Print
Collingwood General & Marine Hospital Logo

Privacy & Health Information

Blue infographic picture of paper document with a privacy and person icon

Collingwood General & Marine Hospital (CGMH) recognizes that the information of our patients deserves to be treated with respect and sensitivity. We are committed to protecting the privacy of information under our custody and control and in accordance with Ontario's privacy and health-privacy legislations; the Personal Health Information Protection Act (PHIPA) and the Freedom of Information and Protection of Privacy Act (FIPPA).

The Regional Privacy Office is responsible for ensuring a culture of privacy at CGMH and supports all staff, physicians, patients, and families in ensuring the safety and security of information.


Collecting, Using, and Disclosing Your Personal Health Information

When you receive care at CGMH, we collect personal health information (PHI) and personal information (PI) about you in order to provide you with healthcare or assist in the provision of healthcare.

Information that we collect may include your name, date of birth, address, health history, records of your visit and the care that you received.

We may collect this information directly from you or someone with the legal authority to consent for you. We will only collect as much information as is necessary to meet the purpose of the collection.

In accordance with PHIPA, we use this information to:

  • Treat and care for you
  • Maintain a record of your care
  • Obtain payment for your treatment (i.e. OHIP, WSIB)
  • Plan, administer and manage our internal operations
  • Conduct risk management and quality improvement activities (i.e. patient safety audits)
  • Improve the quality of hospital services (i.e. post care surveys)
  • Compile statistics
  • To support research and educational programs
  • For fundraising purposes (your name and address only)
  • To coordinate your care with your other health care providers including through shared electronic health information systems
  • Comply with legal and regulatory requirements
  • To fulfill other purposes as permitted or required by law.

CGMH may also disclose your information to the following:

  • External electronic health record systems including, but not limited to: Client Information Management System (CIMS), Integrated Services for Children's Information System (ISCIS), Integrated Assessment Record (IAR), and Electronic Children's Health Network (eCHN).
  • Ministry of Health and Ministry of Long Term Care e-health projects including, but not limited to: the Enterprise Master Patient Index (EMPI), Wait Time Information System (WTIS), Drug Profile Viewer, Ontario Renal Reporting System (ORRS), Ontario Laboratory Information System (OLIS) and Connecting Ontario.
  • Approved provincial agencies such as: Cancer Care Ontario, the Institute for Clinical Evaluative Sciences, the Canadian Institute for Health Information, Ontario Institute for Cancer Research, BORN, and Trillium Gift of Life.
  • Researchers if the research has been approved by our Research Ethics Board
  • The Medical Officer of Health to report communicable diseases
  • The Workplace Safety & Insurance Board
  • Law enforcement officers who present a warrant or subpoena, or to aid in an investigation
  • The Children's Aid Society
  • The Public Guardian and Trustee
  • The Coroner's Office


Your Information; Your Choice

Where your consent is required for any collection, use or disclosure of your personal health information, you may withdraw or withhold your consent for some of the ways we use or disclose your personal health information by contacting us (subject to exceptions such as where disclosures are required by law).

Unless you tell us differently, we may:

  • Advise visitors and callers that you are a patient at CGMH and which unit you are on.
  • Disclose your personal health information to external health care providers who need it to provide you with care or to help provide you with care.
  • Share your information with provincial electronic databases.
  • Give your name, your location within the hospital, and your religious affiliation to spiritual care representatives, but only if you tell us your religious affiliation.
  • Share your information for Quality Improvement such as patient satisfaction surveys (i.e. NRC Health).
  • Disclose your contact information (name and address only) to our Foundation so that they may conduct fundraising to improve our health care facilities, services, and programs.

Regional Privacy - Contact Us

For more information about privacy at CGMH, please contact the Regional Privacy Office.

Regional Privacy Office
201 Georgian Drive
Barrie, ON L4M 6M2

Email: regionalprivacy@rvh.on.ca
Tel: 705.792.3318 or 705.445-2550 extension 8705


Health Records

To request copies of your medical records, please contact the Health Records Department.

You can obtain a copy of your own hospital health record by submitting an authorization form to Release of Information along with a copy of your photo ID. Download and complete the Authorization Form for health record requests for yourself, family member, deceased, for a third-party or healthcare provider. All requests must be made by one of the below methods. Should you arrive at the hospital to request access to your health information, please visit Central Registration who will coordinate the process by calling the Health Records Department.

