As the health information custodian under the Personal Health Information Protection Act, 2004 (PHIPA), Head Injury Rehabilitation Ontario (HIRO) is committed to promoting privacy and protecting the confidentiality of the client Personal Health Information (PHI).
HIRO takes steps to protect client PHI from theft, loss and unauthorized access, copying, modification, use, disclosure and disposal. Regular audits are performed to monitor and manage privacy compliance.
Client records include information relevant to client’s health, including date of birth, contact information, health history, family health history, record of care and support received, assessment and test result, and information from other health care providers. HIRO collects, uses and discloses PHI with the purpose to treat and care for clients; deliver programs; communicate or consult about client health care with other health care providers when providing services, which could include for example, lab results, hospital discharge summaries, medication administration, diabetic support and blood sugar monitoring, information about allergies, etc., including from electronic medical information systems; plan, administer and manage internal operations; conduct risk assessments, error management and quality improvement activities; educate employees and students; conduct best practices research (subject to certain rules); compile statistics for accurate reporting to funders; comply with legal and regulatory requirements, fulfil other purposes permitted or required by law.
For most health care purposes, client consent to use their PHI is implied, as a result of client’s consent to treatment, unless client requests otherwise. The agency uses the implied consent model and may collect, use and share PHI in order to communicate or consult with other health care providers about client’s care, again unless client requests otherwise. There are other circumstances, where HIRO is not allowed to assume as having client consent to share PHI. This includes but not limited to giving PHI to individuals or organizations who do not provide client with health care, using PHI for fundraising or marketing, communicating with family members or friends more detailed information about the client.
If asked for consent, client may choose not to give one. If consent is given, client may withdraw consent at any time, but the withdrawal cannot be retrospective. The withdrawal may also be subject to legal or contractual restrictions and reasonable notice. However, there are some cases where HIRO may collect, use or disclose PHI without client consent as permitted or required by law. This may include but not limited to risk management, quality improvement purposes, to fulfill mandatory reporting obligations, or emergencies.
Client may access and/or request that corrections be made to records of PHI or withdraw consent for some of the above uses and disclosures (subject to certain legal obligations) by contacting agency’s Privacy Contact.
For more information about your privacy rights, or about agency’s privacy policies and practices or to raise a privacy concern you can reach agency’s Privacy Contact:
225 King William St., Suite 508
Hamilton, ON, L8R 1B1
Phone 905-523-8852 ext. 141
For more information about your privacy rights, or if you are unable to resolve a problem directly with our Privacy Contact:
Information and Privacy Commissioner of Ontario
2 Bloor St. East, Suite 1400, Toronto, ON, M4W 1A8
Phone: 416-326-3333 or toll-tree 1-800-387-0073