Privacy

Privacy and freedom of information

Our team is committed to establishing standards of privacy, confidentiality and data security to protect the personal health information of our patients.

What we do

  • Advocate for patient and staff privacy
  • Provide expertise and guidance in the implementation of privacy laws and principles
  • Ensure compliance by conducting internal audits and reviewing organizational process

If you have any questions or concerns about how we collect and share your personal or health information, please contact us.

What type of information do we collect about you?

To provide you with quality health care, we collect both personal and health information from you. Your name, date of birth, address, health card number and extended health insurance numbers are examples of personal information.

Your health history, the records of your visits to the hospital and what health care we provide to you during those visits are examples of your health information.

How is your information used?

The information we collect from you is used:

  • To provide you with quality health care in our hospital and to share with those providing you care outside the hospital, e.g. your family physician, Home and Community Care for your ongoing care in the community.
  • To carry out quality assurance to help make us better.
  • For patient satisfaction surveys to see how we are doing.
  • For our patient directory so that we can provide your location in the hospital should your friends or family contact us and ask for you by name.
  • To comply with legal and regulatory requirements.
  • For fundraising for equipment and facilities to provide you with the most modern health care services.
  • For research to make us the best we can be and to help develop new treatment and technologies for the future.
  • For education to keep current health care practitioners up to date and to train new health care practitioners for the future.
  • To send appointment reminders to patients via telephone or by mail.

If your information were to be used for any other purpose, your specific permission would be required first.

Who do we share your information with?

St. Joseph’s is partnered with organizations in Southwest Ontario to provide you with health care using shared electronic patient record systems.

See the web site for the Regional Shared Service (RSS) for more information on our partnerships across Southwest Ontario and how your information is protected.

St. Joseph’s shares your health information with:

  • Health-care providers at other hospitals, health care agencies, nursing homes, etc., who become part of your health care team for the purpose of your continuing care. Examples include:
    • Your family physician
    • Home and Community Care when you require their follow up care in the community. Also, we notify Home and Community Care when one of their current clients is admitted for emergency care in our hospital.
  • Agencies that pay for health services, such as OHIP, health insurance companies, Workplace Safety and Insurance Board and the Ministry of Health
  • Individuals who contact the organization to inquire about you. Unless you request otherwise, we may confirm that you are a patient, your room number and a general, high level condition report
  • Provincial networks and registries, e.g. Cancer Care Ontario (CCO), Electronic Child Health Network (eCHN), Ontario Laboratories Information System (OLIS).
  • The hospital’s foundation. Unless you request otherwise, we may share your name and address for the purpose of fundraising for the hospital.

Contact

Patient Relations, Privacy and Risk

Room WB31
Mount Hope Centre for Long Term Care

519 646-6100 ext. 65591

@email

Mailing address:

Patient Relations, Privacy and Risk

St. Joseph's Health Care London
PO BOX 5777, STN B
London, ON  N6A 4V2

Staff contact information

Ruth Bullas
Director of Patient Relations, Chief Privacy and Risk Officer
519 646-6100 ext. 65582

Douglas Brunton
Patient Relations, Privacy and Risk Consultant
Research, Authorized Technology Reviews and Contracts
ext. 61418, pager 16601

Kimberly Dale
Patient Relations, Privacy & Risk Assistant
519 646-6100 ext. 65574

Stephanie DeSario
Policy Assistant
519 646-6100 ext. 65221

Peter Kreis
Emergency Management and Risk Specialist
519 646-6100 ext. 64267

Krista Lake
Patient Relations, Privacy and Risk Consultant
Parkwood Institute and Mount Hope Centre for Long Term Care
519 646-6100 ext. 64545, pager 16308

Danica Low
Patient Relations, Privacy and Risk Consultant
St. Joseph's Hospital, and Corporate
519 646-6100 ext. 64972

Pamela Talbot
Patient Relations, Privacy and Risk Consultant
Parkwood Institute Mental Health Care and Southwest Centre for Forensic Mental Health Care
519 646-6100 ext. 64973

Kelly Taylor
Administrative Assistant
Patient Relations, Privacy and Risk
519 646-6100 ext. 64976 

Robin Wotherspoon
Patient Relations, Risk and Policy Assistant
519 646-6100 ext. 64975

Privacy Policy

St. Joseph's Health Care London is responsible for personal health information under its control and is committed to a high standard of privacy for their information practices.

The hospital has adopted the 10 principles set out in the Personal Health Information Protection Act, 2004 (PHIPA).

Principle 1 - Accountability for Personal Health Information

St. Joseph's Health Care London is responsible for personal information under their control and has designated individuals accountable for compliance at all hospital sites.