Contact Us

Patient Request: (705) 445-2550 ext. 8255
FAX: (705) 445-1039
Email requests to: ROI@cgmh.on.ca
Hours of Operation
Monday - Friday 8 a.m. -  4 p.m.
Tel: 705.445.2550 ext. 8255
Fax: 705.445.1039

You have the right to make a complaint to the Information and Privacy Commissioner of Ontario if you think we have violated your privacy rights. The Commissioner can be reached as follows:

Information and Privacy Commissioner / Ontario
2 Bloor St. East, Suite 1400
Toronto, ON M4W 1A8
Tel: 416-326-3333 or toll-free at 1-800-387-0073
Email: commissioner@ipc.on.ca
Website: www.ipc.on.ca

Privacy Principles 

CGMH has adopted the 10 Privacy Principles established by the Canadian Standards Association's Model Code for the protection of Personal Health Information (PHI) and Personal Information (PI). The principles are:

Accountability 

CGMH is responsible for the PHI and PI in its custody or under its control and has designated a Chief Privacy Officer (CPO) who is accountable for the organization's compliance with the privacy principles and the provincial legislations.

Identifying Purpose 

CGMH identifies and makes public the purposes, for which PHI and PI is collected, used, and disclosed at or before the time the information is collected. 

Information notices are posted across the hospital which identify reasons why we collect, use and disclose PHI and PI.

Consent For Collection, Use, and Disclosure 

We obtain an individual's consent for the collection, use, and disclosure of their PHI and PI, except where otherwise required or permitted by law.

Depending on the circumstances and the type of PHI and PI collected, CGMH may rely on implied or express consent.

If you do not wish your information to be used or shared, you have the right to refuse to provide all or part of the information to us at the time we request the information or any time afterward.

We may not be able to fulfill your wishes if they impact our ability to deliver quality health care to you or if we are legislated to use or disclose the information to which you object. In these cases, we will discuss the impact of your objection with you.

Click here to learn more about withdrawing your consent.

Limiting Collection

CGMH limits the amount and type of PHI and PI collected to that which is necessary for the purposes identified. Information will be collected through fair and lawful means.

Limiting Use, Disclosure, and Retention 

PHI and PI shall not be used or disclosed for purposes other than for which it was collected, except with the consent of the individual, as required by law or as recognized in the Act. PHI and PI shall be retained only as long as necessary for the fulfillment of those purposes.

Accuracy 

CGMH will take reasonable steps to ensure that PHI and PI is accurate, complete and up-to-date as is necessary for the purpose for which it is collected and used. You can help us with this when you register for services by having the full name and current contact information for your family physician. If you have registered with us previously, we will ask to confirm your registration information to ensure it is still current and correct.

Safeguards 

CGMH takes reasonable steps to ensure your PHI and PI is protected. Some of the specific steps we take to protect your privacy while delivering safe, high-quality care are:

Administrative Safeguards: i.e., privacy pledge, education and training, auditing schedules, privacy policies and procedures
Physical Safeguards:
i.e., locked doors, locked file cabinets, confidential shred bins, staff ID badges
Technical Safeguards:
i.e., unique usernames and passwords, encryptions, firewalls, restricted access to information

Openness 

CGMH makes available to individuals specific information about its policies and practices relating to the management of PHI and PI and privacy practices.

Click here to read our privacy policy.

Individual Access 

Upon request, an individual will be informed of the existence, use and disclosure of their PHI and PI. CGMH will provide the individual with access to, and the ability to correct, their PHI and PI in a manner consistent with applicable legislations.

Individuals are able to challenge the accuracy and completeness of the information and may request to have it amended.

Click here to learn more about requesting access to your medical records. Click here to learn more about requesting access to your personal information.

Challenging Compliance 

An individual can address a challenge concerning compliance with the above principles, to the CGMH Chief Privacy Officer. For more information about our privacy practices or to raise a concern you may have about these practices, please contact:

Regional Privacy Office
201 Georgian Drive
Barrie, ON L4M 6M2
Email: regionalprivacy@rvh.on.ca
Tel: 705.792.3318 or 705.445-2550 extension 8705
Fax: 705.797.3110

You may also make a complaint to the Information and Privacy Commissioner of Ontario if you believe we have violated your privacy rights. The Commissioner can be reached at:

Information and Privacy Commissioner/Ontario
2 Bloor Street East, Suite 1400
Toronto, ON M4W 1A8
Tel: 416-326-3333 or toll free at 1-800-387-0073
Fax: 416-325-9195
Email: commissioner@ipc.on.ca
Website: www.ipc.on.c

Privacy FAQs


What is privacy?

