- Guidance for Organizations
-
Access to information
- Open government
- Responding to access requests
- Appeals
- Annual Statistical Reporting FAQ
- Interpretation bulletins
- Tribunal and Dispute Resolution Division policies
- Code of Procedure
- Part X of the Child, Youth and Family Services Act: A Guide to Access and Privacy for Service Providers
- CYFSA FAQ: Information for service providers
- Protection of privacy
- Health privacy
- Policy Consultations
Use
What is considered a use of personal health information under PHIPA?
The term “use” is defined under PHIPA as meaning to view, handle or otherwise deal with personal health information, but does not include the disclosure of the information. Where you are authorized to use the information, you may also provide it to an agent to use it for the same reason, on your behalf. The sharing of information between you and your agent is considered to be a use and not a disclosure or a collection.
What are the rules regarding the use of personal health information?
You need consent to use an individual’s personal health information, unless PHIPA allows you to use it without consent. You may not use personal health information if other information will serve the purpose of the use and you may only use as much personal health information as is necessary to meet the purpose of the use.
For more information about the requirements for a valid consent to use personal health information, please see our section on Consent and Your Personal Health Information and our guidance document, Frequently Asked Questions: Personal Health Information Protection Act.
When using an individual’s personal health information, you must take reasonable steps to ensure that the individual’s personal health information is as accurate, complete and up-to-date as necessary for the purpose of the use.
When can personal health information be used without consent?
Under PHIPA, you can use personal health information without consent in some circumstances, such as:
- for a purpose for which another person was permitted or required by law to disclose it to the custodian;
- for planning or delivering programs or services;
- for risk management, error management or activities to improve or maintain the quality of care or any related program or service;
- for educating agents to provide health care;
- for obtaining payment or processing, monitoring, verifying or reimbursing health care claims;
- for research, provided that specific requirements and conditions are met;
- if permitted or required by law; and
- for a purpose for which the information was collected or created and for all the functions reasonably necessary for carrying out that purpose, subject to exceptions.
If you are permitted to use personal health information without consent for any purpose, you may provide it to your agent for that purpose.