St. Joseph's Health Care London is complying with PHIPA by implementing policies and procedures to: protecting your personal health information, including information relating to patients, staff, and agents; adhering to policies and procedures when receiving and responding to complaints and inquiries; training and communicating to staff and agents information about privacy policies and practices; developing plans and communicating to our patients, families, members of the public and key hospital stakeholders.

Principle 2 - Identifying Purposes for the Collection of Personal Health Information

The hospital will identify the purposes for which personal health information is collected at or before the time of collection. These purposes will be conveyed by means of posters, brochures, web sites and by direct contact with the Privacy Office. Primarily, personal health information is used to deliver patient care, for administration, in research, teaching, statistics, fundraising, and to meet legal and regulatory requirements. Patients imply consent when they present for treatment and receive an explanation. Unless a new purpose is legally required, consent must be obtained before the information can be used.

Principle 3 - Consent for the Collection, Use, and Disclosure of Personal Information

An individual's knowledge and consent is required to collect, use, or disclose personal health information. The form of consent - express or implied - and the way it is sought - in writing or orally - may vary depending upon the circumstances and sensitivity of the information. Consent may be withdrawn at any time, subject to legal or contractual restrictions and reasonable notice. Personal health information can be collected, used, or disclosed without the knowledge and consent of the individual; for example, legal, medical, or security reasons may make it impossible or impractical to seek consent.

Principle 4 - Limiting Collection of Personal Health Information

Only information necessary for the purposes identified may be collected, by fair and lawful means.

Principle 5 - Limiting Use, Disclosure, and Retention of Personal Information

Personal health information may be used only for the purposes for which it was collected, except with consent or as required by law. The hospital will document any new purpose and may require consent from the individual. The information is retained only as long as necessary, and destroyed in accordance with legislation, hospital policies, guidelines and procedures.

Principle 6 - Ensuring Accuracy of Personal Health Information

St. Joseph's Health Care London will make every effort to ensure the information they hold is accurate, complete and up-to-date. Patients have the right to challenge the accuracy of the information.

Principle 7 - Ensuring Safeguards for Personal Information

St. Joseph's Health Care London applies security safeguards appropriate to the sensitivity of personal health information to aim to protect it against loss, theft, unauthorized access, disclosure, copying, use, or modification, regardless of its format. Protection may include physical measures (i.e., locked filing cabinets and restricted access), organizational measures (limiting access on a "need-to-know" basis), and technological measures (use of passwords, encryption and audits). Hospital staff and agents will be required to sign a confidentiality agreement as a condition of employment, appointment, or agency. Those with access to electronic health records must sign individual user agreements.

Principle 8 - Openness About Personal Information Policies and Practices

St. Joseph's Health Care, London makes information about their privacy policies and practices readily available, in a form that is generally understandable. This will include:

  • Contact information for the hospital's Privacy Office, to which complaints or inquiries can be forwarded;
  • Means of gaining access to personal health information held by the hospital;
  • A description of the type of personal health information held by the hospital, including a general explanation of its use;
  • Brochures or other information explaining the hospital's policies, standards, or codes; and,
  • What personal health information is made available to related organizations.

Principle 9 - Individual Access to Own Personal Information

Upon request, within a reasonable time and at a reasonable cost, an individual will be informed of the existence, of his or her personal information and will be given access to it. They can challenge its accuracy and completeness and have it amended as appropriate.

Exceptions to access will be limited and specific. This may include information that is prohibitively costly to provide, refers to other individuals, cannot be disclosed for legal, security or proprietary reasons, and/or is subject to solicitor-client or litigation privilege.

An individual must provide sufficient information to permit the hospital to identify the existence of personal health information, including details of third-party recipients.

Principle 10 - Challenging Compliance with the Hospital's Privacy Policies and Practices

An individual will be able to address and challenge issues concerning compliance with this policy to the Privacy Director/Manager. St. Joseph's Health Care London has put procedures in place to receive and respond to complaints or inquiries about their policies and practices relating to the handling of personal health information. The hospital will investigate all complaints. If a complaint is justified, St. Joseph's Health Care, London will take appropriate measures, including, if necessary, amending their policies and practices.

Viewing a health record

A person can view their own health record at the health care facility where they were treated. The same guidelines apply for viewing the health record of an individual under the age of 16, or viewing the health record of a deceased patient.

How do I correct my personal health information?

If demographic information (e.g., name, address, phone # etc.) is incorrect, you can contact Patient Registration.

Patient Registration
Phone: 519 646-6100 and enter extension followed by # key:

  • St. Joseph's Hospital: 66015
  • Parkwood Institute Mental Health Care: 44033
  • Mount Hope Centre for Long Term Care: 65455
  • Regional Mental Health Care London: 47302
  • Southwest Centre for Forensic Mental Health Care: 49615

If you feel that any other information in your health record is incorrect, or needs to be amended, contact Patient Relations, Privacy and Risk.

