Patient privacy is a top priority at Sinai Health. To that end, we have stringent practices and processes in place to ensure privacy protection for all of our patients and to comply with legislation. Sinai Health collects personal health information of its patients under the authority of the Personal Health Information Protection Act, 2004 (PHIPA). As a patient, you have the right to:
- Have your personal health information kept confidential, with limited exceptions;
- Access your personal health information;
- Request a correction of incomplete or inaccurate information contained in your health record.
Through a robust privacy protection framework, we educate Sinai’s community of caregivers about ways to protect patient privacy and ensure compliance with Ontario’s privacy legislation. This includes staff training, confidentiality agreements, policies that outline Hospital privacy expectations, regular audits of access to patient records, and security controls that apply to both paper and electronic medical records.
To address any privacy questions or concerns that you may have, please contact our Privacy Office.
Your Personal Health Information
Your personal health information belongs to you and as a custodian of the information, we hold it in trust for you.
Collection of Personal Health Information:
We collect your personal health information under the authority of the Personal Health Information Protection Act, 2004 (PHIPA). The personal health information that we collect from patients may include contact information, medical history, medical test results, and details of the care you received during prior visits to Sinai Health or to other hospitals. We may also collect personal health information about you from other sources unless you have advised us not to.
Use and Disclosure of Personal Health Information:
Personal Health Information is used first and foremost to provide you with clinical care. We also use and disclose your personal health information to:
- Obtain payment for treatment and care (from OHIP, WSIB, your private insurer or others)
- Undertake clinical research studies
- Conduct quality improvement activities (such as sending a patient satisfaction survey)
- Conduct risk management activities
- Fundraise, through the Hospital Foundation, to improve our healthcare services and programs (only your name and address are given, unless you instruct us that you prefer that your information not to be shared)
- Plan, administer and manage Sinai Health and its programs
- Compile statistics
- Fulfil other purposes as required by law
- Identifying purposes for collecting personal information: We will identify the purposes for which personal information is collected at or before the time the information is collected.
- Consent for collection, use, and disclosure of personal information: Your knowledge and consent (or of a person authorized to consent on your behalf) is required for the collection, use or disclosure of personal health information, except where otherwise permitted or required by law.
- Limiting collection of personal information: We will limit the collection of personal information to that which is necessary for the authorized purposes identified. Information will be collected by fair and lawful means.
- Limiting use, disclosure, and retention of personal information: Personal information will not be used or disclosed for purposes other than those for which it was collected. Personal information will be retained only as long as necessary to fulfil those purposes.
- Accuracy of personal information: Personal information will be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
- Ensuring safeguards for personal information: Personal information will be protected by security safeguards appropriate to the nature and format of the information being stored.
- Individual access to personal information: Upon written request by you or your substitute decision-maker, we will inform you of the existence, use and disclosure of your personal information and will give you access to that information, with limited exceptions. You may challenge the accuracy and completeness of the information and may request to have it amended.
Restricting Access to your Health Record
Should you wish to restrict access to your personal health information, please discuss your options with the Admitting Clerk, your Care Provider or contact the Privacy Office at (416) 586-4800 ext. 2101.
Some ways to restrict access to your information include:
- Phone inquiries: Upon admission to the Hospital, your name, location in the Hospital and general health status will be given to anyone who telephones asking about you, or who comes to the Information Desk. If you wish to be removed from the directory, tell your Admitting Clerk at the time of admission or contact the Privacy Office at (416) 586-4800 ext. 2101.
- Fundraising: Please let your Admitting Clerk or our Privacy Office know if you do not wish to be contacted by the Foundation to be asked to support the hospital. Otherwise we are permitted by law to share your name and address to the Foundation 60 days after you are discharged.
- Religion: Your name and location in the Hospital is given to a hospital chaplain who may visit with you. If you would prefer not be visited by a chaplain you can choose to not provide us with your religion during the admitting process.
- Consent: We collect, use and disclose your personal health information for the purpose of your continued care or as required by law. We require your consent for other purposes such as sending your information to your lawyer.
Corrections to your Health Record
If you believe that the personal health information we have recorded about you is inaccurate or incomplete, please raise this with your care provider or contact Health Records Services at 416-586-4800 ext. 2649 (Mount Sinai Hospital) or 416-461-8252 ext. 2040/ 2299 (Hennick Bridgepoint Hospital).
Frequently Asked Questions - Privacy
Where can I get more information about my rights with respect to my personal health information?
- Contact our Privacy Office at (416) 586-4800 ext. 2101 or [email protected] (but please do not include personal health information in any emails, since email is not a secure method of transfer)
- The Information and Privacy Commissioner of Ontario (www.ipc.on.ca) has extensive information about the protection of health information as it pertains to the legislation.
