Protecting your privacy

Central X-ray and Ultrasound complies with the following privacy laws:

The Freedom of Information and Protection of Privacy Act (FIPPA) is an Ontario Statute that was enacted in 1990 and covers government institutions, universities, among other public institutions.

FIPPA is a statute with two Principles:

  1. Access to Information – Provides public a right of access to health records subject to limited exemptions; and
  2. Privacy – to protect the privacy of the individuals with regards to their personal information and to provide a right of access to their personal information held by the healthcare institute.

Personal Health Information Protection Act (PHIPA)

  1. The Act applies to personal health information that is collected, used or disclosed by custodians. Personal health information includes oral or written information about the individual, if the information:
    1. relates to the individual’s physical or mental health, including family health history;
    2. relates to the provision of health care,
    3. including the identification of persons providing care; is a plan of service for individuals requiring long-term care;
    4. relates to payment or eligibility for health care;
    5. relates to the donation of body parts or bodily substances or is derived from the testing or examination of such parts or substances;
    6. is the individual’s health number; or identifies an individual’s substitute decision-ma

Personal Information Protection and Electronic Documents Act (PIPEDA)

  1. “Personal Information”, as specified in PIPEDA, is as follows: information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization.

The law gives individuals the right to:

  1. Know why an organization collects, uses or discloses their personal information; expect an organization to collect, use or disclose their personal information reasonably and appropriately, and not use the information for any purpose other than that to which they have consented;
  2. Know who in the organization is responsible for protecting their personal information;
  3. Expect an organization to protect their personal information by taking appropriate security measures;
  4. Expect the personal information an organization holds about them to be accurate, complete and up-to-date;
  5. Obtain access to their personal information and ask for corrections if necessary; and complain about how an organization handles their personal information if they feel their privacy rights have not been respected.

The law requires organizations to:

  1. Obtain consent when they collect, use or disclose their personal information;
  2. Supply an individual with a product or a service even if they refuse consent for the collection, use or disclosure of your personal information unless that information is essential to the transaction;
  3. Collect information by fair and lawful means; and have personal information policies that are clear, understandable and readily available.

Depending on the sensitivity of the personal information, your consent may be express, implied or deemed. Express consent can be given orally, electronically or in writing. Implied consent is consent that can reasonably be inferred from your action or inaction. For example, when you accept our services, we will assume your consent to the collection, use and disclosure of your personal information for purposes related to your acceptance and use of those products or services, or for other purposes identified to you at the relevant time. Deemed consent is consent we assume if you do not exercise an opt-out mechanism offered to you.