Privacy

E-Learning Home Page
M1 - Introduction to Privacy & Confidentiality
M2 - 10 Principles
M3 - Patient Rights
M4 - Maintaining Confidentiality
M5 - Scenario-Based Learning
 

Module 1: Introduction to Privacy and Confidentiality

Personal Health Information Act (PHIPA)

On November 1, 2004, the Ontario government enacted the Personal Health Information Protection Act (PHIPA). The Act establishes a standard set of rules for hospitals and all individuals who collect, use, disclose, and retain personal health information (PHI). These rules apply to hospital employees as well as physicians, volunteers, students, and contracted agents (hereafter referred to as “affiliates”).

The London hospitals have developed PHIPA-compliant policies. See the Privacy Intranet site for a listing of all these policies and for supporting documents for each policy.

What is Privacy?
Privacy, in the context of hospitals, is the right of a patient to control his or her own personal health information, unless the collection, use and/or disclosure of the information is permitted or required by law. In other words, a patient can determine how, when, and to what extent, they will permit the use and sharing of their information.

See the Privacy Policy for your organization (Link will only work in hospital)
LHSC

What is Confidentiality?
Confidentiality is the obligation of employees and affiliates (definition) to protect information entrusted to them and to use it only for the intended purpose. This obligation applies regardless of format of the information, i.e. verbal, written, and electronic.

See the Confidentiality Policy for your organization
LHSC

Although Ontario’s Privacy law (PHIPA) governs “health information”, the principles of the law must be applied to all confidential information.

What information is considered confidential?

LHSC considers the following types of information to be confidential:

  • Identifiable personal information and personal health information regarding patients and their families;
    • Examples of personal information include name, date of birth, address;
    • Examples of personal health information include information relating to previous health problems, the record of visits to the hospital, and what health care we provide during those visits. Anything in a patient’s health record would be considered personal health information.

  • Identifiable personal information, personal health information, employment information, and compensation information regarding staff and affiliates; and,

  • Information regarding the confidential business information of the organization, which is not publicly disclosed by the organization. The Confidentiality policy further explains what is meant by this term.

Confidentiality at the London Hospitals
LHSC and St. Joseph's have a responsibility to ensure confidentiality is maintained by their employees and affiliates. Failure to maintain confidentiality may result in disciplinary action, including:

  • Termination of employment
  • Loss of privileges
  • Loss of affiliation
  • Termination of contract
  • Report to your professional college
  • Civil action
  • Institutional and personal fines

Next (10 principles)

back to top


LHSC home page