Brock University’s health care services treat your Personal Health Information (PHI) with respect and in accordance with the Ontario Personal Health Information Protection Act (PHIPA) and all other applicable laws.
Your PHI is confidential and kept securely and in accordance with PHIPA. PHIPA establishes certain privacy rights and imposes specific obligations on health-care services in protecting PHI.
This statement outlines Brock’s information practices with respect to your PHI.
Personal Health Information at Brock
What is Personal Health Information (PHI)?
Personal Health Information (PHI) is information in any form that identifies you and that relates to your health and health care including, physical or mental health, including family health history, care provided, health care programs and services, health care providers, health card number and the name of your substitute decision-maker.
Who acts as a Health Information Custodian at Brock?
Brock University has three health care providers who act as Health Information Custodians within the context of Personal Health Information Protection Act (PHIPA):
Note: To provide efficient and timely services, Personal Counselling Services offers a blended model of services by both Brock University employees and third-party counsellors. When you receive counselling from the University’s third-party counselling service, those third parties act as the Health Information Custodian. If you have any questions about the information practices of the third party, request the Custodian’s Contact Person to put you in touch with the third party.
In accordance with PHIPA, each Health Information Custodian is responsible to ensure that your personal health information is collected, used, stored and shared in a manner that protects your confidentiality and privacy, while facilitating the effective provision of health care.
To learn more about Brock University’s information practices, please contact our Privacy Contact Person.
Collection of information
When we collect your Personal Health Information (PHI)
We only collect your Personal Health Information (PHI) with your consent, or as permitted or required by law and only to the extent as is reasonably necessary or required by law.
Your PHI may be collected through an in-person meeting with a University health care service staff, over the phone, or through paper or electronic documents. The kind of personal health information collected may include:
- name, address, date of birth, Ontario health card number
- facts about health, health care and history related to exposures to disease
- information about payment for health care, when required
Your information is collected for the purpose of providing health care services to you.
Use and disclosure
How we Use your Personal Health Information (PHI)
Student Health Services, Personal Counselling Services, and Athletic Therapy, may use your PHI with your consent, for the purpose as specified in the consent, or as permitted by law and only to the extent as is reasonably necessary or required by law. This includes for the purpose of maintaining or improving the quality and efficiency of health care rendered or health care programs provided, for obtaining payment for health care rendered or related goods and service provided and for the other uses permitted or required by law.
You may withdraw your consent at any time for the collection, use or disclosure of your PHI by providing notice to the clinic’s listed contact. A withdrawal of consent is not retroactive, and therefore the University is not required to retrieve the information that has already been disclosed.
Access to your PHI is limited to only those who need access to do their job when they are directly involved in your care or as otherwise indicated under PHIPA.
When we might disclose your PHI
We only disclose your PHI with your consent, or as permitted by law. In accordance with PHIPA, we do not disclose your PHI if other information will serve the purpose of the disclosure, and only disclose as much information as is necessary to meet the purpose.
Non-identifying information related to your care and services is used for administration, management, strategic planning, decision-making, research and allocation of resources.
PHIPA allows the disclosure of personal health information without patient consent under certain circumstances, for example in a medical emergency to eliminate or reduce a significant risk of serious bodily harm to a person or group of persons. However, we make every reasonable effort to obtain your consent before disclosing your information.
Protection of PHI
The protection of your privacy is integral to the delivery of health care and embedded into the culture of the University. Consequently, we have implemented a comprehensive approach to safeguard your PHI, including the implementation of privacy policies, procedures, privacy training for all Brock employees, and confidentiality agreements with consultants and contractors to minimize the risk of unauthorized access to your PHI.
How we store your PHI
Currently, most records are stored in an electronic medical record, however there are some paper records that still exist (e.g. paper documents you provide, archival records). Both paper and electronic records are under supervision or secured in a locked or restricted area at all times.
The electronic records system has additional specific security and privacy features. Your PHI should only be accessed by those who need access to do their job when they are directly involved in your care or as otherwise indicated under PHIPA.
How long we retain your information
Health services retain your PHI for a minimum of 10 years from the date of last entry or discharge, or longer in the case of individuals under the age of 18.
How to access your PHI (file/chart)
You may request access to your PHI by making a written request for access to the contact listed below within the health care service that you believe to have your information.
Make a formal written request. Include your name, address and daytime telephone number, student number and identify the specific record(s) or personal information to which you seek access. Also, specify dates or a time period for the record(s)/personal information you request. A clearly defined request will greatly assist the University to identify the record(s)/personal information sought. You may ask the contact in the health care service to assist you in formulating your access request. For your convenience, you can use this PHIPA request form. Email your request to the contact, below.
The department will review and release, where permitted by PHIPA, within 30 days. If the department determines that access is not permissible or appropriate due to PHIPA exceptions, customs or limitations, the department will explain the reasons and notify you within 30 days of submitting your request. Note, there are circumstances within the Personal Health Information Protection Act (PHIPA) where the University is permitted to extend the time limit beyond the 30 days.
If you disagree with the University’s decision, you may appeal the decision to the Information and Privacy Commissioner/ Ontario (IPC).
If you have further questions, contact: Manager, Privacy & Records Management.
How to request a correction to your PHI
You have the right to require the correction of your PHI where you believe the record is inaccurate or incomplete by making a written request to the contact listed below that you believe to have your information.
We will respond to your request within 30 days and grant or decline your request. Likewise, we will notify you if we need to extend the deadline for replying for a period of not more than 30 days if:
- Replying to the request within 30 days would unreasonably interfere with the activities of the health care service; or
- The time required to undertake the consultations necessary to reply to the request within 30 days would make it not reasonably practical to reply within that time.
Privacy breach notification
Please be assured we do the utmost to protect your information. In the event of a breach of privacy in accordance with PHIPA, we will notify any affected individual unless PHIPA provides that notice is not required.
To get access to or obtain a copy of your file/chart
Please email your written request to: firstname.lastname@example.org
To request a correction your file/chart
Please email your written request to: email@example.com
Privacy questions and complaints
Brock University is committed to resolving any concerns or complaints and we encourage you to first contact us directly.
Department contact for information or complaints:
- Student Health Services: Clinic Manager, 905-688-5550 x3054
- Personal Counselling Services: Clinic Manager, 905-688-5550 x3054
- Brock Sports Medicine Clinic: Lead Therapist, 905-688-5550 x3791
Brock contact for information or complaints:
- Marion Hansen, Manager, Privacy & Records Management
Legal, Compliance & Privacy
905-688-5550, firstname.lastname@example.org or Privacy@brocku.ca
If you believe that another person has contravened, or is about to contravene PHIPA, you have the right to submit a written complaint to the Information and Privacy Commissioner of Ontario (IPC).
- Information and Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400
Toronto, ON M4W 1A8
Telephone: 416-326-3333 or Toll Free: 1-800-387-0073