Who we are

Our website address is: https://saintmartinhospital.com.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://saintmartinhospital.com/privacy-policy. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Policy Statement 

At Saint Martin Hospital privacy is governed by the Personal Health Information Protection Act (PHIPA), a law that establishes rules concerning the collection, use and disclosure of personal health information. As a health information custodian, Saint Martin Hospital and its agents (including staff, physicians, students and volunteers) are responsible for ensuring that the personal health information of our patients is treated with respect and sensitivity.

Accountability for Personal Health Information

Saint Martin Hospital is responsible for personal health information under its control in compliance with the Personal Health Information Protection Act (PHIPA), 2004.

Accountability for compliance of the Saint Martin Hospital with the policy rests with the President and Chief Executive Officer, although other individuals within Saint Martin Hospital are responsible for the day-to-day collection and processing of personal health information. In addition, other individuals within Saint Martin Hospital are delegated to act on behalf of the Chief Executive Officer, such as the designated privacy contact person, the Director of Patient Information. Saint Martin Hospital is responsible for personal health information in its possession or custody, including information that has been transferred to an agent of Saint Martin Hospital. Saint Martin Hospital will use contractual or other means to provide a comparable level of protection while the information is being processed by a third party. Saint Martin Hospital has implemented policies and practices to give effect to this policy, including:

  1. a) Procedures to protect personal health information.
  2. b) Signing of a Confidentiality Agreement by all agents of Saint Martin Hospital prior to commencement of employment or affiliation with Saint Martin Hospital.
  3. c) Procedures to receive and respond to complaints and inquiries about Saint Martin Hospital’s information practices.
  4. d) Orientating and training staff and communicating to staff and other agents on information about PHIPA policies and practices
  5. e) Responding to requests for access to, or corrections of, personal health information in the custody of Saint Martin Hospital.

In compliance with the Personal Health Information Protection Act, Saint Martin Hospital will inform patients of the loss, theft or inappropriate access of their personal health information as soon as reasonably possible.  Breaches of this policy and related privacy policies may be subject to disciplinary action. Saint Martin Hospital and its agents are also subject to the fines and penalties set out in the Personal Health Information Protection Act.

Identifying Purposes for the Collection of Personal Health Information

Saint Martin Hospital shall identify the purposes for which personal health information is collected.  This has been done by our Statement of Information Practices and is available to patients.  Permitted purposes are the delivery of direct patient care, the administration of the health care system, research, teaching, statistics, fundraising, and meeting legal and regulatory requirments as directed in the Personal Health Information Protection Act.

Identifying the purposes for which personal health information is collected at or before the time of collection allows Saint Martin Hospital to determine the information it needs to collect to fulfill these purposes.

The identified purposes are specified at or before the time of collection to the individual from whom the personal health information is collected. Depending upon the way in which the information is collected, this can be done verbally or in writing. A patient who presents for treatment is also giving implied consent for the use of his or her personal health information for authorized purposes.

Notices identifying the purposes for the collection of personal health information are readily available to patients. When personal health information that has been collected is to be used for a purpose not previously identified; the new purpose will be identified prior to use. Unless law requires the new purpose, the consent of the individual is required before information can be used for that purpose.

Persons collecting personal health information will be able to explain to individuals the purposes for which the information is being collected.                                                                                    

Consent for the Collection, Use & Disclosure of Personal Health Information

The knowledge and consent of the individual are required for the collection, use, or disclosure of personal health information, except where inappropriate.

Note: In certain circumstances, personal health information can be collected, used, or disclosed without the knowledge and consent of the individual. For example, legal, medical, or security reasons may make it impossible or impractical to seek consent. Seeking consent may be impossible or inappropriate, for example when the individual is seriously ill or mentally incapacitated. In these circumstances, consent of the individual’s substitute decision maker will be sought, where feasible.

Consent is required for the collection of personal health information and the subsequent use or disclosure of this information. Typically, Saint Martin Hospital will seek consent for the use or disclosure of the information at the time of collection. In certain circumstances, consent with respect to use or disclosure may be sought after the information has been collected but before use (for example, when Saint Martin Hospital wants to use information for a purpose not previously identified). Saint Martin Hospital will make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used. To make the consent meaningful, the purposes must be stated in such a manner that the individual can reasonably understand how the information will be used or disclosed. Saint Martin Hospital will not, as a condition of providing care, require an individual to consent to the collection, use, or disclosure of information beyond that required to fulfill the specified and legitimate purposes.  In obtaining consent, the reasonable expectations of the individual are also relevant. Saint Martin Hospital can assume that an individual’s request for treatment constitutes implied consent for specific purposes.  The way in which Saint Martin Hospital seeks consent may vary, depending on the circumstances and the type of information collected.

