Patient Privacy
Privacy is a top priority at Sinai Health
We have stringent practices and processes in place to ensure privacy protection for all of our patients and to comply with legislation.
Sinai Health collects personal health information of its patients under the authority of the Personal Health Information Protection Act, 2004 (PHIPA).
As a patient, you have the right to:
- Have your personal health information kept confidential, with limited exceptions
- Access your personal health information
- Request a correction of incomplete or inaccurate information contained in your health record
Through a robust privacy protection framework, we educate Sinai Health’s community of caregivers about ways to protect patient privacy and ensure compliance with Ontario’s privacy legislation.
This includes staff training, confidentiality agreements, policies that outline Hospital privacy expectations, regular audits of access to patient records and security controls that apply to both paper and electronic medical records.
Privacy Office
Phone: 416-586-4800 ext. 2101
Email: [email protected]
To address any privacy questions or concerns that you may have, please contact our Privacy Office.
Use email for general inquiries only. Please do not send personal health information via email, since it is not a secure method of transfer.
Protecting your privacy
Your personal health information belongs to you and as a custodian of the information, we hold it in trust for you.
Collection of personal health information
We collect your personal health information under the authority of the Personal Health Information Protection Act, 2004 (PHIPA). The personal health information that we collect from patients may include contact information, medical history, medical test results and details of the care you received during prior visits to Sinai Health or to other hospitals. We may also collect personal health information about you from other sources unless you have advised us not to.
Use and disclosure of personal health information
Personal health information is used first and foremost to provide you with clinical care. We also use and disclose your personal health information to:
- Obtain payment for treatment and care (from OHIP, WSIB, your private insurer or others)
- Undertake clinical research studies
- Conduct quality improvement activities (such as sending a patient satisfaction survey)
- Conduct risk management activities
- Teach
- Fundraise through the Hospital Foundation, to improve our health-care services and programs (only your name and address are given, unless you instruct us that you prefer that your information not to be shared)
- Plan, administer and manage Sinai Health and its programs
- Compile statistics
- Fulfil other purposes as required by law
The Canadian Standards Association has developed ten Privacy Principles that underpin both Canadian and Ontario privacy legislation. These form the basis of our Privacy Policy and how Sinai Health collects, uses, discloses and safeguards the personal information (including personal health information) we hold about you.
1. Accountability: We are a health information custodian under PHIPA and are responsible for the collection, use and disclosure of personal health information in our custody or control. Our privacy contact person is accountable for compliance with our Privacy Policy, and can be reached at [email protected] or 416-586-4800 ext. 2101.
2. Identifying purposes for collecting personal information: We will identify the purposes for which personal information is collected at or before the time the information is collected.
3. Consent for collection, use, and disclosure of personal information: Your knowledge and consent (or that of a person authorized to consent on your behalf) is required for the collection, use or disclosure of personal health information, except where otherwise permitted or required by law.
4. Limiting collection of personal information: We will limit the collection of personal information to that which is necessary for the authorized purposes identified. Information will be collected by fair and lawful means.
5. Limiting use, disclosure, and retention of personal information: Personal information will not be used or disclosed for purposes other than those for which it was collected. Personal information will be retained only as long as necessary to fulfil those purposes.
6. Accuracy of personal information: Personal information will be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
7. Ensuring safeguards for personal information: Personal information will be protected by security safeguards appropriate to the nature and format of the information being stored.
8. Openness about privacy policy: We will provide you with specific information about our policies and practices relating to how we manage your personal information.
9. Individual access to personal information: Upon written request by you or your substitute decision-maker, we will inform you of the existence, use and disclosure of your personal information and will give you access to that information, with limited exceptions. You may challenge the accuracy and completeness of the information and may request to have it amended.
10. Challenging compliance with the privacy policy: You may address a challenge or complaint concerning compliance with the above principles to the Privacy Office at [email protected] or to the provincial Information Privacy Commissioner www.ipc.on.ca.
Should you wish to restrict access to your personal health information, please discuss your options with the admitting clerk, your care provider or contact the Privacy Office at 416-586-4800 ext. 2101.
Some ways to restrict access to your information include:
Phone inquiries: Upon admission to the Hospital, your name, location in the Hospital and general health status will be given to anyone who telephones asking about you, or who comes to the Information Desk. If you wish to be removed from the directory, tell the admitting clerk at the time of admission or contact the Privacy Office at 416-586-4800 ext. 2101.
Fundraising: Please let the admitting clerk or our Privacy Office know if you do not wish to be contacted by the Foundation to be asked to support the Hospital. Otherwise we are permitted by law to share your name and address to the Foundation 60 days after you are discharged.
Religion: Your name and location in the Hospital is given to a hospital chaplain who may visit with you. If you would prefer not be visited by a chaplain you can choose to not provide us with your religion during the admitting process.
Consent: We collect, use and disclose your personal health information for the purpose of your continued care or as required by law. We require your consent for other purposes such as sending your information to your lawyer.
If you believe that the personal health information we have recorded about you is inaccurate or incomplete, please raise this with your care provider or send this Correction Request Form to our Privacy Office.
Where can I get more information about my rights with respect to my personal health information?
