Frequently Asked Questions


Frequently Asked Questions

What is personal health information?

Personal health information refers to identifying information about an individual in oral or recorded form, if the information,

  • relates to the physical or mental health of the individual, including information that consists of the health history of the individual’s family,
  • relates to the providing of health care to the individual, including the identification of a person as a provider of health care to the individual,
  • relates to payments or eligibility for health care, or eligibility for coverage for health care, in respect of the individual,is a plan of service for the individual,
  • relates to the donation by the individual of any body part or bodily substance of the individual or is derived from the testing or examination of any such body part or bodily substance,
  • is the individual’s health number, or
  • identifies an individual’s substitute decision-maker.

What is identifying information?

Personal health information refers to identifying information about an individual in oral or recorded form, if the information,

What is the Personal Health Information Protection Act, 2004?

The Personal Health Information Protection Act (PHIPA) is Ontario’s health specific privacy legislation which came into force on November 1, 2004. PHIPA governs the way personal health information may be collected, used and disclosed within the health sector. It regulates health information custodians, as well as individuals and organizations that receive personal health information from custodians.

PHIPA creates a consistent approach to protecting personal health information across the health sector. The legislation was designed to give individuals greater control over how their personal health information is collected, used or disclosed. PHIPA balances the privacy rights of individuals with the legitimate need of custodians to collect, use and disclose personal health information in order to deliver effective and timely health care and to plan and manage our publicly funded health system.

How does VHA develop and maintain its privacy practices?

VHA has appointed a Privacy Officer who is responsible for developing policies and procedures on privacy matters, training all VHA Staff regarding privacy, receiving questions on privacy matters, conducting regular audits of VHA’s compliance with legislative requirements, such as PHIPA, and overseeing compliance within the organization of VHA’s general policies and procedures related to privacy.

How do I access my personal health information at VHA?

If you want to access your personal health information, you should speak with your service provider about any information that you want to know and they can assist you on how to get access to your health information. ​

If you want to get a copy of your health records, you will be referred to VHA’s Health Records department to view or obtain copies of your health record. The Health Records department will ask you to provide certain information and/or complete certain forms in order for you to access your chart(s). There is no fee to access your health records through the Health Records department.

Can members of my family see my personal health information?

Members of your family can only see your personal health information with your consent or if they are an appointed Substitute Decision Maker (SDM).

What if I am unable to give consent?

Under PHIPA, Individuals are deemed capable of consent if they are able to understand information relevant to deciding whether to consent to the collection, use or disclosure of their personal health information, and to appreciate the reasonably foreseeable consequences of giving, not giving, withholding or withdrawing their consent.

If you are unable to give consent due to reasons of competency or consciousness, the consent decision falls to the appointed substitute decision maker, such as a parent, guardian or power of attorney. This person is bound by law to act on your behalf and must make decisions based on their belief of what you would wish to be done if you were able to decide.

What if there is a breach of my privacy?

VHA has a privacy breach protocol that is followed in the event of an actual or suspected breach.


VHA Staff are responsible for promptly reporting suspected or actual privacy breaches to the Privacy Officer so that the situation can be appropriately investigated, addressed and handled in accordance with the breach protocol.


VHA takes every report seriously and will investigate each report to identify the facts and, where necessary, effect improvements to its practices and procedures.


VHA’s privacy breach protocol includes:

  1. reporting actual or suspected breach
  2. identifying scope of breach
  3. containment of breach
  4. notification to affected individuals and applicable regulatory bodies

How is my health information protected?

There are 3 components to protecting personal health information at VHA:

  • Administrative Safeguards: VHA has policies that govern the way all VHA care providers and employees manage personal information, for example, VHA’s Personal Information Privacy Policy, Privacy Breach Policy and Information Security Policy. In addition, all VHA employees receive annual Privacy training and sign a privacy commitment as a condition of employment.
  • Physical Safeguards: VHA has a number of physical safeguards to ensure protection of personal health information, which range from locked filing cabinets to staff wearing photo identification to identify themselves as VHA employees.
  • Technical Safeguards: VHA’s IT department upgrades the security capabilities of the information system on an ongoing basis. All system access requires passwords and authentication to protect access and to maintain a record of who has accessed the information. Access rights to VHA staff are given based on their role and their need to access information to complete the functions of their role.

How do I initiate a complaint if I feel that my rights have been violated?

If you believe that your privacy rights have been violated, you have the right to submit a written complaint to VHA’s Privacy Office. All privacy complaints will be treated in a confidential manner.
You may also submit a written complaint to the Information Privacy Commissioner of Ontario at:
Information and Privacy
Commissioner / Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario
Canada M4W 1A8

How do I contact the VHA Privacy Officer?

VHA’s Privacy Officer may be reached
by phone: 416-489-2500 ext. 8782
by fax: :416-644-1829
In person:30 Soudan Ave, Suite 600 Toronto ON M4S 1V6

What is the difference between express and implied consent?

Express consent to the collection, use or disclosure of personal health information is consent that has been clearly and unmistakably given. Express consent may be explicitly provided, either orally or in writing.


Implied consent to the collection, use or disclosure of personal health information is consent that can be concluded based on an individual’s action or inaction in the circumstances. For example, when an individual discloses their personal health information for the purpose of receiving care, the service provider can reasonably infer the individual has given consent to the collection of that information.

How do I withdraw my consent?

You can withdraw your consent at any time by notifying your service provider and/or VHA’s Privacy Officer that you wish to withdraw your consent. The withdrawal of consent to collect, use or disclose your personal health information may impact our ability to serve you.