Since 1968 when North York General Hospital first opened its doors, we have built a strong tradition of respecting the dignity and privacy of the individuals we serve. We uphold the tradition through progressive practices and use of privacy enhancing technologies to protect your personal and health information. This includes strong organizational controls and information technology (IT) security architecture.

Culture of privacy and data protection actively fostered at NYGH
Our privacy and data protection practices are guided by professional codes of practice and by-laws that apply to personal health information. We recognize that information about you belongs to you and that we are simply its custodians. As custodians, our obligations include putting in place policies and practices to ensure the confidentiality and security of your information. It means that privacy and data protection is an absolute requirement when we design and deliver programs, services and technology initiatives.

Learn more about how we respect your rights under the Personal Health Information Protection Act, 2004 by reading our Privacy Principles and Practices below. The full text of our Privacy and Data Protection Policy Download: Privacy and Data Protection Policy provides more detailed information.

Chief Privacy Officer
Privacy compliance at North York General Hospital is facilitated by our Chief Privacy Officer (CPO). The CPO develops privacy and data protection policies and provides training and direction in the practical application of privacy law to collection, use, disclosure and protection of personal and personal health information.

Contact us
If you have a question, comment or concern about our practices, please contact the Chief Privacy Officer at 416-756-6448 or privacy@nygh.on.ca. Mailing address:
Chief Privacy Officer 1W-Room 118
North York General Hospital
4001 Leslie Street
Toronto Ontario  M2K 1E1

Privacy Principles and Policies

Learn more about how we respect your rights under the Personal Health Information Protection Act, 2004 by reading our Privacy Principles and Policies. The full text of our Privacy and Data Protection Policy provides more detailed information.

Integrity and vigilance
North York General Hospital is committed to integrity in making decisions involving personal and personal health information and to being vigilant in identifying and addressing risks to privacy and data security.

Our hospital is accountable for collecting and managing personal health in accordance with the spirit and intent of the Personal Health Information Protection Act, 2004 (PHIPA). Physicians, employees, contractors, consultants, volunteers and students all have day-to-day accountability for meeting our privacy, confidentiality and security obligations. Vice Presidents are ultimately accountable for compliance with the Privacy and Data Protection policy within their respective portfolios. There are serious consequences for not complying with privacy and data protection policies.

Identifying purposes
The purposes for collecting personal health information are identified before or at the time of collection. Our purposes all directly relate to the effective provision of health care. Permitted purposes under PHIPA include provision of care, program and service delivery, necessary hospital administration and to comply with statutory requirements. Those who collect information on the hospital's behalf will respond to questions about collection purposes in a timely way.

We obtain an individual's consent for collection, use and disclosure of their personal health information unless this or another Act permits these activities without consent. For example, in emergency situations it may not be possible to obtain consent. In those cases, we do what is necessary to treat and care for the individual. Consent is obtained at the first reasonable opportunity thereafter.

Consent, whether express or implied, must be knowledgeable and relate to the information. For consent to be knowledgeable, identified purposes include the information most people would want to know. This is to ensure that an individual would reasonably expect the collection, use or disclosure. A short notice of our practices is prominently displayed in public areas of all North York General sites and on this website.

Withdrawal of consent
Individuals are informed that they may identify certain health information and withdraw consent. Potential health implications are explained if consent is withdrawn. North York General Hospital respects an individual's withdrawal of consent directive unless this or another Act permits or requires otherwise.

Personal health information is collected and recorded where required by law or established standards of professional and hospital practice. For example, we are required to report communicable diseases and gunshot wounds. An individual's withdrawal of consent will not apply in these circumstances or where disclosure is necessary to reduce or eliminate a significant risk of harm to an individual or group.

Limiting collection
North York General Hospital collects personal and health information only for lawfully authorized purposes. The collection is limited to that necessary to provide care, to assist in the provision of care and to properly carry out related administrative and reporting obligations. Information is only collected fairly and lawfully. This means that individuals are never deceived or coerced in order to obtain consent for collection, use or disclosure of their information. When you visit this website, you do so anonymously — there is no need to tell us who you are. For more information about our website collection practices, please see our Website Privacy Statement.

Limiting use
Your information is used by the health care team to provide you health care and as permitted or required under this or another Act. The health care team is composed of primary care, attending and consulting physicians, residents, nurses, technicians, spiritual care and support staff who are directly involved in your care or treatment or assisting in the provision of care. The health care team uses and shares information with other team members on a "need to know" basis.
We also use the information for planning and delivering patient care programs and services and to evaluate their effectiveness. Uses include educational purposes, risk and incident management, research and activities to improve or maintain the quality of care.
The hospital's Research Ethics Board reviews all research proposals from internal and external researchers and approves only those that meet high scientific, ethical, privacy and security standards.

After you leave the hospital, we may use your name, address and visit date to send you a survey asking for your opinion on the care you received. Your may have your name removed from the survey list by calling 416-756-6200.

As a recent patient, you, a parent or guardian may be contacted to make a donation to the hospital. Only names and addresses are used for fundraising purposes. No health information is used. Your donation to the North York General Foundation helps ensure continued provision of the best possible health care by funding patient care programs, equipment, research and education.