The individual right to retain control over the collection, use and disclosure of their personal health information.

What is the Personal Health Information Protection Act?

The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario's health-specific privacy legislation. PHIPA will govern the manner in which personal health information may be collected, used and disclosed within the health care system. It will also regulate individuals and organizations that receive personal health information from health care professionals.

What is personal health information?

Personal health information is "identifying information" collected about an individual. It is information about an individual's health or health care history in relation to:

  •  The providing of health care to the individual, including the identification of a person as a provider of health care to the individual;
  • A plan of service within the meaning of the Long-Term Care Act, 1994 for the individual;
  • Payments or eligibility for health care in respect of the individual;
  • The donation by the individual of any body part or bodily substance of the individual or is derived from the testing or examination of any such body part or bodily substance;
  • Individual's health number, or
  • An individual's substitute decision-maker.


What is not personal health information?

Any data that has been collected in which all personal identifiers have been removed (making determination of identity impossible) is not considered personal health information, nor is the name, title, business address, or business telephone number of an employee of an organization.

Who does CGMH use my information for?

CGMH uses your information for the delivery of direct patient care, administration of the health care system, research, teaching, statistics, fundraising, and to meet legal and regulatory requirements.


Examples of potential uses include:

  • To identify your record quickly and accurately each time you visit the hospital.
  • To provide the most appropriate treatment. Your visit to the hospital may include a number of assessments and treatments. All of this information is recorded in your chart and made available to those involved in your care. CGMH keeps a history of your health information for your future care.
  • To comply with legal and regulatory requirements. For example, we collect your health information because it is required to fund health care services.
  • To improve the quality and efficiency with which we provide health care services.
  • To support CGMH research programs. Researchers working on approved studies can have access to health information, provided that consent and privacy issues have been addressed.
  • To support CGMH educational activities. Health information is available for teaching purposes with measures taken to protect privacy and confidentiality.
  • To share your contact information with the CGMH Foundation. Our Foundation works to support excellence in healthcare by raising funds for medical research, medical education, and the improvement of patient care

Who does CGMH give my information to?

CGMH is required to disclose patient information to several other organizations. This includes the Ministry of Health, The Canadian Institute for Health Information, Public Health and Cancer Care Ontario. Information may also be disclosed to other physicians directly involved in your care. CGMH places appropriate safeguards on the transmission of all information disclosed to other organizations and seeks to ensure that health information protection measures are in place and in accordance with the Ontario Personal Health Information Protection Act (PHIPA).

Does CGMH ever sell patient information?

CGMH does not sell patient information.

Will CGMH disclose my health information to any outside company or my employer?

CGMH requires patient consent, or a court order to disclose health information to any organization or person not directly involved with the provision of patient care. CGMH will ensure that proper controls are in place to only disclose what is required.

Can I access my health information?

You have a right to access your personal health information, and CGMH has an obligation to make it available to you, with limited exceptions. Exceptions are made if releasing your information would put yourself or a third party at risk, in which CGMH may choose not to disclose some or all of that information.

Where do I go to access my health information?

When you are a patient at CGMH, you should ask your healthcare provider for information that you want to know. If your request is voluminous or substantial, or not covered by the information available to the attending healthcare provider, you will need to contact Release of Information in the Health Records Department to obtain or view your CGMH patient record.

Release of Information will ask you complete a Request Access Form, present the proper identification and prepay an access fee in order for you to access your chart. Please review the section above titled: Health Records. 

Can my family see my health information?

Although you have the right to access your records, this right does not automatically extend to family members and/or friends. If you consent to let a friend or family member see your records, then the friend/family member may access the part(s) that you have consented to let them see. Your consent will be documented in your record by your healthcare providers.

What about Children's Privacy and Decision-Making Rights?

There is no age of consent for treatment or privacy. Children who make their own treatment decisions may also make their own decisions about the privacy of their information.

Parents can receive information about their capable children if the child has given their permission. If the children are not capable, parents, as Substitute Decision-Maker may have access to the children's information.


What if I am unable to provide consent for the use, access, and disclosure of my information?

If you are unable to give consent due to reasons of competency or consciousness, the consent decision falls to the appointed substitute decision-maker such as a parent or guardian, partner, or other relative. This person is bound by law to act on your behalf and must make decisions based on their belief of what you would wish done if you were able to decide.


Can all CGMH staff access my patient record?