Individuals can give consent in many ways. For example:

  1. A form may be used to seek consent, collect information, and inform the individual of the use that will be made of the information. By completing and signing the form, the individual is giving consent to the collection and specified uses and/or disclosures.
  2. Consent may be given verbally or in writing at the time that individuals use a health service
  3. Consent may be given verbally when information is collected over the telephone.

In cases where express consent is required and it is provided verbally, this exchange is documented in the patient’s record of personal health information.

An individual may withdraw consent at any time, subject to legal restrictions and reasonable notice. Withdrawal of the consent will not have a retroactive effect. Saint Martin Hospital will inform the individual of the implications of such withdrawal.

Limiting Collection of Personal Health Information

The collection of personal health information will be limited to that which is necessary for the purposes identified by Saint Martin Hospital. Information will be collected by fair and lawful means. Saint Martin Hospital will not collect personal health information indiscriminately. Information collected will be limited to that which is necessary to fulfill the purposes identified.  This requirement implies that consent with respect to collection must not be obtained through deception.

Limiting Use, Disclosure & Retention of Personal Health Information

Personal health information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law.  Personal health information will be retained only as long as necessary for the fulfillment of those purposes. If using personal health information for a new purpose, Saint Martin Hospital will document this purpose. Personal health information that is no longer required to fulfill the identified purposes will be destroyed, erased, or made anonymous in accordance to applicable legislation.

Ensuring Accuracy of Personal Health Information

Saint Martin Hospital will take reasonable steps to ensure that information is as accurate, complete, and up to date as is necessary to minimize the possibility that inappropriate information may be used to make a decision about the individual. Limitations on the accuracy and completeness of personal health information disclosed will be clearly set out to the recipient where possible. When an individual successfully demonstrates the inaccuracy or incompleteness of personal health information; Saint Martin Hospital will amend the information as required. Depending upon the nature of the information challenged, amendment involves the correction, deletion, or addition of information. Where appropriate, the amended information will be transmitted to third parties having access to the information in question.

When a challenge is not resolved to the satisfaction of the individual, Saint Martin Hospital will record the substance of the unresolved challenge in the form of a letter from the patient stored in the patient’s medical record. When appropriate, the existence of the unresolved challenge will be transmitted to third parties having access to the information in question.                                    

Ensuring Safeguards for Personal Health Information

Security safeguards appropriate to the sensitivity of the information will protect personal health information.  Security safeguards are used to protect personal health information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. Saint Martin
Hospital protects personal health information regardless of the format in which it is held.  The nature of safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution, and format of the information, and the method of storage.

The methods of protection will include:

  1. physical measures, for example, locked filing cabinets and restricted access to offices
  2. organizational measures, for example, policies, training, limiting access on a “need-to-know” basis
  3. technological measures, for example, the use of passwords, secure computer networks, encryption, and audits

Saint Martin Hospital will make its employees aware of the importance of maintaining the confidentiality of personal health information. As a condition of employment, all new Saint Martin Hospital employees/agents (e.g., employee, clinician, allied health, volunteer, researcher, student, consultant, or contractor) must sign a Confidentiality Agreement with Saint Martin Hospital. All employees are required to review a Confidentiality Agreement on an annual basis. This safeguard may also be facilitated though contractual provisions. Personal health information being transported outside of NGH will be done so in a secure manner.
Care will be used in the disposal or destruction of personal health information, to prevent unauthorized parties from gaining access to the information.

Openness About Personal Health Information Policies & Practices

Saint Martin Hospital makes readily available to individuals specific information about its policies and practices relating to the management of personal health information. A written public statement is made available to the public. This notice:

  1. a) provides a general description of Saint Martin Hospital’s information practices
  2. b) describes how to contact the designated privacy person
  3. c) describes how an individual may obtain access to or request correction of a record of personal health information
  4. d) describes how an individual may make a complaint to Saint Martin Hospital or to the
    Information and Privacy Commissioner of Ontario

Saint Martin Hospital makes information on its policies and practices available in a variety of ways. For example, Saint Martin Hospital may choose to make brochures available, post signs, or provide online via its public web site.

