Privacy FAQ
Below are the answers to some of the most commonly asked questions about privacy, personal health information and health records.
‘Personal health information’ is any information that identifies an individual and connects that individual to receiving care at Unity Health Toronto. It includes information that relates to an individual’s physical or mental health, diagnoses, testing, treatment, family health history, Substitute Decision Makers, and/or care providers.
In order to provide the best possible care for you and your family, it is necessary for us to collect, use and disclose personal health information. We collect only information that is needed to provide health care and support to our patients, residents and clients. If we need information for other reasons (e.g. to get your feedback, to understand our patient population, to do some types of research), we will ask for your consent before collecting this information.
In addition to using your personal health information to treat and care for you, Unity Health Toronto is also allowed to use that information or any de-identified information to:
- Conduct risk management activities
- Educate our agents such as students and physicians
- Conduct research
- Compile statistics
- Comply with legal and regulatory requirements
- Fulfil other purposes permitted or required by law
- Plan, administer and manage programs, services and internal operations, and enhance your safety and security in the hospital
- Get payment for your treatment and care (from OHIP, WSIB, your private insurer or others)
- Conduct quality improvement activities (such as sending patient satisfaction surveys)
- De-identify it, whenever possible, as a way to protect your information when we are handling it for purposes not related to your direct care
De-identification is the process of removing or changing pieces of information that can be used to identify you (such as your name or address). After doing a risk assessment, Unity Health will use an appropriate method of de-identification to make sure that the de-identified data will likely not be used to re-identify you.
Our Data Science and Advanced Analytics (DSAA) program uses personal health information to create artificial intelligence (AI) and analytics solutions that help us do some of the tasks listed above. AI is a kind of technology that allows machines to do tasks that would normally be done by humans, such as analysis or prediction. Creating and using AI and analytics solutions helps us to provide the best possible care and plan for internal programs and operations.
Unity Health Toronto takes steps to protect your personal health information from theft, loss and unauthorized access, copying, modification, use, disclosure, and disposal. For example, we conduct audits and complete investigations to monitor and manage privacy compliance at Unity Health Toronto.
Outside of this example, we employ various privacy safeguards from a technical, administrative and physical perspective. For more information, please email Unity Health Toronto’s Privacy Office at privacy@unityhealth.to or call 416-864-6088.
Yes, Unity Health Toronto uses personal health information, as well as de-identified information, for research and quality improvement.
The rules for research are set in the law (PHIPA) and must be followed. Often you are asked for your consent to participate in research, but some types of research involving the use of your personal health information (that carry a very low risk of harm to you) may be approved by the Research Ethics Board without your consent.
With the proper approval of the Research Ethics Board, this data may be used as part of retrospective research studies (where we look at personal health information created in the past and over time). In some studies, we use artificial intelligence, where machines help us identify patterns that are occurring and inform decisions around a diagnosis or treatment.
Additionally, with approval from the Research Ethics Board, you may be approached by a researcher with an invitation to participate in studies. If you don’t wish for researchers to connect directly with you, please update your research contact preference in MyChart or advise the researcher that you don’t want to be contacted directly by them or another, and we (Unity Health Toronto) will update your preference on your behalf.
Yes. You also have the right to request corrections. Please note that birth and death records must be requested from the Government of Ontario’s Office of the Registrar General. Please go to the Accessing Your Health Record for more information about accessing personal health information in a patient health record at this time.
A Substitute Decision Maker will be asked to make these decisions. According to the Personal Health Information Protection Act, the individual(s) who is/are highest on the following list will have the authority to approve or refuse consent to the collection, use and/or disclosure of your personal health information, if that person is capable of consenting, is at least 16 years old or the parent, is not prohibited by court order, is available and is willing to assume the responsibility of making the decision.
- Court appointed guardian for personal care
- Attorney for personal care
- A representative appointed by the Consent and Capacity Review Board
- Spouse or partner
- Child or parent (or other person lawfully entitled to take the place of a parent)
- Parent who only has right of access
- Brother or sister
- Any other relative related by blood, marriage, or adoption
- Public guardian and trustee
Yes. A Substitute Decision Maker has the same right to access the patient’s record as the patient would if your relative were capable. You may be asked to complete a form requesting access or to provide evidence that you are the patient’s Substitute Decision Maker.
Unless you object, we will provide general information about your health status. This includes the name of the clinical program you are in, where your room is located, and your general health status, such as “doing well” or “no change.” If someone is seeking more detailed information on your health, they will require written consent from you or your Substitute Decision Maker.
Upon discharge, health records are kept in for a minimum of 10 years, in accordance with provincial legislation.
Yes. You can communicate with the hospital through electronic means like emails or text messages, but only if we have your consent to do so.
Remember emails and text messages are not protected in the same way that phone calls and letter mail are protected. You should be aware of the risks and terms associated with using emails or text messages for care. You can learn more about these risks in this Patient Information Sheet.
You can change your mind at any time and withdraw your consent to communicate via emails and text messages by contacting your doctor or care team.
Yes, you can limit access to your personal health information for healthcare purposes by asking for a consent directive, also known as a ‘lockbox.’ There are several kinds of consent directives – you can lock your entire health record, a specific visit, or a particular staff member(s) from seeing your record. Contact the Unity Health Toronto Privacy Office for more information or to add a consent directive to your account.
If you would like to withdraw your consent for other specific uses or disclosures listed in this privacy FAQ, please contact the privacy office. Please note that patients seeking to withdraw their consent for participation in a clinical research study must contact the primary investigator or research coordinator of the study to do so.
While Unity Health Toronto takes steps to avoid processing or storage of data outside of Canada where possible, some support services are provided by vendors in the U.S or subject to U.S. laws. In these cases, patient personal information is subject to the laws of the foreign jurisdiction which may be different, and less protective, than those of Canada.
Last updated November 28, 2024