Only CGMH staff involved in your care may access your patient record. All CGMH staff are bound by a strict confidentiality agreement, which is signed as a condition of employment. This agreement seeks to ensure staff only access information on a need to know basis.


Can my family physician access my CGMH health record?

If required, CGMH will release information to your family physician to support your care.

Is my health information available on the internet?

No, health information is not publicly available on the Internet. CGMH may use the Internet to transfer unidentifiable health information securely through the e-mail system. These systems are secured by a combination of authentication and encryption.


Does CGMH use video surveillance?

Yes, CGMH does use closed-circuit video surveillance (CCTV) for safety and security reasons. Signage is posted across the organization indicating where video surveillance is in place.

Requests for access to video surveillance can be directed to the Regional Privacy Office.

Can I record audio/video or take photographs at CGMH?

All visitors to CGMH are reminded of the importance of respecting privacy. To protect the privacy of those around you, please ask for permission from CGMH (care team or Communications) before taking pictures or making an audio/visual recording. Recording other patients without their consent is against the law. Recording other people’s conversations is also against the law.

Individuals reserve the right to refuse consent for videotaping, audiotaping, or photography. Any recording against the explicit refusal of consent will be considered a form of harassment. If at any point in time a recording is obstructive, disruptive, targeted or harassing towards a particular individual, Security will be contacted.

It is important to respect the privacy, confidentiality and security of other patients, visitors, physicians, staff, students, and volunteers. Thank you for helping us protect individuals’ privacy.

How is my personal health information protected?

There are three components to protecting patient information at CGMH:

Administrative Safeguards: The CGMH Privacy Policies govern the manner in which all CGMH care providers and other employees manage patient information. Furthermore, all CGMH employees must sign a confidentiality agreement as a condition of employment.
Physical Safeguards:
CGMH has a number of physical safeguards which range from locked doors to staff wearing photo identification to identify themselves as CGMH employees.
Technical Safeguards:
CGMH's technical department upgrades the security capabilities of the patient information system on an ongoing basis. We have implemented role-based access controls to ensure staff only may access information on a need-to-know basis. The CGMH patient information system also uses passwords to protect the system from inappropriate accesses from within and a firewall to protect our system from users on the Internet.

When I call the hospital to see how my family member was doing, the CGMH staff would not describe what the problem with my family member was or their condition. Why is that?


When you call CGMH, staff have no way to verify that you are who you say you are. Therefore, in order to protect patient privacy, only a minimal amount of information is given out over the phone.

Where is my CGMH patient record stored, and for how long?

In general, patient records are kept for 10 years past the date of last admission. For the purpose of research, some medical records are kept for longer. A core record of your care at CGMH is maintained in the Health Records Department. Many departments within CGMH, including Imaging Services, Mental Health Support Services, and some of the clinics you may visit also maintain an additional record of your personal health information.

What is a breach of privacy?

Breach of privacy, confidentiality, or security refers to the unauthorized access, collection, use, or disclosure of any personal health information or personal health information.


What is a "Lockbox"?

A "Lockbox" is commonly used to refer to a patient's ability to withdraw or withhold consent for the use or disclosure of their Personal Health Information (PHI) for health care purposes.

The Hospital recognizes that the withdrawing or withholding of consent can take on various forms including:

  • Not to collect, use, or disclosure a particular item of information contained in the patient's medical record (i.e. a particular diagnosis)
  • Not to collect, use or disclose the contents of the patient's entire medical record
  • Not to disclose the patient's PHI to a particular Health Information Custodian (HIC) or Agent(s) (i.e. physicians, nurses, or social workers)
  • Not to enable a particular HIC or Agent(s) to use the patient's PHI

How does the lockbox work?

The Hospital has the ability to electronically lock your Personal Health Information in the Electronic Medical Record (EMR); MEDITECH Expanse System and other internal electronic systems as applicable.

The Hospital can also apply a lockbox to paper records by securing the records in the Health Records Department.

There are risks with locking your information, as well as exceptions. Click here to learn more about locking your records.


What if some of the information in my health record is incorrect?

An individual who believes that their information is incomplete or inaccurate may make a request to correct their record. It is the responsibility of the custodian to ensure that information is complete and accurate.


How does an individual correct error or omissions to their records?

An individual seeking to correct their information can submit a written request to the Regional Privacy Office. The Hospital must respond within 30 days of receiving a correction request. Click here to complete the request for corrections form.

Can the hospital refuse to correct an individual's personal health information?

