Protecting Your Privacy

COVID-19 has temporarily changed the way the privacy office receives and communicates concerns and requests from patients (or about personal health information) under the Personal Health Information Protection Act, as well as requests for organizational information under the Freedom of Information & Protection of Privacy Act. Due to COVID-19 there may be delays in receiving mail and couriers to the Privacy Office.

  • Please call the Privacy Office at 416-864-6088 to discuss patient-related questions, concerns or requests. Emails can be sent to privacy@unityhealth.to, but users should note that email is not secure. Email sent to this address could be seen by email or internet service providers, or intercepted and seen by others. Only send information that you do not feel is sensitive. 
  • Please send FOI requests for organizational information to fippa@unityhealth.to or call us at 416-864-6088 to discuss.
  • Please go to the Accessing Your Health Record for more information about accessing a patient health record at this time. For more information, visit our FAQ About Your Personal Health Information.

Privacy at Unity Health Toronto

The role of the Privacy Office at Unity Health Toronto is to ensure that the personal health information of our patients, clients and residents is kept just that – personal. At Unity Health Toronto, we are committed to protecting the privacy and confidentiality of your information. The role of the Privacy Office at Unity Health Toronto is to ensure that the personal health information of our patients, clients and residents is kept just that – personal. 

Ontario’s Personal Health Information Protection Act (PHIPA) lists the rules for the collection, use and disclosure (sharing) of personal health information. 

Our Commitment to You 

As part of our commitment to protecting the information of our patients, clients and residents, we have a number of policies in place for physicians, staff, volunteers and researchers that address confidentiality and privacy, security, and release of records. For a summary of how we protect personal health information, view our Privacy Notice.

For more information on how to access your health records and more, click on the links below. 

A Directory of Records lists and provides general descriptions of the types of records held by Unity Health Toronto. The purpose of the directory is to assist the public in understanding what records our organization maintains. This can help inform searches and requests for records.

Unity Health Toronto values being an open and transparent organization. We proactively disclose a wide range of information through our website, which can be accessed by using the links below.

In addition to this public information, Unity Health Toronto holds several categories of records that allow us to care for our patients and conduct the business of the hospital safely and effectively. These include:

  • Capital Projects – Records relating to the planning, construction and commissioning of new, expanded and renovated hospital facilities.
  • Clinical Programs – Records relating to the management and delivery of health-care services and resources provided by the hospital to patients and to the broader community.
  • Finance – Records relating to financial management functions, including accounting transactions, accounts payable, accounts receivable, reconciliations, financial reporting and accompanying documentation. These records may include requisitions, deposit control reports, direct payments and bank transfers, records relating to employee expenses, purchase orders and purchase cards.
  • Human Resources – Records relating to the management of hospital employees, volunteers, students, physicians and residents.
  • Information Management & Information Technology – Records relating to the maintenance, development and management of the hospital’s information assets and information technology.
  • Procurement – Records relating to the hospital’s procurement processes. Records may include documents relating to procurement development, vendor evaluations and contract management.
  • Communications & Public Affairs – Records relating to maintaining and enhancing the hospital’s reputation, developing internal and external relations, and disseminating information.
  • Facilities and Property – Records relating to the management of the hospital’s facilities and real property.
  • Equipment and Supplies – Records relating to the management of the hospital’s movable property and supplies.
  • Teaching & Learning – Records relating to the provision of instruction and the operation of academic programs.
  • Research – Records relating to the development of knowledge that provides insight into clinical and scientific issues affecting health.
  • Clinical Support Services – Records relating to the management and delivery of clinical support services including laboratories, diagnostic imaging and pharmacy.
  • Executive Offices – Records relating to the administrative management within the executive offices.

Freedom of information (FOI) requests apply to business- and staff-related information governed by the Freedom of Information and Protection of Privacy Act (FIPPA). To access the health record of a patient or resident, go to How to Access Your Health Record.

What is FIPPA?