Contact our Privacy Office:
Phone: 416-586-4800 ext. 2101
Email: [email protected]
Please do not include personal health information in any emails, since email is not a secure method of transfer.
Contact the Information and Privacy Commissioner of Ontario (IPC):
Website: Information and Privacy Commissioner of Ontario
Phone: 416-326-3333 (Toronto area) or 1-800-387-0073 (toll-free in Ontario)
The IPC has extensive information about the protection of health information as it pertains to the legislation.
What are examples of how Sinai Health protects my information?
- Teaching our employees, professional staff, researchers, volunteers and students about confidentiality. They must sign a confidentiality agreement as a condition of their relationship with the Hospital;
- Requiring all staff to wear photo identification at all times while on hospital property to protect against unauthorized individuals accessing information;
- Requiring all staff with access to electronic health information systems to be issued their own user ID and password to access the system, which is subject to timeouts. Staff are not to share their IDs nor leave their systems unattended;
- Applying additional security measures to all electronic health records – for example, firewalls; anti-virus protection; encryption of mobile devices;
- Locking doors and filing cabinets;
- Employing security personnel; and
- Conducting regular, randomized audits on health records.
Does Sinai Health sell patient information?
No. Sinai Health does not sell patient information to anyone.
Is my personal health information shared with any external electronic systems?
Sinai Health may disclose your PHI to electronic systems that are shared (accessible) by multiple health-care organizations across Ontario. These systems can be accessed by care providers outside of Sinai Health who are involved in your “circle of care”, only if the information is needed to provide you with care or assess whether it is appropriate to provide you with care (for example, to refer or transfer you).
Sinai Health also contributes to other prescribed registries and entities that support quality patient care, as permitted or required by law.
Some of the systems we contribute to include:
- ConnectingOntario (cON)
- Ontario Laboratory Information System (OLIS)
- Ontario Clinical Imaging Network (OCINet)
- the electronic Child Health Network (eCHN)
- BORN Ontario
- CorHealth Ontario
- CytoBase
- Institute for Clinical Evaluation Services (ICES)
- Canadian Institute for Health Information (CIHI)
When may I be required to provide consent? What happens if I am unable to provide consent?
Examples include consent for researchers to store and use your personal health information for clinical studies, or consent to disclose your personal health information to your private insurance company to facilitate payment of your bill.
If you are unable to provide consent directly to the Hospital regarding your personal health information, your substitute decision-maker (such as your spouse, parent, adult child or guardian) or someone you have designated under a power of attorney for personal care or property will have the authority to make decisions for you. This person is bound by law to act on your behalf and to make decisions based on their interpretation of your prior capable wish, if known, or otherwise based on your values and beliefs.
How do I appoint a friend as my attorney for personal care so that this person can access my personal health information and make related decisions?
The Office of the Public Guardian and Trustee (OPGT) provides helpful information kits about writing a Power of Attorney for Personal Care (as well as a Power of Attorney for Property). Visit the OPGT online here, or you can call them directly in Toronto at 416-314-2800 or toll-free at: 1-800-366-0335.
If you are capable to make decisions about your own information, you can simply give consent to share your personal health information with someone else; you can also delegate any decisions to that person. If you have been found incapable of making these information decisions, your substitute decision-maker under PHIPA (or for treatment under the Health Care Consent Act) will make them according to an established ranking. While you do not technically need a power of attorney, many people choose to sign one in order to set out their specific health care and information wishes, or to choose a different substitute decision-maker.
How can my family and friends find out where I am in the Hospital?
Patient inquires for Mount Sinai can be made to the switchboard at 416-596-4200 and for Hennick Bridgepoint at 416-461-8252. An operator will confirm that you are in hospital and provide your location to the visitor or caller. If you do not want this information released, please tell the admitting clerk who registers you, a member of the health-care team or contact the Privacy Office at 416-586-4800 ext. 2101.
Will my family and friends be able to call and get information about me over the phone?
When someone calls the Hospital, staff has no way to verify who is calling and their relationship to you. Normally, in order to protect patient privacy, only minimal information is given out over the phone, unless as mentioned above, you have advised us that you do not want any information released.
We ask patients to appoint one family or friend representative with whom to share information about you over the telephone. All other persons telephoning will be directed to you and/or the representative.
Personalized and/or password protected internet web pages offer a safe and efficient way to share information about a patient with family and friends. There is no fee for this service.
Will my family see my personal health information?
Although you have the right to access your health record, this right does not automatically extend to family members and/or friends. If you consent to have a friend or family member see your record, he/she will be able to access all or part of the record you have consented to share with them. If you become incapable to consent to treatment, or to give consent to collect, use or disclose your personal health information, your substitute decision-maker will have access to any personal health information required in order to assist him or her to make decisions on your behalf.
Will you contact me after I am discharged as a patient?
The law allows us to contact you for purposes of fundraising through Sinai Health Foundation or patient satisfaction surveys, subject to certain rules. If you do not wish to be contacted for these purposes, please contact the Privacy Office at 416-586-4800 ext. 2101 to ask to have your name removed from these lists.
How do I report a privacy concern?
