Centre of Excellence in its development, provision and/or deployment of various digital health programs and services, acts variously as:
An organization is responsible for personal information under its control and must designate an individual or individuals who are accountable for the organization’s compliance with the following principles.
The purposes for which personal information is collected must be identified by the organization at or before the time the information is collected.
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
The collection of personal information must be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
Personal information must not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information must be retained only as long as necessary for the fulfillment of those purposes.
Personal information must be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
Personal information must be protected by safeguards appropriate to the sensitivity of the information.
An organization must make readily available to individuals, specific information about its policies and practices relating to the management of personal information.
Upon request, an individual must be informed of the existence, use, and disclosure of his or her personal information and be given access to that information. An individual must be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
An individual must be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance.
(For eReferral and eCE Automates)
If you have questions or would like more information, please contact us at [email protected].