Your request will be reviewed by Patient Relations, Privacy and Risk and the author of the record. By law, the hospital is not required to correct a professional opinion or observation made in good faith about a patient.

Frequently asked questions

St. Joseph's Health Care London respects the privacy of your personal health information. The following is a list of questions frequently asked.

If you have other questions or concerns, please contact us by phone 519 646-6100 ext. 65591 or email: privacy@sjhc.london.on.ca.

What information does the hospital collect?

St. Joseph's Health Care London (St. Joseph's) collects both personal and health information. Information like your name, date of birth, address, health card number and extended health insurance numbers are examples of personal information. Information relating to previous health problems, the record of your visits to the hospital and what health care we provide to you during those visits are examples of your health information.

Why does the hospital need this information?

The information we collect from you is used:

  • To provide you with quality health care and follow-up care in the community. We need your information to make sure we can make the appropriate diagnosis and provide treatment.
  • To release very limited information to family and friends who may call, for example to find out what room you are in. We may provide generalized condition reports such as “good, fair, serious or critical” to other individuals who are not immediate family. If you do not wish your name to be included in the Patient Information list, please notify Patient Registration when you arrive or inform your health-care provider. This would mean that if anyone called in asking about you, they would be informed that we have no one by that name on our patient list.
  • To carry out quality assurance to help make us better. By reviewing the care we provide to patients we can determine what strategies are most successful.
  • To ask you how we are doing. You may be asked to participate in surveys by either the hospital or by specific programs or departments in the hospital that participated in your care.
  • To comply with the law. The law requires hospitals to turn over your personal health information if there is a legal investigation. We also use your information to obtain funding for health services from the Ministry of Health.
  • For fundraising. Your name and address are provided to the hospital’s Foundation so they may contact you to see if you wish to make a donation. Donations by our patients and members of the community raise money for equipment and facilities to provide you with the most modern health care services. The hospital does not provide names of patients who have certain more sensitive procedures or diagnoses to the Foundation. Your personal health information, for example, your diagnosis or treatment, is not released to the Foundation.
  • For research. London is fortunate to have many brilliant health care researchers who have developed new treatments and technologies. Some research is conducted without the consent of the patient if permitted by law. Other forms of research require your permission to participate. You are under no obligation to agree to this research, and the care you receive will not be impacted in any way if you decline.
  • For education in order to keep existing health care practitioners up-to-date, and to train new health care practitioners for the future. St. Joseph's is associated with Western University, Fanshawe College and other educational institutions that train health care professionals. Education is part of the mission of the hospital.
How does the hospital protect my information?

A few of the ways that the hospital strives to protect both your personal information and your personal health information are by:

  • Stressing to our staff, physicians, volunteers and students the importance of respecting your privacy rights and the importance of maintaining confidentiality
  • Requiring that all staff wear photo identification at all times while on hospital property to protect against unauthorized individuals accessing information
  • Applying additional security measures to all electronic health records; for example, user names and passwords, firewall and antivirus software
  • Locked doors
  • Security personnel
Does the hospital share my information with anyone?

We share some or all of your information with:

  • Health-care providers at other hospitals, nursing homes or other health care agencies who become part of your health care team. Information is shared for the purpose of your continuing care in the community.
  • Agencies that fund the hospital, for example OHIP, extended health insurance companies, Workplace Safety and Insurance Board, Ministry of Health.
  • Other agencies as required by law, for example, public health surveillance.
What systems do you share and with whom?

See the web site for the Regional Shared Service (RSS) for more information on our partnerships across Southwest Ontario and how your information is protected.

St. Joseph’s shares the following systems with the hospitals listed for each system:

