Patient Information

Quick Links

On the right under “Quick Links”, we have included a number of subjects that we believe you will find useful.
We will continue to add more to the Patient Information section as areas of interest are identified.

Main Patient Information Links

Service Fees
Health Cards
Appointment Information
Test Results
Prescriptions/Referrals
WSIB Information

Zero Tolerance Policy

We are committed to providing a safe, secure, and respectful environment for all patients and staff. Words or actions that make others feel threatened will not be tolerated and decisive action will be taken to protect patients and staff.

Disruptive Behaviour

Grimsby Medical Associates considers the use of inappropriate words, actions, or inactions as disruptive behaviour.

Inappropriate Actions/Inactions:

  • Violence (exercise or attempt of physical force)
  • Intimidation
  • Throwing or damaging property or breaking things

Inappropriate Words (in person, by phone or any other means of communication):

  • Abusive language
  • Disrespectful, demeaning, or abusive language/comments
  • Remarks, jokes, or innuendos that demean, ridicule or offend
  • Discriminatory remarks
  • Threats or threatening behaviour
  • Bullying

Immediate action will be taken when the incidents described above occur.

Privacy Policy 

Bill 119, Personal Health Information Protection Act (PHIPA) Policy

Intent

This policy is intended to ensure that Medical Associates maintains compliance with changes to Ontario’s Personal Health Information Protection Act, 2004 (PHIPA) resulting from Bill 119, Health Information Protection Act, 2016, by establishing guidelines for the collection, use, and disclosure of personal health information of patients of Medical Associates.

Definitions

Collect – In relation to personal health information, means to gather, acquire, receive, or obtain the information by any means from any source.

Consent directive – An individual makes a consent directive when they withhold or withdraw, in whole or in part, their consent to the collection, use, and disclosure of their personal health information by means of the electronic health record by a health information custodian for the purposes of providing or assisting in the provision of health care to the individual.

Disclose – In relation to personal health information in the custody or under the control of a health information custodian or a person, means to make the information available or to release it to another health information custodian or to another person, but does not include the use of the information.

Electronic health records – The electronic systems that are developed and maintained by the organization for the purpose of enabling health information custodians to collect, use, and disclose personal health information.

Health information custodian – A person or organization who has custody or control of personal health information as a result of or in connection with performing the person’s or organization’s powers or duties or the work, if any. This includes a health care practitioner or a person who operates a group practice of health care practitioners, and a person who operates a centre, program, or service for community health or mental health whose primary purpose is the provision of health care.

Use – In relation to personal health information in the custody or under the control of a health information custodian or a person, means to view, handle, or otherwise deal with the information, but does not include to disclose the information, and “use,” as a noun, has a corresponding meaning.

Guidelines

Policies and Procedures

Medical Associates will have in place and comply with practices and procedures:

  • That protect the privacy of the individuals whose personal health information it receives, collects, uses, and discloses, and will maintain the confidentiality of the information; and
  • That are approved by the Information and Privacy Commissioner (the Commissioner).

Electronic Health Records

Medical Associates has the power and the duty to develop and maintain electronic health records in accordance with PHIPA and the regulations made under the Act. The following guidelines have been implemented in order to ensure compliance with applicable legislation.

When dealing with electronic health records, Medical Associates will:

  • Manage and integrate personal health information it receives from health information custodians.
  • Ensure the proper functioning of the electronic health record by servicing the electronic systems that support the electronic health record.
  • Ensure the accuracy and quality of the personal health information by conducting data quality assurance activities on the personal health information it receives from health information custodians.
  • Conduct analyses of the personal health information in order to provide alerts and reminders to health information custodians for their use in the provision of health care.
  • Take reasonable steps to limit the personal health information Medical Associates receives to that which is reasonably necessary for developing and maintaining the electronic health record.
  • Prevent employees or any other person acting on behalf of Medical Associates to view, handle, or otherwise deal with the personal health information received from health information custodians, unless the employee or person acting on behalf of Medical Associates agrees to comply with all applicable restrictions.
  • Make available to the public and to each health information custodian that provides personal health information to Medical Associates:
  • A plain language description of the electronic health record, including all safeguards in place to:
  • Protect against theft, loss, and unauthorized collection, use, or disclosure of the personal health information;
  • Protect the personal health information against unauthorized copying, modification, or disposal; and
  • Protect the integrity, security, and confidentiality of the personal health information; and
  • Any organizational directives, guidelines, and policies that apply to the personal health information, to the extent that these do not reveal a trade secret or confidential scientific, technical, commercial, or labour relations information.
  • Ensure that any third party Medical Associates retains to assist with providing services for developing or maintaining the electronic health record agrees to comply with the restrictions and conditions that are necessary to enable Medical Associates to comply with all of the requirements provided in PHIPA.

