- Why were hospitals brought under FIPPA?
- When does FIPPA apply to hospitals?
- What does FIPPA stand for?
- What is the purpose of FIPPA?
- What information/records does the Act apply to?
- What is a Freedom of Information (FOI) request?
- How do I know if a record is in the “custody or control” of the hospital?
- What records are not covered by the Act?
- How do I find out what information St. Joseph’s Health Care London has?
- Do I always need to make a formal FOI request in order to obtain hospital information?
- How do I make a FOI request?
- How do I correct my own personal information?
- How do I request my personal health information?
- Who can make a FOI request?
- Is the requestor required to provide a reason for his or her request?
- If I make a request for information or contact the organization about a privacy breach, is my identity protected?
- Can the purpose of the request be used to justify denying access to records?
- When can I expect a response to an FOI request?
- How do I appeal a decision?
The Act applies to hospitals as of January 1, 2012 but it is retroactive to January 1, 2007. As a result, records that came into a hospital’s custody and/or control on or after January 1, 2007 are subject to FIPPA.
FIPPA stands for the Freedom of Information and Protection of Privacy Act.
FIPPA has two main purposes: granting access to information and protecting the privacy of individuals.
Access: The purpose of FIPPA is to provide a right of access to information under the control of institutions in accordance with the principles that:
- Information held by the government and the broader public sector should be available to the public;
- Limitations on the right of access should be narrow and specific; and,
- Decisions on the disclosure of information should be reviewed independently of the hospital’s control of the information.
Privacy: FIPPA protects the privacy of individuals with respect to personal information about themselves held by institutions and provides individuals with a right of access to the information. These concepts are similar to those the hospital already employs with respect to personal health information under the Personal Health Information Protection Act, 2004.
FIPPA provides access to information that is recorded, or that can be made into a record, whether in print, audio or electronic form, including:
- Paper and electronic files and documents
- Emails (including those on networks, desktops and personal devices)
- Photographs, video and audio recordings
- Non-final drafts and working notes
- Expense claims/accounts
- Minutes of meetings, agendas, communication books
- Handwritten notes and personal notes
- Spreadsheets and sketches
An FOI request is an official written request for information form an organization covered by the Freedom of Information and Protection of Privacy Act (FIPPA). Visit the Make a FOI Request page for more information.
In general, “custody” means that the hospital keeps, cares for, watches over, preserves and ensures the security of the record for business purposes. The hospital’s physical possession of a record may not be sufficient to constitute custody; it must have some right to deal with the record.
In general, “control” of a record does not mean having physical possession but rather the power to make a decision about the use or disclosure of the record.
Personal Health Information (links Government of Canada definition of personal health information) is subject to PHIPA legislation and is excluded from FOI legislation
Other exclusions include:
- Personal Health Information as defined by PHIPA, 2004
- Quality of Care Information as defined by QCIPA, 2004
- Ecclesiastical records of a church or religious organization that is affiliated with a hospital
- Records relating to the operations of a hospital foundation
- Administrative records of a member of a regulated health profession that relate to that person’s personal practice
- Records relating to the provision of abortion services
- Records relating to certain labour relations, employment and placement matters
- Records relating to certain appointment and privileging matters
- Certain records respecting or associated with research (including clinical trials)
- Certain records of teaching materials collected, prepared or maintained by an employee of the hospital or a person associated with the hospital for use at the hospital
A Directory of Records and Personal Information Banks is available online and contains a list of categories of records and personal information held by St. Joseph’s.
FOI requests must be submitted in writing and accompanied by a $5 to the Freedom of Information and Protection of Privacy Office. Visit the Make a FOI Request page for more details.
Visit the Correction of Personal Information page for more information on correcting inaccuracies in your personal information held by the hospital.
Access to personal health information, such as in a patient’s medical chart, is not available under FIPPA. The Personal Health Information Protection Act (PHIPA) applies to a patient’s medical information and the hospital protects medical information in accordance with PHIPA. You are able to access or correct your personal health information through Health Records.
Any person, organization or company can make a request for access to records. A person includes individuals and organizations such as corporations, partnerships and sole proprietorships. The right of access is not limited by citizenship or place of residence. There may be situations where one person represents another individual based on consent or through power conferred on an individual by FIPPA or another Act. (Subsection 10(1) and Section 66).
St. Joseph’s is permitted to ask for the purpose of a request if this will assist in identifying the specific records that the requestor is looking for. However, the requestor has no obligation to provide reasons.
If I make a request for information or contact the organization about a privacy breach, is my identity protected?
Yes. If you make a request for information or contact an organization about a privacy breach, your identity must not be disclosed to individuals outside of that organization without your consent. Within the organization, your identity may only be disclosed to employees who need the information to perform the duties of their job, and that disclosure must be necessary and proper to carry out the organization’s functions.
No. The purpose of a freedom of information (FOI) request is irrelevant. The requester has a right of access under FIPPA and the purpose of their exercise of that right cannot be used to deny access.
You will receive a written response to your FOI request within 30 days after the form and fee are received.
The organization must provide a notice in writing to the requestor if your request for information is denied. Requestors do have a right to appeal a decision to the Information and Privacy Commissioner, Ontario. The IPC’s website provides more information on how to make an appeal.