You may have your name removed from the fundraising mailing list by contacting the North York General Foundation at 416-756-6994. The care you receive will not be affected if you decide not to contribute.

Limiting disclosure
Personal health information is disclosed as necessary for the purpose for which it is collected, with consent, and as required or permitted by law. This includes disclosure to your care providers to ensure continuity and coordination of care. For example, we have implemented a family doctor notification process. If a patient has provided the doctor's name, they will be notified if the patient is admitted to hospital and when they are discharged. Please tell us if you don't want your family doctor to be notified or provided information about your hospital visit.

  • Admission, location, condition: North York General will confirm that an individual is a patient in the hospital and provide location and general condition information unless there is an objection. We obtain consent at the first reasonable opportunity. If you do not want this information disclosed, please tell us and we will respect your wishes.

    Disclosure is also permitted or required to the following:
  • You, your legal guardian or substitute decision-maker
  • To care providers to determine suitability for transfer to another facility and to provide for ongoing care
  • To care providers to improve/maintain the quality of your care and of those provided similar care
  • Registriesand entities prescribed in regulation such as Cancer Care Ontario, the Cardiac Care Network, Canadian Stroke Network, INSCYTE, Pediatric Oncology Group of Ontario, the Institute for Clinical Evaluation Services, the Canadian Institute for Health Information, Children's Hospital of Eastern Ontario, Ontario Institute for Health Research and health regulatory agencies
  • Health Information Networks such as the electronic Child Health Network (eCHN), Hospital Diagnostic Imaging Repository Services (HDIRS), Ontario Laboratory Information System (OLIS), Integrated Assessment Record (IAR) and Connecting GTA (cGTA)
  • Ministry of Health and Long-Term Care e-health projects such as the Enterprise Master Patient Index (EMPI) Wait Time Information System and Diabetes Testing Report
  • Researchers if the research has been approved by our Research Ethics Board or authorized Board of Review such as the Ontario Cancer Research Ethics Board
  • The Medical Officer of Health to report communicable diseases
  • The Workplace Safety & Insurance Board
  • Law enforcement officers who present a warrant or subpoena, or to aid in an investigation
  • The Children's Aid Society where child abuse is suspected; the Children's Lawyer
  • The Public Guardian and Trustee
  • The Coroner.
North York General Hospital is a member of the Health Information Networks noted above. These networks permit care providers, with patient consent, to securely share electronic patient health information for the purpose of providing timely and coordinated patient care. Following are brief summaries and links to more information:
  • Child Health Network (eCHN): a secure electronic system for children's medical records. About 40 health care providers in Ontario are members of eCHN. Members provide eCHN with laboratory results, doctor's notes, x-rays and visit information as well as name, age, address and contact information. This means that if your child is provided care at any of these 40 facilities, the care provider may access their medical record on the electronic system. If you do not want your child's records included in the system, please tell us. For more information please visit http://www.echn.ca/.

  • Hospital Diagnostic Image Repository Services (HDIRS):permits hospitals to securely share exams and diagnostic images electronically. This protects patients because it avoids duplication of tests and thereby decreases the number of X-Rays and other tests that expose patients to radiation. Please tell us if you do not want to participate in HDIRS. For more information please visit the eHealth Ontario website.

  • Ontario Laboratories Information System (OLIS): an electronic system managed by eHealth Ontario. It allows hospitals and community laboratories to securely share your lab test results with your health care providers. If you do not want your lab tests to be stored in OLIS, please tell us or call Service Ontario at 1-800-291-1406; TTY 1-800-268-7095.

  • Diabetes Testing Report (DTR): designed to assist people living with diabetes. People with diabetes need to have three tests done every year. Health care providers notify the Ministry of Health & Long-Term Care when tests are done and a DTR is created. A paper copy of the DTR is sent to your primary care provider to help ensure you receive the necessary tests every year. If you do not want to participate, please tell us or call Service Ontario at 1-800-291-1405; TTY 1-800-387-5559.

    For more information about Ontario Laboratories Information System and/or the Diabetes Testing Report, please visit the Ministry of Healthand Long-Term Care website.

  • Integrated Assessment Record (IAR): this electronic system permits authorized health service providers to securely view a consenting client's assessment information for the purpose of planning and delivering the appropriate services. It supports a client-centred approach to service delivery by strengthening the ability of care providers to collaborate and to coordinate care. Assessments are only shared with consent. Please tell us whether or not you want to participate or call the IAR Consent Management Centre at 1-855-585-5279. For more information, please visit the IAR website.
  • Connecting GTA (cGTA): this program and related electronic system integrates electronic patient information from across the care continuum to make it available to care providers at the point of care. It is an initiative of eHealth Ontario, Canada Health Infoway and local Health Integration Networks.

    cGTA's electronic system includes a central clinical data repository that stores patient health information collected from multiple health care sources. The system is designed to permit health care providers to securely share patient information if the patient consents. It means, for instance, that when you visit NYGH, your care provider will be able to view your health records from previous visits to other health care organizations that are participating in cGTA. This enhanced access will make it easier for patients and their care givers to move more easily through the care journey. The goal is to deliver better, timelier and more coordinated care to each patient. If you do not want your information shared through cGTA, please tell us. For more information about cGTA, please visit the eHealth Ontario website.