What are examples of how Sinai Health protects my information?
- Teaching our employees, professional staff, researchers, volunteers and students about confidentiality. They must sign a confidentiality agreement as a condition of their relationship with the Hospital;
- Requiring all staff to wear photo identification at all times while on hospital property to protect against unauthorized individuals accessing information;
- Requiring all staff with access to electronic health information systems to be issued their own user ID and password to access the system, which is subject to timeouts. Staff are not to share their IDs nor leave their systems unattended;
- Applying additional security measures to all electronic health records – for example, firewalls; anti-virus protection; encryption of mobile devices;
- Locking doors and filing cabinets;
- Employing security personnel; and
- Conducting regular, randomized audits on health records.
Does Sinai Health sell patient information?
No. Sinai Health does not sell patient information to anyone.
Is my personal health information shared with any external electronic systems?
Sinai Health may disclose your PHI to electronic systems that are shared (accessible) by multiple health care organizations across Ontario. These systems can be accessed by care providers outside of Sinai Health who are involved in your “circle of care”, only if the information is needed to provide you with care or assess whether it is appropriate to provide you with care (for example, to refer or transfer you).
Sinai Health also contributes to other prescribed registries and entities that support quality patient care, as permitted or required by law.
Some of the systems we contribute to include: ConnectingOntario (cON), Ontario Laboratory Information System (OLIS), Ontario Clinical Imaging Network (OCINet), the electronic Child Health Network (eCHN), BORN Ontario, CorHealth Ontario, CytoBase, the Institute for Clinical Evaluation Services (ICES), and the Canadian Institute for Health Information (CIHI).
When may I be required to provide consent? What happens if I am unable to provide consent?
Examples include consent for researchers to store and use your personal health information for clinical studies, or consent to disclose your personal health information to your private insurance company to facilitate payment of your bill.
If you are unable to provide consent directly to the Hospital regarding your personal health information, your substitute decision-maker (such as your spouse, parent, adult child or guardian) or someone you have designated under a power of attorney for personal care or property will have the authority to make decisions for you. This person is bound by law to act on your behalf and to make decisions based on their interpretation of your prior capable wish, if known, or otherwise based on your values and beliefs.
How do I appoint a friend as my attorney for personal care so that this person can access my personal health information and make related decisions?
The Office of the Public Guardian and Trustee (OPGT) provides helpful information kits about writing a Power of Attorney for Personal Care (as well as a Power of Attorney for Property). Visit them online here, or you can call them directly in Toronto at (416) 314-2800 or toll-free at: 1-800-366-0335..
If you are capable to make decisions about your own information, you can simply give consent to share your personal health information with someone else; you can also delegate any decisions to that person. If you have been found incapable of making these information decisions, your substitute decision-maker under PHIPA (or for treatment under the Health Care Consent Act) will make them according to an established ranking. While you do not technically need a power of attorney, many people choose to sign one in order to set out their specific health care and information wishes, or to choose a different substitute decision-maker.
How can my family and friends find out where I am in the Hospital?
Patient inquiries can be made to the switchboard, 416-596-4200. An operator will confirm that you are in hospital and provide your location to the visitor or caller. If you do not want this information released, please tell the Admitting Clerk who registers you, a member of the health care team or contact the Privacy Office at 416-586-4800 ext. 2101.
Will my family and friends be able to call and get information about me over the phone?
When someone calls the Hospital, staff has no way to verify who is calling and their relationship to you. Normally, in order to protect patient privacy, only minimal information is given out over the phone, unless as mentioned above, you have advised us that you do not want any information released.
We ask patients to appoint one family or friend representative with whom to share information about you over the telephone. All other persons telephoning will be directed to you and/or the representative.
Personalized and/or password protected Internet Web pages offer a safe and efficient way to share information about a patient with family and friends. There is no fee for this service.
Will my family see my personal health information?
Although you have the right to access your health record, this right does not automatically extend to family members and/or friends. If you consent to have a friend or family member see your record, he/she will be able to access all or part of the record you have consented to share with them. If you become incapable to consent to treatment, or to give consent to collect, use or disclose your personal health information, your substitute decision-maker will have access to any personal health information required in order to assist him or her to make decisions on your behalf.
Will you contact me after I am discharged as a patient?
The law allows us to contact you for purposes of fundraising through the Hospital Foundation or patient satisfaction surveys, subject to certain rules. If you do not wish to be contacted for these purposes, please contact the Privacy Office at (416) 586-4800 ext. 2101 to ask to have your name removed from these lists.
How do I report a privacy concern?