Individual Access to Own Personal Health Information

Upon request, an individual will be informed of the existence, use, and disclosure of his or her personal health information and will be given access to that information. A written request may be required by Saint Martin Hospital to adequately identify you. An individual will be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Note: In certain situations, Saint Martin Hospital may not be able to provide access to all the personal health information it holds about an individual. Exceptions to the access requirement will be in accordance with the law. The reasons for denying access will be provided to the individual. Examples may include information that could reasonably be expected to result in a risk of serious harm or the information is subject to legal privilege.

Upon request, Saint Martin Hospital will inform an individual whether or not it holds personal health information about that individual. Saint Martin Hospital will seek to indicate the source of this information and will allow the individual access to this information. However, it may choose to make sensitive medical information available through a medical practitioner.

An individual will be required to provide sufficient information to permit Saint Martin Hospital to provide an account of the existence, use, and disclosure of personal health information. The information provided will only be used for this purpose. In providing an account of third parties to which it has disclosed personal health information about an individual, Saint Martin Hospital will attempt to be as specific as possible. When it is not possible to provide a list of the organizations to which it has actually disclosed information about an individual, Saint Martin Hospital will provide a list of the organizations to which it may have disclosed information.

Saint Martin Hospital will respond to an individual’s request within the period specified in the
Personal Health Information Protection Act, (30 days or with notice to the patient, 60 days for more complex requests) and at reasonable cost to the individual. Saint Martin Hospital uses the fee structure recommended by the Information and Privacy Commissioner of Ontario.

Challenging Compliance with Saint Martin Hospital’s Privacy Policies & Practices

An individual will be able to address a challenge concerning compliance with this policy. Saint Martin Hospital has procedures in place to receive and respond to complaints or inquiries about its policies and practices relating to the handling of personal health information. Saint Martin Hospital will inform individuals who make inquiries or lodge complaints of the existence of relevant complaint procedures. Saint Martin Hospital will investigate all complaints. If a complaint is found to be justified, Saint Martin Hospital will take appropriate measures, including, if necessary, amending its policies and practices.

Complaints can be directed to the Director of Patient Information at:

(437) 437-800-3301 extension 120

Or by e-mail to privacy@saintmartinhospital.com

Individuals may also make a complaint to the Ontario Information and Privacy Commissioner.

Definitions

Agent – A person that, with the authorization of Saint Martin Hospital, acts for or on behalf of the organization in respect of personal health information for the purposes of Saint Martin Hospital and not the agent’s own purposes, whether or not the agent has the authority to bind the custodian, whether or not the agent is employed by Saint Martin Hospital and whether or not the agent is being remunerated.  Examples of agents of Saint Martin Hospital include, but are not limited to: employees, volunteer, students, physicians, residents, consultants, researchers, vendors.

Health Information Custodian – Listed persons or organizations under the Personal Health Information Protection Act such as hospitals, who have custody or control of personal health information as a result of the work they do. As a public hospital, Saint Martin Hospital is considered to be a Health Information Custodian (Personal Health Information Protection Act, 2004, Schedule A).

Personal Health Information – Information about an individual whether living or deceased and whether in oral or recorded form. It is information that can identify an individual and that relates to matters such as the individuals physical or mental health, the providing of health care to the individual, payments or eligibility for health care in respect of the individual, the donation by the individual of a body part or bodily substance and the individuals health number. (Personal Health Information Protection Act, 2004, section 4.1)  Personal health information can be information about a physician or other care provider, a hospital staff person, a patient, or a patient’s family member. Examples of personal health information include a name, medical record number, health insurance number, address, telephone number, and personal health information related to a patient’s care such as blood type, X-rays, consultation notes, etc.

Record of Personal Health Information – The Personal Health Information Protection Act defines a record as personal health information in any form or in any medium whether in written, printed, photographic or electronic form or otherwise. Furthermore, any information in a health record under the custody or control of the Saint Martin Hospital Health Records Department, Saint Martin Hospital physician offices and departmental clinics (as per the Public Hospitals Act, Regulation 965, Sec. 20.3), includes, but is not limited to:

  • patient name, medical record number, health insurance number, address, telephone number
  • all the names of clinical staff involved in the patients care, films, slides, diagnoses, discharge summaries, progress notes, transcribed reports, orders, consents, electronic images and photographs
  • any information that has been scanned, the electronic copy (scanned version) is the official copy or source documentation for patient care and research purposes
  • any information and/or medical images in E-film or the Picture Archiving and Communication System (PACS)
  • any information in the Saint Martin Hospital Clinical Desktop, including information from other systems any information in other Saint Martin Hospital clinical systems that are integrated into the Saint Martin Hospital clinical desktop