  • Electronic health record (EHR)
    • Our EHR houses information about you and the health care you receive at each hospital. Only those staff and affiliates who may need access to information about your visits to other hospitals are granted this broader level of access.
    • Examples of information stored in the EHR are:
      • demographic information, e.g. your name, address, phone number, health card number,
      • a list of visits to each partnered organization that includes the date of the visit, type, e.g. inpatient or outpatient, the medical service you visited, e.g. Orthopedics, the attending physician for that visit and a brief description for the reason for the visit
      • documentation that has been dictated through the hospital’s central dictation system; examples include discharge summaries, clinic notes, notes from a surgical procedure (called an operative summary)
      • Diagnostic tests, e.g. laboratory and x-ray tests and their results
    • Picture Archive Communication System (PACS)
      • PACS is the system that collects demographic information about you, physicians’ orders for the x-rays, the x-ray images and reports of the findings. Only those staff and affiliates who require this type of information have access to PACS, e.g. physicians, nurses, radiology technicians.
    • Digital Imaging Repository (DI-r)
      • A DI-r is a system that collects a copy of x-ray images, demographic information, physician orders for the tests as well as the reports of the findings from each of the PAC systems from the partnered organizations.  Only those staff and affiliates who require this type of information have access to PACS, e.g. Physicians, Nurses, Radiology Technicians.
Do I have to participate in fundraising, research, teaching and surveys?
  • Participation in fundraising is not mandatory. Contact our office to request that your name be removed from our fundraising contact list.
  • St. Joseph's may provide health information for the purpose of research. Researchers may use this information for research purposes without patient consent where the law permits them to do so. Other forms of research, such as clinical trials or clinical investigation that may have a direct impact on your care, requires your specific permission. A member of your health care team may ask your permission for a researcher, who is affiliated with the hospital, to approach you about a clinical research trial. If you agree, the researcher would provide you with information about the research and ask if you would like to participate. Many research projects give participants access to new treatments and technologies. You are under no obligation to participate in this type of research, and you can refuse when asked. The care you receive will not be impacted in any way if you decline.
  • St. Joseph's is a teaching health care institution. The hospital provides clinical experience for student physicians, nurses and a variety of other health care professionals. The students are constantly under the direction of a licensed practitioner. If you have concerns about the participation of students in your care, please speak to your physician or Leader in the area where you are receiving your care.
  • Surveys help the hospital by allowing us to get your opinion on the care and services you receive as a patient. Participation in the surveys is not mandatory and you can decline participation and/or request to be removed from the hospital’s survey list by contacting us.
Will the hospital disclose my health information to outside companies or to my employer?

The hospital requires your written permission or a court order to disclose health information to any organization or person not directly involved with the provision of patient care.

Where is my health information stored and for how long?

St. Joseph's is required to keep health records for at least 10 years past the date of the last admission. In some cases, for example health records for children and records maintained for the purpose of research, health records are kept for much longer. Most health records are maintained in the Health Records department, but some departments, including Diagnostic Imaging, maintain their own specific records.

How do I access or request a copy of my health information?
  • Ask your health care provider for information about your diagnosis and treatment while you are a patient at St. Joseph's.
  • To obtain a copy of, or view your St. Joseph's health record, please contact Health Records.
  • You may request your personal health information through Health Records and have the right to access your personal health record and the hospital has an obligation to make it available to you with limited exceptions. If releasing your information would put yourself or a third party at risk, the hospital has a legal right to choose not to disclose some or all of that information.
Can my family see my health information?

Although you have the right to access your health record, this right does not automatically extend to family members and/or friends. If you consent to let a friend or family member see your record, then the friend/family member may access the part(s) that you have consented to let them see.

What if I am unable to give consent to release my health information

If you are unable to give consent for a friend or family member to access your health information due to reasons such as competency or consciousness, the consent decision falls to the appointed substitute decision maker, such as a spouse, parent or guardian.

Will my family and friends be able to call in to get information about me over the phone?

When someone calls the hospital, staff have no way to verify who is calling and what their relationship is to you. Normally, in order to protect patient privacy, only a minimum amount of information is given out over the phone.

Can all hospital staff access my health information?

The only persons whom the hospital authorizes to access a patient record are the staff and physicians involved in a patient's care, or staff who need information from a patient record to conduct the business of the hospital, e.g., the Finance department staff that sends a bill to a patient's extended health insurance company. All staff and hospital affiliates are bound by hospital policies and practices related to privacy and confidentiality. These policies aim to ensure that staff only access information on a need-to-know basis. Regulated health professionals are also bound by privacy and confidentiality requirements from their professional Colleges.

Can I find out who has viewed my hospital record?

Yes. If you have concerns about unauthorized personnel accessing your information, you can make a request to Privacy and Freedom of Information to audit your electronic hospital record. An audit is a process that tracks every staff or physician who has accessed your electronic record by date and time. We can perform an audit on your electronic health record and a limited audit on your hardcopy health record. We will ensure that your concerns are investigated promptly and a response is provided to you in a timely manner.

If you would like to request an audit please contact the Privacy Office. You will be asked to verify your identity by providing a government-issued ID that has your signature.

Can my family physician access my health information?

St. Joseph's releases certain information, for example, inpatient discharge summaries, Emergency Department records, to family physicians to facilitate your continuing care. Other information can be released to your family physician at your request and with your consent. If you do not want your family doctor to receive information, let Patient Registration or your health care provider know.

What if I have concerns about who has accessed my health information or other privacy concerns?

Please contact us if you have any questions or concerns.