Privacy concerns and questions can be raised directly with the Privacy Office at (416) 586-4800 ext. 2101. Concerns will be investigated and if a privacy breach has occurred, we will follow up with staff and will also keep you informed.
If you are dissatisfied with the response you receive from Sinai Health, you have the further right to raise your concerns with the Information and Privacy Commissioner of Ontario (IPC), toll-free at 1-800-387-0073.
Privacy Request Forms
Sinai Health’s Privacy Office: 416-586-4800 ext. 2101 (or for general inquiries, [email protected] (please do not send personal health information via email since it is not a secure method of transfer)
Office of the Information Privacy Commissioner of Ontario: www.ipc.on.ca, in Toronto area at 416-326-3333 or toll-free in Ontario at 1-800-387-0073.
If you would like to access your personal health record, please visit Health Records for details.
Health Information Network Provider
Sinai Health is a Health Information Network Provider (HINP) when we provide services to two or more Health Information Custodians (HICs) for the primary purpose of enabling the custodians to use electronic means to disclose personal health information to one another. Below is some information on the systems for which we are the HINP.
RSVp – Data Management System (RSVp-DMS)
After babies are born they may move between different hospitals and health care providers to receive care.
A prophylactic (preventative) medicine called Synagis (Palivizumab) was developed to help keep high risk babies from getting very sick from RSV. Synagis is given every 4 weeks during the RSV season (November to April). It is given as an injection in the baby’s leg. It is very important that this medicine is given around the same day each month.
The Respiratory Syncytial Virus prophylaxis – Data Management System (RSVp-DMS) is a data management system that helps keep track of babies who need medicine for RSV. The RSVp-DMS supports the timely and safe administration of all required Synagis doses, across the continuum of care.
The RSVp-DMS is used by over 60 health care sites across Ontario.
When a baby is at risk of severe RSV infection, information about the baby and their injection schedule can be entered into the RSVp-DMS and made available electronically to the authorized health care providers involved in the baby’s medical care. This helps health care providers keep track of the doses the baby has gotten and still needs; making sure the baby gets all of the injections required to decrease the risk of severe RSV illness and hospitalization.
Sinai Health hosts and administers the RSVp-DMS and is the Health Information Network Provider (HINP) under the Ontario Personal Health Information Protection Act for the RSVp-DMS. Sinai Health also uses the RSVp-DMS, for babies who are born or seen at our hospital.
Privacy and Security
As HINP, Sinai Health has implemented safeguards to protect against unauthorized use and disclosure, and to protect the integrity of the information contained in the RSVp-DMS. This includes:
- Secure Hosting – The RSVp-DMS is hosted in a secure environment with effective administrative, physical, technical and information security safeguards that comply with industry best practices. The RSVp-DMS is continuously monitored for security threats.
- Privacy Roles and Responsibilities – Written agreements, policies and procedures have been put into place to define the roles and responsibilities of Sinai Health, participating healthcare sites and their respective agents, to protect the personal health information (PHI) contained in the RSVp-DMS.
- Access Controls – Access controls are in place to prevent unauthorized or inappropriate access to PHI, ensure protection of the RSVp-DMS and Sinai Health systems, prevent unauthorized computer access, detect unauthorized or inappropriate activities and ensure the integrity and reliability of information systems.Access to the RSVp-DMS is granted only to authorized persons at Sinai Health and at the participating healthcare sites (which are all Health Information Custodians (HICs)), based on roles and responsibilities at the organization and only to the extent they require to fulfill the requirements of their job.
- Authentication – All users are authenticated through a strong authentication mechanism including 2 factor authentication prior to accessing the RSVp-DMS. Strict password policy parameters are required and enforced.
- Data Security – Data is encrypted using bank grade encryption during transmission. Data that is no longer required for the purposes of the RSVp-DMS is securely destroyed. Privacy and security assessments of services provided identify improvements and mitigate risks.
- Audits and Monitoring – Audits and monitoring help ensure the privacy, confidentiality and security of the PHI kept in the RSVp-DMS. Sinai Health as a HINP has responsibility to ensure that PHI it has under custody and control is not inappropriately accessed.
- Privacy – Sinai Health and participating health care sites and users have implemented and follow privacy practices that comply with the Personal Health Information Protection Act and its regulations, in relation to the collection, use, disclosure, modification, retention and destruction of PHI, access and correction requests and privacy incident management.
For questions about RSV, its treatment and the role of the RSVp-DMS, you can speak to your baby’s health care professional(s).
For questions or concerns about how your baby’s information is collected, used and disclosed in the RSVp-DMS, to request RSVp-DMS policies and guidelines, or to withdraw or restrict consent, please contact Sinai Health’s Corporate Privacy Office:
- Phone: 416-586-4800 ext. 2101
Email: [email protected]