Your Privacy and Data

The Ottawa Hospital commitment

On November 1, 2004, the Personal Health Information Protection Act (PHIPA) became law. PHIPA is Ontario’s health-specific privacy legislation. It governs the way personal health information may be collected, used and disclosed within the health-care system. It also confirms a patient’s right to access their own personal health information. 

At The Ottawa Hospital, we are committed to protecting the privacy of our patients and the confidentiality and security of all personal health information entrusted to us by our patients. Your personal health information will only be used in compliance with The Ottawa Hospital’s Privacy Policy

Download the Patient Privacy Information Booklet.

Patient Privacy: Ours to Protect(145.25 KB)

The Ottawa Hospital and its health-care partners now use Epic’s health information system. We collect and share your personal health information with other partners so that you get the best care possible, no matter where you get it within our partner network. We will do so safely, using privacy and security controls to help keep your personal health information safe, meet health-care best practices and keep your care as a top priority.

Personal health information includes any identifiable information about your health or health-care history. It can include things like your medical history, details of visits to your doctor, test results or your health number.

We use a variety of technical and administrative privacy safeguards, such as confidentiality agreements to protect your personal health information. We also track all access to your personal health information.

All staff are trained to protect patient privacy. Staff are only allowed to access the information they need to give or support your care. This is required by law and by hospital policies.

Your personal health information resides in Ontario, unless explicitly told to you otherwise, such as when limited information is stored in the United States for our AI Scribe.

See the Safeguards section and the FAQs for more information.

Under Ontario’s Personal Health Information Protection Act, hospitals are allowed to use and disclose personal health information for purposes such as providing health care and planning the services patients receive.

Through Epic, we can digitally share health information with the other partner hospitals in real time. When you visit one of the hospital partners, your care provider will have up-to-date information about your health. You only have to tell your health story once, and your care provider has all of the information they need to help you make the best decisions for your care. 

Yes. You can limit access to your personal health information for health-care purposes by asking for a consent directive, also known as a "lockbox". There are several kinds of consent directives. You can lockbox your entire record, a specific visit, or a staff member at one of the hospital partners from seeing your record. If you want to add a consent directive, contact the Health Records Department where you normally receive care for more information.

Please note, there are some risks for you to consider when adding a Consent Directive to your record. These risks include:

  1. Your health-care team may be prevented from accessing your relevant health information, which may result in a delay in your care.  
  2. Your clinician may not have current or accurate information required to safely provide you with care and in some cases may be unable to offer you treatment.
  3. Staff may need to contact you at inconvenient times, to obtain express consent to access your HIS.
  4. You may receive multiple calls from different staff in the hospital who are involved in your care.

You may reduce these risks by considering a request for the Consent Directive to apply only to specific individuals or records rather than to your entire chart. 

Through MyChart, Epic’s patient portal, you can view your personal health information online, at any time, anywhere. In MyChart you can view test results when they are ready, see future appointments and review other health information. To learn more about MyChart, visit the MyChart page or contact the Health Records Department. You may also get a copy of your chart by contacting the Health Records Department. To correct something in your health record, talk to your health-care provider at your next visit or contact the Health Records Department for more information. 

Read More FAQs

The Ottawa Hospital uses a variety of technical and administrative privacy safeguards to protect your personal health information. We also track all user accesses to your personal health information through Epic, the electronic health record system. Our staff is trained to protect patient privacy. Legislation and hospital policies require staff to only access the information they need to give or support your care.

You have the right to withdraw consent for users to access your personal health information at The Ottawa Hospital.  You can do so by placing a consent directive on your information (sometimes referred to as a “lockbox”).

A consent directive is a privacy control that may help to increase peace of mind regarding your personal health information. However, it may also impact care if a health-care provider is not able to see your entire health record. Please discuss with your care team the benefits and risks of placing a consent directive or “lockbox” on your health record.

Some risks to consider when adding a consent directive:

  1. Your health-care team may be prevented from accessing your relevant health information, which may result in a delay in your care.
  2. Your clinician may not have current or accurate information required to safely provide you with care and in some cases may be unable to offer you treatment.
  3. Staff may need to contact you at inconvenient times, to obtain express consent to access your health information system (HIS).
  4. You may receive multiple calls from different staff in the hospital who are involved in your care.

You may reduce these risks by considering a request for the consent directive to apply only to specific individuals or records rather than to your entire health record.

Please be aware that if you choose to grant an individual access to your health record by providing them with your consent, the system will recognize your consent for a period of seven days for that individual. This timeframe is designed to minimize repeated consent requests during your admission or visit, helping to avoid delays in care that could pose risks to you or other patients.

If you would prefer that the individual seek your consent each time before accessing your health record, please communicate this preference directly to that individual before providing them with your consent. This will ensure they understand and respect your wishes.

The Ottawa Hospital and its partners use the Epic digital health network to provide better health-care and privacy protection to our patients. Epic has three different levels of additional privacy controls that can be applied to your health record.

  • Patient Level: This level applies to all staff members for the patient’s entire health record.
  • User Level: This level applies to a specific staff member(s) for the patient’s entire health record.
  • Encounter Level: This level applies to all staff for a specific hospital visit or encounter.

Every time a staff member attempts to access a patient’s health record with a consent directive, that staff member must confirm they have the patient’s express consent to do so.  They must also note the purpose for which they are accessing the health record.

Icon Footnote

Please note: The Ottawa Hospital cannot completely restrict access to your personal health information. There are specific situations which still allow for access without patient consent, including a risk of serious bodily harm to the patient or another person, billing, error management and investigating incidents and complaints. The hospital’s Information and Privacy Office regularly audits user accesses to patients’ health records to ensure they are authorized accesses.

To request a consent directive, please fill out the Consent Directive Request Form and return it to the  Health Records Department at one of The Ottawa Hospital campuses.

If you are sending your request by mail or by fax, you must include a photocopy of one piece of valid government-issued photo identification such as a driver’s licence. The Information and Privacy Office (IPO) will send you confirmation in writing once your consent directive has been put in place.

Remember that you can request to remove or change your consent directive at any time.

If you would like more information on the consent directive process, please contact the Information and Privacy Office at 613-739-6668.  All inquiries will be kept strictly confidential.

For information about withdrawing consent to your provincial health-care records

eHealth Ontario

1-866-250-1554

Service Ontario

1-866-250-1554

Contact us

The Ottawa Hospital Information and Privacy Office

613-739-6668

613-761-4740

infoprivacyoffice@toh.ca

The Ottawa Hospital – Civic Campus
Box 656 
1053 Carling Avenue 
Ottawa, ON  K1Y 4E9

If you wish to make a complaint about The Ottawa Hospital privacy practices, please contact

Information and Privacy Commissioner of Ontario

416-326-3333
1-800-387-0073

2 Bloor Street East, Suite 1400
Toronto, ON  M4W 1A8

www.ipc.on.ca