Recordkeeping

In order to meet its recordkeeping requirements under PHIPA, Medical Associates will:

  • Keep an electronic record of all instances where all or part of the personal health information that is accessible by means of the electronic health record is viewed, handled, or otherwise dealt with, and ensure that the record identifies the information required by section 55.3.4 of PHIPA.
  • Keep an electronic record of all instances where a consent directive is made, withdrawn, or modified, and ensure that the record contains the information specified in section 55.3.5 of PHIPA.
  • Keep an electronic record of all instances where all or part of the personal health information that is accessible by means of the electronic health record is disclosed with the express consent of the individual and ensure that the record identifies the information required by section 55.3.6 of PHIPA.
  • Audit and monitor the electronic records that it is required to keep.
  • Provide electronic records to the Commissioner upon request as required by PHIPA.
  • Provide the records required by a health information custodian to audit and monitor its compliance with PHIPA, upon the health information custodian’s request.

Assessment of Threats, Vulnerabilities, and Risks and Response to Breaches

In response to threats, vulnerabilities, and risks, and in response to breaches of security features designed to protect the electronic health record, Medical Associates will:

  • Perform, for each system that retrieves, processes, or integrates personal health information that is accessible by means of the electronic health record, an assessment with respect to: threats, vulnerabilities, and risks to the security and integrity of the personal health information; and how each of those systems may affect the privacy of the individuals to whom the information relates.
  • Make available to each health information custodian who provided personal health information to Medical Associates a written copy of the results of any assessments carried out that relate to the personal health information the custodian provided, and make available to the public a summary of the results of the assessments that were completed.

Notification of Loss, Theft, or Unauthorized Use or Disclosure

Medical Associates will:

  • Notify, at the first reasonable opportunity, each health information custodian who provided personal health information to Medical Associates if the personal health information that the health information custodian provided is stolen or lost or if it is collected, used, or disclosed without authority.
  • Notify the Commissioner, in writing, immediately after becoming aware that personal health information that is accessible by means of the electronic health record:
  • Has been viewed, handled, or otherwise dealt with by the prescribed organization or a third party retained by the prescribed organization, other than in accordance with the Act or its regulations; or
  • Has been made available or released by the prescribed organization or a third party retained by the prescribed organization, other than in accordance with the Act or its regulations.

Reporting to the Commissioner

  • Medical Associates will submit a notice to the Commissioner if the circumstances surrounding a theft, loss, or unauthorized use or disclosure of personal health information meet the prescribed requirements as defined in O. Reg. 329/04, section 6.3.
  • All notices to the Commissioner outlined above will contain the information as required by legislation.
  • Medical Associates will submit to the Commissioner, at least annually, a report in the form and manner specified by the Commissioner, and based on or containing any information, other than personal health information, that is kept in the electronic health record that the Commissioner may specify, respecting every instance in which personal health information was disclosed under section 55.7 of PHIPA since the time of the last report.
  • Every year no later than March 1, beginning in 2019, Medical Associates will submit a report to the Commissioner outlining the number of times in the previous calendar year that personal health information in Medical Associates’s custody was stolen, lost, used without authority, or disclosed without authority.

Consent Directives

Regarding consent directives, Medical Associates will:

  • Comply with the practices and procedures prescribed in the regulations when managing consent directives.
  • Have in place and comply with practices and procedures that have been approved by the Minister for responding to or facilitating a response to a request made by an individual in respect of the individual’s record of personal health information that is accessible by means of the electronic health record.
  • Ensure that health information custodians only collect personal health information under the circumstances defined in subsection 55.7(1), (2), or (3) where personal health information that is accessible by means of the electronic health record is subject to a consent directive made by an individual under subsection 55.6(1).
  • Allow an individual at any time to make a directive that withholds or withdraws, in whole or in part, that individual’s consent to the collection, use, and disclosure of his or her personal health information by means of the electronic health record by a health information custodian for the purposes of providing or assisting in the provision of health care to the individual.
  • Offer assistance to the person in reformulating the directive if the directive does not contain sufficient detail to enable the prescribed organization to implement the directive with reasonable efforts.
  • Notify a health information custodian who seeks to collect personal health information that is subject to a consent directive that an individual has made a directive, and shall ensure that no personal health information that is subject to the directive is provided.
  • Audit and monitor every instance where personal health information is collected where a consent directive is in place.

Health information custodians working for Medical Associates may:

  • Disclose personal health information that is subject to a consent directive by means of the electronic health record if the custodian who is seeking to collect the information obtains the express consent of the individual to whom the information relates.

Collection, Use, and Disclosure by Custodians

A health information custodian shall not collect personal health information by means of the electronic health records of Medical Associates except for the purpose of:

  • Providing or assisting in the provision of health care to the individual to whom the information relates; or
  • Eliminating or reducing a significant risk of serious bodily harm to a person or group of persons, where the health information custodian believes on reasonable grounds that the collection is necessary for this purpose.

A health information custodian may:

  • Use or disclose the information for any purpose for which PHIPA permits or requires a custodian to use or disclose personal health information when providing or assisting in the provision of health care to the individual to whom the information relates.
  • A health information custodian who collects personal health information in order to eliminate or reduce a significant risk of serious bodily harm to a person or group of persons, where the health information custodian believes on reasonable grounds that the collection is necessary for this purpose, may only use or disclose the information for the purpose for which the information was collected.
  • A health information custodian may collect, use, and disclose prescribed data elements for the purpose of uniquely identifying an individual in order to collect personal health information.
  • If a health information custodian requests that Medical Associates transmit personal health information to the custodian by means of the electronic health record and Medical Associates transmits the information as requested, the custodian shall comply with all obligations defined in PHIPA with respect to the transmitted information, regardless of whether the custodian has viewed, handled, or otherwise dealt with the information.

Subject to any exceptions or additional requirements as prescribed in legislation, and in addition to any notice that must be given in the case of an unauthorized use or disclosure, if personal health information about an individual is collected without authority by means of the electronic health record, the health information custodian who is responsible for the unauthorized collection must:

  • Notify the individual at the first reasonable opportunity of the unauthorized collection, and include in the notice a statement that the individual is entitled to make a complaint to the Commissioner; and
  • If the circumstances surrounding the unauthorized collection meet prescribed requirements, notify the Commissioner of the unauthorized collection.

Protection from Liability for Health Information Custodian

A health information custodian working for or with Medical Associates who, acting in good faith, provides personal health information to Medical Associates by means of the electronic health record is not liable for damages resulting from:

  • Any unauthorized viewing or handling of the provided information, or any unauthorized dealing with the provided information, by Medical Associates, its employees, or any other person acting on its behalf; or
  • Any unauthorized collection of the provided information by another health information custodian.

Collection, Use, and Disclosure of Personal Health Information by Health Information Custodians

Health information custodians are considered to be collecting, using, or disclosing personal health information in the following circumstances:

  • When viewing, handling, or otherwise dealing with all or part of an individual’s personal health information by means of the electronic health record and that information was provided to the custodian by another health information custodian, the custodian is considered to:
  • Be collecting the personal health information when the information is being viewed, handled, or otherwise dealt with for the first time; and
  • Be using the personal health information each subsequent time the information is viewed, handled, or otherwise dealt with.
  • Whenever a health information custodian views, handles, or otherwise deals with all or part of an individual’s personal health information by means of the electronic health record and that information was provided to Medical Associates by the custodian, the custodian is considered to be using the personal health information.
  • When a health information custodian provides health information to Medical Associates, the custodian is considered to be disclosing the information only when another health information custodian collects the information by means of the electronic health record.

Personal Health Information Excluding the Electronic Health Record

When a health information custodian provides personal health information to Medical Associates or another organization not involving the electronic health record:

  • The custodian is not considered to be disclosing the information to the other organization; and
  • The other organization is considered not to be collecting the information from the custodian.