The Hospital is obligated to correct information where an individual demonstrates, to the satisfaction of the hospital, that the record is in fact inaccurate or incomplete and the individual gives the Hospital the necessary information to correct the record.

However, the Hospital may refuse to correct personal health information that is a professional opinion or an observation of the health care provider.


How does an individual initiate a complaint?

An individual who feels their privacy rights under PHIPA have been violated has the right to submit a written complaint to the Regional Privacy Office. All privacy complaints will be treated in a confidential manner.

An individual may also submit a written complaint to the Information Privacy Commissioner of Ontario.

Information and Privacy Commissioner / Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario
Canada M4W 1A8

1-416-326-3333 or toll-free 1-800-387-0073
http://www.ipc.on.ca


Where can I find out more about information privacy rights and protection at CGMH?

You can find out more information by contacting the Regional Privacy Office at:

Regional Privacy Office
201 Georgian Drive
Barrie, ON L4M 6M2

Email: regionalprivacy@rvh.on.ca
Tel: 705.792.3318 or 705.445-2550 extension 8705
Fax: 705.797.3110

Freedom of Information and Protection of Privacy (FIPPA)

The Freedom of Information and Protection of Privacy Act (FIPPA) is a provincial legislation that applies to most public institutions in Ontario, including hospitals. The Act has two main purposes:

  • To make public bodies more open and accountable by providing the public with the right of access to records; and
  • To protect personal information from unauthorized collection, use or disclosure by public bodies.

CGMH is committed to conducting its business in a manner that promotes transparency and accountability. It is the practice of CGMH, in keeping with the spirit of FIPPA, to make its operational records publicly available wherever possible.

Making a Request

A formal request for records can be made under the Freedom of Information and Protection of Privacy Act. This request must be made in writing and must include a $5 application fee. Download and complete the FIPPA Request Form.


Steps for Making a FIPPA Request

  1. Check the Directory of Records or Directory of Personal Information Banks to make sure CGMH maintains the information you require.
  2.  Download and complete the FIPPA Request Form 2020. You must clearly identify the records you are seeking. Please ensure that you provide enough detail to enable CGMH to identify the records. The more specific your request, the more efficiently and accurately it can be answered. Be sure to include your contact information.
  3. Prepare a cheque or money order for $5 payable to "Collingwood General & Marine Hospital" and attach it to your request.
  4. Submit your request, together with the non-refundable $5 application fee, to:

Regional Privacy Office
201 Georgian Drive
Barrie ON L4M 6M2

Receiving a Response

CGMH will contact you to acknowledge receipt of your records request. CGMH will make every reasonable effort to respond to a request no later than 30 calendar days after receiving it. There are some specific exceptions that warrant an extended period of time for CGMH to respond.

Require Assistance?

Contact the Regional Privacy Office by telephone at 705-728-9090 extension 42537 or email Steps for Making a FIPPA Request.

1. Check the Directory of Records or Directory of Personal Information Banks to make sure CGMH maintains the information you require.
2. Download and complete the FIPPA Request Form 2020
You must clearly identify the records you are seeking. Please ensure that you provide enough detail to enable CGMH to identify the records. The more specific your request, the more efficiently and accurately it can be answered. Be sure to include your contact information.
3. Prepare a cheque or money order for $5 payable to "Collingwood General & Marine Hospital" and attach it to your request.
4. Submit your request, together with the non-refundable $5 application fee, to:

Regional Privacy Office
201 Georgian Drive
Barrie ON L4M 6M2


Receiving a Response

CGMH will contact you to acknowledge receipt of your records request. CGMH will make every reasonable effort to respond to a request no later than 30 calendar days after receiving it. There are some specific exceptions that warrant an extended period of time for CGMH to respond.

Require Assistance?

Contact the Regional Privacy Office by telephone at 705-728-9090 extension 42537 or email regionalprivacy@rvh.on.ca.

Procedure Appealing

Under Freedom of Information and Protection of Privacy Act, you may appeal any decision regarding access to the Ontario Information and Privacy Commissioner within 30 days from the date of receipt of the letter denying your request.

Appeals are to be submitted in writing to the Information and Privacy Commissioner / Ontario.

Ontario Information and Privacy Commissioner
2 Bloor St. E, Suite 1400
Toronto, ON M4W 1A8
Tel. 416-326-3333 or Toll-Free. 1-800-387-0073
Fax 416-325-9195 or 515-832-9400
www.ipc.on.ca

Return to top