Practices to Protect your Personal Health Information

 Brock University’s health care services treat your Personal Health Information (PHI) with respect and in accordance with the Ontario Personal Health Information Protection Act (PHIPA) and all other applicable laws.

Your PHI is confidential and kept securely and in accordance with PHIPA. PHIPA establishes certain privacy rights and imposes specific obligations on health-care services in protecting PHI.

This statement outlines Brock’s information practices with respect to your PHI.



Personal Health Information (PHI) is information in any form that identifies you and that relates to your health and health care including, physical or mental health, including family health history, care provided, health care programs and services, health care providers, health card number and the name of your substitute decision-maker.



Brock University has three health care providers who act as Health Information Custodians within the context of Personal Health Information Protection Act (PHIPA):

Note: To provide efficient and timely services, Personal Counselling Services offers a blended model of services by both Brock University employees and third-party counsellors. When you receive counselling from the University’s third-party counselling service, those third parties act as the Health Information Custodian. If you have any questions about the information practices of the third party, request the Custodian’s  Contact Person to put you in touch with the third party.

In accordance with PHIPA, each Health Information Custodian is responsible to ensure that your personal health information is collected, used, stored and shared in a manner that protects your confidentiality and privacy, while facilitating the effective provision of health care.

To learn more about Brock University’s information practices, please contact our Privacy Contact Person.



 When we collect your Personal Health Information (PHI)

 We only collect your Personal Health Information (PHI) with your consent, or as permitted or required by law and only to the extent as is reasonably necessary or required by law.

Your PHI may be collected through an in-person meeting with a University health care service staff, over the phone, or through paper or electronic documents.  The kind of personal health information collected may include:

  • name, address, date of birth, Ontario health card number
  • facts about health, health care and history related to exposures to disease
  • information about payment for health care, when required

Your information is collected for the purpose of providing health care services to you.



How we Use your Personal Health Information (PHI)

Student Health Services, Personal Counselling Services, and Athletic Therapy, may use your PHI with your consent, for the purpose as specified in the consent, or as permitted by law and only to the extent as is reasonably necessary or required by law.  This includes for the purpose of maintaining or improving the quality and efficiency of health care rendered or health care programs provided, for obtaining payment for health care rendered or related goods and service provided and for the other uses permitted or required by law.

You may withdraw your consent at any time for the collection, use or disclosure of your PHI by providing notice to the clinic’s listed contact. A withdrawal of consent is not retroactive, and therefore the University is not required to retrieve the information that has already been disclosed.

Access to your PHI is limited to only those who need access to do their job when they are directly involved in your care or as otherwise indicated under PHIPA.



When we disclose your PHI

We only disclose your PHI with your consent, or as permitted by law.  In accordance with PHIPA, we do not disclose your PHI if other information will serve the purpose of the disclosure, and only disclose as much information as is necessary to meet the purpose.

Non-identifying information related to your care and services is used for administration, management, strategic planning, decision-making, research and allocation of resources.

PHIPA allows the disclosure of personal health information without patient consent under certain circumstances, for example in a medical emergency to eliminate or reduce a significant risk of serious bodily harm to a person or group of persons. However, we make every reasonable effort to obtain your consent before disclosing your information.



How we secure your PHI

The protection of your privacy is integral to the delivery of health care and embedded into the culture of the University.  Consequently, we have implemented a comprehensive approach to safeguard your PHI, including the implementation of privacy policies, procedures, privacy training for all Brock employees, and confidentiality agreements with consultants and contractors to minimize the risk of unauthorized access to your PHI.


How we store your PHI

Currently, most records are stored in an electronic medical record, however there are some paper records that still exist (e.g. paper documents you provide, archival records). Both paper and electronic records are under supervision or secured in a locked or restricted area at all times.

The electronic records system has additional specific security and privacy features. Your PHI should only be accessed by a those who need access to do their job when they are directly involved in your care or as otherwise indicated under PHIPA.


How long we retain your PHI

The health service retains your PHI for a minimum of 10 years from the date of last entry or discharge, or longer in the case of individuals under the age of 18.



How to obtain access to your PHI

If you wish to access or correct your PHI, or have questions about how it is collected, maintained, used or disclosed, you may contact the listed health care service contact.

Step 1

You may request access to your PHI by making a written request for access to the contact listed below within the health care service that you believe to have your information, and paying any required fees.

Step 2

When making a formal written request, include your name, address and day-time telephone number, and identify the specific record(s) or personal information to which you seek access. Also, specify dates or a time period for the record(s)/personal information you request. A clearly defined request will greatly assist the University to identify the record(s)/personal information sought. You may ask the contact in the health care service to assist you in formulating your access request. For your convenience, see PHIPA request form.

Step 3

The department will review and release where permitted by PHIPA. If the department determines that access is not permissible or appropriate due to PHIPA exceptions, customs or limitations, the department will explain the reasons and notify you within 30 days of submitting your request. Note, there are circumstances within the Personal Health Information Protection Act (PHIPA) where the University is permitted to extend the time limit beyond the 30 days.

Step 4

If you disagree with the University’s decision, you may appeal the decision to the Information and Privacy Commissioner/ Ontario (IPC).

If you have further questions, contact: Freedom of Information and Privacy Coordinator


PHIPA Access Request fees

An Administration fee of $35 may be charged for any request to access your PHI. After the first 20-pages, an additional fee of $0.30 (includes HST) for each page may be charged.

Additional fees may also be charged depending on the type of request to obtain health or other information. Requests must be made in writing.  A fee may be waived if there is financial hardship.


How to request a correction to your PHI

You have the right to require the correction of your PHI where you believe the record is inaccurate or incomplete by making a written request to the contact listed below that you believe to have your information.

We will respond to your request within 30 days and grant or decline your request.  Likewise, we will notify you if we need to extend the deadline for replying for a period of not more than 30 days if:

  • Replying to the request within 30 days would unreasonably interfere with the activities of the health care service; or
  • The time required to undertake the consultations necessary to reply to the request within 30 days would make it not reasonably practical to reply within that time.



Please be assured we do the utmost to protect your information.  In the event of a breach of privacy in accordance with PHIPA, we will notify any affected individual unless PHIPA provides that notice is not required.


Complaints and Contact Information

 Brock University is committed to resolving any concerns or complaints and we encourage you to first contact us directly.

Contact information

  • Student Health Services: Clinic Manager, 905-688-5550 3054
  • Personal Counselling Services: Clinic Manager, 905-688-5550 3054
  • Brock Sports Medicine Clinic – Lead Therapist, 905-688-5550 3791

Privacy questions/complaints

  • Marion Hansen, Freedom of Information and Privacy Coordinator University Secretariat, Brock University
    905-688-5550, x5380

If you believe that another person has contravened, or is about to contravene PHIPA, you have the right to submit a written complaint to the Information and Privacy Commissioner of Ontario (IPC).

  • Information and Privacy Commissioner of Ontario
    2 Bloor Street East, Suite 1400
    Toronto, ON M4W 1A8
    Telephone: 416-326-3333 or Toll Free: 1-800-387-0073

For more information see: