Privacy FAQ
Below are the answers to some of the most commonly asked questions about privacy, personal health information and health records.
‘Personal health information’ is any information that identifies an individual and connects that individual to receiving care at Unity Health Toronto. It includes information that relates to an individual’s physical or mental health, diagnoses, testing, treatment, family health history, Substitute Decision Makers, and/or care providers.
In order to provide the best possible care for you and your family, it is necessary for us to collect, use and disclose personal health information. We collect only information that is needed to provide health care and support to our patients, residents and clients. If we need information for other reasons (e.g. to get your feedback, to understand our patient population, to do some types of research), we will ask for your consent before collecting this information.
In addition to using your personal health information to treat and care for you, Unity Health Toronto is also allowed to use that information or any de-identified information to:
- Conduct risk management activities
- Educate our agents such as students and physicians
- Conduct research
- Compile statistics
- Comply with legal and regulatory requirements
- Fulfil other purposes permitted or required by law
- Plan, administer and manage programs, services and internal operations, and enhance your safety and security in the hospital
- Get payment for your treatment and care (from OHIP, WSIB, your private insurer or others)
- Conduct quality improvement activities (such as sending patient satisfaction surveys)
- De-identify it, whenever possible, as a way to protect your information when we are handling it for purposes not related to your direct care
De-identification is the process of removing or changing pieces of information that can be used to identify you (such as your name or address). After doing a risk assessment, Unity Health will use an appropriate method of de-identification to make sure that the de-identified data will likely not be used to re-identify you.
Yes, Unity Health Toronto uses personal health information, as well as de-identified information, for research and quality improvement.
The rules for research are set in the law (PHIPA) and must be followed. Often you are asked for your consent to participate in research, but some types of research (that carry a very low risk of harm to you) may be approved by the Research Ethics Board to begin without your consent. There is a similar process followed when personal health information is used for quality improvement purposes, for example when cases are reviewed to identify opportunities to improve care.
Our St. Michael’s site also houses the Li Ka Shing Centre for Healthcare Analytics Research and Training (LKS-CHART) research program, which uses the personal health information stored in Unity Health Toronto’s enterprise data warehouse. The enterprise data warehouse contains a copy of all of the major sources of personal health information in the hospital. With that, we can do program planning, risk management and research.
With the proper approval of the Research Ethics Board, this data may be used as part of retrospective research studies (where we look at personal health information created in the past and over time). In some studies, we use ‘predictive analytics’, where machines help us identify patterns that are occurring and inform decisions around a diagnosis or treatment.
You can see which studies are being conducted in the LKS-CHART research program by visiting ChartDataScience.ca.
If you do not want your personal health data to be used in any retrospective LKS-CHART research, please contact the Privacy Office. Please note that if you register to be excluded from retrospective research, you may still be asked in the future if you would like to participate in prospective studies, such as clinical trials.
Yes. You also have the right to request corrections. Please note that birth and death records must be requested from the Government of Ontario’s Office of the Registrar General. Please go to the Accessing Your Health Record for more information about accessing personal health information in a patient health record at this time.
A Substitute Decision Maker will be asked to make these decisions. According to the Personal Health Information Protection Act, the individual(s) who is/are highest on the following list will have the authority to approve or refuse consent to the collection, use and/or disclosure of your personal health information, if that person is capable of consenting, is at least 16 years old or the parent, is not prohibited by court order, is available and is willing to assume the responsibility of making the decision.
- Court appointed guardian for personal care
- Attorney for personal care
- A representative appointed by the Consent and Capacity Review Board
- Spouse or partner
- Child or parent (or other person lawfully entitled to take the place of a parent)
- Parent who only has right of access
- Brother or sister
- Any other relative related by blood, marriage, or adoption
- Public guardian and trustee
Yes. A Substitute Decision Maker has the same right to access the patient’s record as the patient would if your relative were capable. You may be asked to complete a form requesting access or to provide evidence that you are the patient’s Substitute Decision Maker.
Unless you object, we will provide general information about your health status. This includes the name of the clinical program you are in, where your room is located, and your general health status, such as “doing well” or “no change.” If someone is seeking more detailed information on your health, they will require written consent from you or your Substitute Decision Maker.
Upon discharge, health records are kept in for a minimum of 10 years, in accordance with provincial legislation.
Yes. You can communicate with the hospital through electronic means like emails or text messages, but only if we have your consent to do so.
Remember emails and text messages are not protected in the same way that phone calls and letter mail are protected. You should be aware of the risks and terms associated with using emails or text messages for care. You can learn more about these risks in this Patient Information Sheet.
You can change your mind at any time and withdraw your consent to communicate via emails and text messages by contacting your doctor or care team.
While Unity Health Toronto takes steps to avoid processing or storage of data outside of Canada where possible, some support services are provided by vendors in the U.S or subject to U.S. laws. In these cases, patient personal information is subject to the laws of the foreign jurisdiction which may be different, and less protective, than those of Canada.
Last updated January 25, 2023