  • North York Family Health Team (NYFHT):  the NYFHT is a group of over80 family doctors who are credentialed at NYGH (have admitting privileges) and provide primary care to approximately 94,000 patients in the North York area. Many of these patients are also patients of the hospital. Health information is shared between the hospital and the NYFHT to improve and maintain the quality of care each organization provides to these patients and to those provided similar care. If you do not want your personal health information shared for these purposes, please tell us.
Our Disclosure of Personal Health Information Policy Download: Disclosure of Personal Health Information Policy provides more information about disclosure practices.

Records retention
All records held by the hospital will be securely maintained and will only be destroyed in accordance with our Record Retention and Destruction Policy. Please note that electronic health records are permanently retained as a lifelong, comprehensive view of an individual's health history and in support of effective provision of high quality health care.

For more information, please see our Record Retention and Destruction Policy Download: Record Retention and Destruction Policyand Schedule Download: Record Retention and Destriction Policy Schedule.

Information accuracy
All reasonable steps are taken to ensure that your personal and personal health information is as accurate, complete and up-to-date as is necessary for the purposes for which it is collected. You can help us with this when you register by having the full name and current contact information of your primary care doctor. This helps us ensure that reports are sent to the right doctor.

If you have previously been a patient, we will ask you to confirm your registration information to ensure it is still correct. We inform recipients of any limitations on the accuracy, completeness and up-to-date character of the information.

Data protection safeguards

North York General has in place effective physical, technical and administrative safeguards to protect your information from theft or loss, unauthorized access, use or disclosure, copying, modification or disposal. A comprehensive suite of data protection standards and practices preserves the confidentiality, integrity and availability of information and systems. We utilize "privacy by design" principles to build privacy and data protection into systems and operations including:
  • Identifying and mitigating privacy and data protection risks
  • Network firewalls, intrusion detection
  • Virus and anti-spyware software
  • Role based access controls and access logs
  • Audits of system and patient chart access
  • Strong passwords mandatory and system initiated change password protocols
  • Two-factor authentication
  • Encryption technology and data transmission security
  • Rigorous change management processes
  • Physical and environmental controls
  • Backup and recovery systems
  • Locked filing cabinets
  • Secure records destruction
  • Personal accountability
  • Privacy and data protection training
  • 24 hour Security Officers
Physicians, employees, volunteers and health care students sign confidentiality agreements and wear photo identification. Agreements with vendors, service providers and contractors include terms requiring confidentiality and information security. When we enter into partnerships with other hospitals to improve services, such as to reduce wait times between diagnosis and treatment, the agreements provide for effective protection of personal health information.

Any person who contravenes our Privacy & Data Protection Policy is subject to sanctions up to and including dismissal, contract termination or termination of hospital privileges.

Protections for paper and electronic records are regularly reviewed and updated as necessary. Privacy enhancing technologies are implemented where feasible. Our policy on Mobile Devices, Removable Storage Media & Personal Health Information Security Download: Mobile Devices, Removable Storage Media & Personal Health Information Security policyprovides more information on our security practices.

North York General is open about our privacy, data protection and information management policies and practices. The exception is that detailed information about data protection is not made available where it could be used to compromise the security of technology systems and personal health information.

Individuals are provided meaningful information about our practices through a combination of public notices including this website, policies and brochures, registration forms and oral communication. Large notices summarizing our collection, use and disclosure practices are prominently posted in all hospital sites.

Individual's right of access, right to correction
Individuals have a right of access to a record of their own personal health information that is in the custody or control of our hospital unless a provision of PHIPA provides otherwise. This means that if you are a patient in the hospital, you can arrange to see your chart by speaking to a nurse or your physician. Access will be provided when it will not cause a disruption to patient care.

After discharge, the Release of Information Department is responsible for responding to requests for copies of health records. Information about how to make a request and a request form to complete is available at Your Health Information.

You also have a right to request correction of your information if you believe it to be inaccurate. If you are a patient in the hospital, information may be corrected by speaking to a nurse or your physician. The decision about whether to amend a record will be made a person who has the knowledge and authority to do so, normally the record author or medical staff.

Following discharge, correction requests may be made to the Release of Information Department. If a correction is made that could affect your health care, those providing care to you will be notified.

Challenging compliance
If you have any questions, comments or concerns about North York General compliance with your rights under PHIPA, please contact our Chief Privacy Officer at 416-756-6448, email privacy@nygh.on.ca, or write to:
Chief Privacy Officer 1W-Room 118
North York General Hospital
4001 Leslie Street
Toronto Ontario M2K 1E1

A complaint may be made to the Information & Privacy Commissioner/Ontario. The Commissioner is located at 2 Bloor St. E., Suite 1400, Toronto, ON M4W 1A8; telephone 416-326-3333.