Privacy concerns and questions can be raised directly with the Privacy Office at 416-586-4800 ext. 2101. Concerns will be investigated and if a privacy breach has occurred, we will follow up with staff and will also keep you informed.
If you are dissatisfied with the response you receive from Sinai Health, you have the further right to raise your concerns with the Information and Privacy Commissioner of Ontario (IPC), toll-free at 1-800-387-0073.
Can I take photos or audio/visual recordings during my visit?
We recognize that patients and visitors may want to capture their hospital experience for a variety of reasons. In many cases, recordings can benefit patients by helping them understand and remember the information they are being provided by their care team. However, it is not permitted to photograph, video/audio record, or livestream anyone without their explicit consent or in a manner that interferes with care. Consent must be obtained from all members of your care team who may be included in any images or footage before you proceed with any photography or audio/video recording.
All patients and visitors are also expected to comply with any signage prohibiting the use of phones and other recording devices while on hospital premises.
You may be asked to stop taking a photo, video, or audio recording and delete any recordings taken if your actions interfere with care or services being provided. Please note that failure to comply with these guidelines may result in escalation to hospital security.
These rules are in place to support people’s privacy, the patient/provider therapeutic relationship, and a respectful environment. We appreciate your anticipated cooperation.
Health Information Network Provider
Sinai Health is a Health Information Network Provider (HINP) when we provide services to two or more Health Information Custodians (HICs) for the primary purpose of enabling the custodians to use electronic means to disclose personal health information to one another. Below is some information on the systems for which we are the HINP.
RSVp – Data Management System (RSVp-DMS)
After babies are born they may move between different hospitals and health-care providers to receive care.
A prophylactic (preventative) medicine called Synagis (Palivizumab) was developed to help keep high risk babies from getting very sick from RSV. Synagis is given every four weeks during the RSV season (November to April). It is given as an injection in the baby’s leg. It is very important that this medicine is given around the same day each month.
The Respiratory Syncytial Virus prophylaxis – Data Management System (RSVp-DMS) is a data management system that helps keep track of babies who need medicine for RSV. The RSVp-DMS supports the timely and safe administration of all required Synagis doses, across the continuum of care.
The RSVp-DMS is used by over 60 health-care sites across Ontario.
When a baby is at risk of severe RSV infection, information about the baby and their injection schedule can be entered into the RSVp-DMS and made available electronically to the authorized health-care providers involved in the baby’s medical care. This helps health-care providers keep track of the doses the baby has gotten and still needs; making sure the baby gets all of the injections required to decrease the risk of severe RSV illness and hospitalization.
Sinai Health hosts and administers the RSVp-DMS and is the Health Information Network Provider (HINP) under the Ontario Personal Health Information Protection Act for the RSVp-DMS. Sinai Health also uses the RSVp-DMS, for babies who are born or seen at our Hospital.
As HINP, Sinai Health has implemented safeguards to protect against unauthorized use and disclosure, and to protect the integrity of the information contained in the RSVp-DMS.
This includes:
Secure hosting: The RSVp-DMS is hosted in a secure environment with effective administrative, physical, technical and information security safeguards that comply with industry best practices. The RSVp-DMS is continuously monitored for security threats.
Privacy roles and responsibilities: Written agreements, policies and procedures have been put into place to define the roles and responsibilities of Sinai Health, participating health-care sites and their respective agents, to protect the personal health information (PHI) contained in the RSVp-DMS.
Access controls: Access controls are in place to prevent unauthorized or inappropriate access to PHI, ensure protection of the RSVp-DMS and Sinai Health systems, prevent unauthorized computer access, detect unauthorized or inappropriate activities and ensure the integrity and reliability of information systems.
Access to the RSVp-DMS is granted only to authorized persons at Sinai Health and at the participating health-care sites (which are all Health Information Custodians (HICs)), based on roles and responsibilities at the organization and only to the extent they require to fulfill the requirements of their job.
Authentication: All users are authenticated through a strong authentication mechanism including two-factor authentication prior to accessing the RSVp-DMS. Strict password policy parameters are required and enforced.
Data security: Data is encrypted using bank grade encryption during transmission. Data that is no longer required for the purposes of the RSVp-DMS is securely destroyed. Privacy and security assessments of services provided identify improvements and mitigate risks.
Audits and monitoring: Audits and monitoring help ensure the privacy, confidentiality and security of the PHI kept in the RSVp-DMS. Sinai Health as a HINP has responsibility to ensure that PHI it has under custody and control is not inappropriately accessed.
Privacy: Sinai Health and participating health-care sites and users have implemented and follow privacy practices that comply with the Personal Health Information Protection Act and its regulations, in relation to the collection, use, disclosure, modification, retention and destruction of PHI, access and correction requests and privacy incident management.
Speak to your baby's health-care provider for questions about RSV, its treatment and the role of RSVp-DMS.
For questions or concerns about how your baby’s information is collected, used and disclosed in the RSVp-DMS, to request RSVp-DMS policies and guidelines or to withdraw or restrict consent, please contact Sinai Health’s Corporate Privacy Office:
Phone: 416-586-4800 ext. 2101
Email: [email protected]