Hospital  >  Patients & Visitors  >  Privacy & confidentiality  >  Privacy Principles

Privacy Principles

Our Privacy Policy is based on international standards for privacy protection developed by the Canadian Standards Association and adopted as the basis for Canadian privacy statutes and regulations.

Below are the ten principles as they apply to Sunnybrook under Ontario’s Personal Health Information Protection Act (PHIPA):

  1. Accountability
    Sunnybrook is a health information custodian responsible for the collection, use and disclosure of personal health information in our custody or control, and have designated a Chief Privacy Officer (CPO) as the contact person who is accountable for our compliance with Sunnybrook’s Privacy Policy
  2. Identifying purposes for collecting personal information
    Sunnybrook will identify the purposes for which personal information is collected at or before the time the information is collected.
  3. Consent for collection, use, and disclosure of personal information
    The knowledge and consent of the individual, or person authorized to consent on behalf of the individual, are required for the collection, use or disclosure of personal health information, except where otherwise required by law.
  4. Limiting collection of personal information
    Sunnybrook will limit the collection of personal information to that which is necessary for the authorized purposes identified. Information will be collected by fair and lawful means.
  5. Limiting use, disclosure, and retention of personal information
    Personal information will not be used or disclosed by Sunnybrook for purposes other than those for which it was collected. Personal information will be retained by Sunnybrook only as long as necessary for the fulfillment of those purposes.
  6. Accuracy of personal information
    Personal information will be maintained by Sunnybrook as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
  7. Ensuring safeguards for personal information
    Personal information will be protected by Sunnybrook by security safeguards appropriate to the nature and format of the information being stored.
  8. Openness about privacy policy
    Sunnybrook will make readily available to individuals specific information about our policies and practices relating to the management of personal information.
  9. Individual access to personal information
    Except as may be permitted or restricted by law, upon written request by the individual or substitute decision maker of that individual, an individual will be informed of the existence, use and disclosure of his or her personal information in the custody or control of Sunnybrook and will be given access to that information. An individual will be able to challenge the accuracy and completeness of the information and may request to have it amended by Sunnybrook.
  10. Challenging compliance with the privacy policy
    An individual will be able to address a challenge or complaint concerning Sunnybrook’s compliance with the above principles to Sunnybrook’s Chief Privacy Officer or to the applicable Information and Privacy Commissioner.