The Freedom of Information and Protection of Privacy Act (FIPPA) is a provincial law that applies to most public institutions, including all hospitals and long-term care homes. The two main purposes of FIPPA are to provide the public a right of access to information about how an organization is run and to protect the privacy of personal information and other confidential information that Unity Health Toronto holds.

What type of information is available under FIPPA?

Operational or business records, including administrative or financial records, held by the hospital on or after January 1, 2007 may be requested under FIPPA. Anyone can ask to see general records (such as administrative, operational, and expense records). Please see our Directory of Records for a list of the types of information held by our organization.

Additionally, individuals (who are not patients) can ask to see and correct their own personal information.

Some types of information are excluded from FIPPA, for example:

  • Quality of care information (as defined in the Quality of Care Information Protection Act)
  • Ecclesiastical records
  • Operations of the hospital foundation
  • Administrative records of a member of a health profession that relates to their personal practice
  • Research records
  • Charitable donations made to the hospital
  • Records relating to appointments and privileges
  • Certain labour relations or employment-related matters
  • Teaching materials

FIPPA also requires our organization to redact (leave out) certain types of information, including:

  • Third-party (corporate confidential) information
  • Information that is another person’s personal information

Finally, FIPPA allows our organization to choose to redact (leave out) certain types of information, including:

  • Certain types of advice or recommendations given to the organization
  • Information that could inhibit a law enforcement activity or investigation
  • Information that could affect the economic or other interests of the organization
  • Information from closed meetings
  • Legally privileged information
  • Information that poses a danger to safety or health

Please refer to FIPPA for a full list of exclusions and exemptions.

How do I make a FIPPA access request?

First, start by determining what records you need.

  1. If you are looking to access your own health record or a family member’s health record, go to How to Access Your Health Record.
  2. Unity Health already makes some information readily available to the public. You can search our websites for the information before making an access request.
  3. Contact the Privacy Office to discuss your request or email fippa@unityhealth.to.

If the information you are looking for is not already publicly available, complete an Freedom of Information Access Request form and mail or deliver your written request to the Privacy Office.

Please note: A $5 application fee is required to process your FOI request. You can make cheques or money orders payable to St. Michael’s Hospital (for requests for information related to any Unity Health Toronto site, including Providence, St. Joseph’s and/or St. Michael’s). Cash payments must be made in person.

Tips for making an FOI request

  1. Make your request as clear and specific as possible. To avoid large processing costs and/or time delays, consider ways to narrow your request. The FOI coordinator will work with you to identify hospital records that are most responsive to your requirements.
  2. Provide as much detail as possible to specify which records you require. If possible, provide a date or time period for the records you are requesting.
  3. If you are unsure what records you might need or how to describe the records, contact our privacy office for help.

What happens after I make my request?

 We will respond within 30 days of receiving an FOI access request. Depending on the type of information you are looking for or the length of time it may take to collect the information, a time extension may be required, as allowed under FIPPA. We will communicate with you about the amount of time it will take to respond to your request and if there are additional steps that will be taken with your request (e.g. external review by owners of third party information).

There may be an additional fee charged to fill your request, depending on the size of the request. Fees can be charged for searching for records, preparing records and/or making copies of the record for release. If fees are estimated to exceed $100, you will be required to pay a 50 per cent deposit before your request is processed.

If you are not satisfied with our decision concerning your request, you may contact the office of the information and privacy commissioner of Ontario.

For more information about how we handle your personal health information and protect your privacy, or to raise a concern you may have about our practices, please contact us.

Please note that the security of email messages is not guaranteed. Messages may be forged, forwarded, or seen by others using the internet. Patients should not use email to discuss sensitive information, or use email in an emergency since email delivery may be delayed.

Privacy Office
Unity Health Toronto c/o St. Michael’s Hospital
30 Bond St.
Toronto, Ontario M5B 1W8
416-864-6088
privacy@unityhealth.to

If you are not satisfied with how we resolve your question or concern, you may contact the Information and Privacy Commissioner of Ontario at:

Information and Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario M4W 1A8
416-326-3333
commissioner@ipc.on.ca
www.ipc.on.ca

Last updated May 31, 2021