In this section

Privacy Policy

X-Ray Associates Privacy Policy

Protecting your privacy

X-Ray Associates complies with the following privacy laws:

  • Freedom of Information and Protection of Privacy Act (FIPPA)
  • Personal Health Information Protection Act (PHIPA)
  • Personal Information Protection and Electronic Documents Act (PIPEDA)

Freedom of Information and Protection of Privacy Act (FIPPA)

The Freedom of Information and Protection of Privacy Act (FIPPA) is an Ontario Statute that was enacted in 1990 and covers government institutions, universities, among other public institutions.

FIPPA is a statute with two Principles:

  1. Access to Information - Provides public a right of access to health records subject to limited exemptions; and
  2. Privacy - to protect the privacy of the individuals with regards to their personal information and to provide a right of access to their personal information held by the healthcare institute.

Personal Health Information Protection Act (PHIPA)

The Act applies to personal health information that is collected, used or disclosed by custodians. Personal health information includes oral or written information about the individual, if the information:

  • relates to the individual's physical or mental health, including family health history;
  • relates to the provision of health care, including the identification of persons providing care;
  • is a plan of service for individuals requiring long-term care;
  • relates to payment or eligibility for health care;
  • relates to the donation of body parts or bodily substances or is derived from the testing or examination of such parts or substances;
  • is the individual's health number; or
  • identifies an individual's substitute decision-maker

Personal Information Protection and Electronic Documents Act (PIPEDA)

"Personal Information", as specified in PIPEDA, is as follows: information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization.

The law gives individuals the right to:

  • know why an organization collects, uses or discloses their personal information;
  • expect an organization to collect, use or disclose their personal information reasonably and appropriately, and not use the information for any purpose other than that to which they have consented;
  • know who in the organization is responsible for protecting their personal information;
  • expect an organization to protect their personal information by taking appropriate security measures;
  • expect the personal information an organization holds about them to be accurate, complete and up-to-date;
  • obtain access to their personal information and ask for corrections if necessary; and
  • complain about how an organization handles their personal information if they feel their privacy rights have not been respected.

The law requires organizations to:

  • obtain consent when they collect, use or disclose their personal information;
  • supply an individual with a product or a service even if they refuse consent for the collection, use or disclosure of your personal information unless that information is essential to the transaction;
  • collect information by fair and lawful means; and
  • have personal information policies that are clear, understandable and readily available.
  • Depending on the sensitivity of the personal information, your consent may be express, implied or deemed. Express consent can be given orally, electronically or in writing. Implied consent is consent that can reasonably be inferred from your action or inaction. For example, when you accept our services, we will assume your consent to the collection, use and disclosure of your personal information for purposes related to your acceptance and use of those products or services, or for other purposes identified to you at the relevant time. Deemed consent is consent we assume in the event that you do not exercise an opt-out mechanism offered to you.
Note: If there is any inconsistency between the Acts stated above, PHIPA will be taken as the deciding factor.

What information does X-Ray Associates collect?

X-Ray Associates collects both personal and health information. Your name, date of birth, address and Health Card Number are examples of personal information.

Why does X-Ray Associates need this information?

The information we collect from you is used:

  • To provide you with quality health care and follow-up care in the community. We need your information to make sure we can make the appropriate diagnosis and provide treatment.
  • To comply with the law, e.g.:
  • The law requires healthcare institutes to disclose your personal health information if there is a legal investigation.
  • We will only collect, use or disclose your personal health information outside your circle of care with your express consent or in accordance with PHIPA. X-Ray Associates provides a more detailed outline to its clients about what type of personal health information will be collected as part of providing health care services to you.

How does X-Ray Associates protect my information?

A few of the ways that we strive to protect both your personal information and your personal health information are by:

  • Educating our staff, physicians, volunteers and students on the importance of respecting your privacy rights and about their obligations to maintain confidentiality.
  • Applying additional security measures to all electronic health records; e.g., user- specific log in names and passwords, encryption requirements, firewall and antivirus software.
  • All of your medical images are stored at a secure facility that requires strict biometric identification to access the facility. Only authorized staff members have access to this facility. We do not store or transfer Information outside Ontario.

Does X-Ray Associates share my information with anyone?

We share some or all of your information with:

  • Health care providers at other hospitals, nursing homes or other health care agencies who need information for ongoing care in the community.
  • Agencies that fund X-Ray Associates, e.g. OHIP, extended health insurance companies, Workplace Safety and Insurance Board, Ministry of Health.
  • Other agencies to whom we are required by law to provide information, e.g. for public health surveillance.
  • As part of the Diagnostic Imaging repository (DI-r), we also share your images with all the hospitals in our Local Health Integration Network (LHIN) that includes 98 healthcare organizations in the following Ontario regions: North York, York region and South Simcoe and Northern York region. The goal of eHealth Ontario is to eventually have all of Ontario to be connected to a common repository in order to better serve your healthcare needs.

What health or information systems do we share and with whom?

X-Ray Associates shares the following systems with the hospitals listed for each system:

  • Picture Archive Communication System (PACS)
    • PACS is the system that collects demographic information about you, physicians' orders for the diagnostic (medical) images, (x-rays, ultrasound, mammography, etc), the diagnostic images, and the reports of the findings. Only those staff and affiliates who require this type of information have access to PACS, e.g. Physicians, Nurses, Radiology Technicians.
  • Digital Imaging Repository (DI-r)
    • A DI-r is a system that collects a copy of the diagnostic images, demographic information, physician orders for the tests as well as the reports of the findings from each of the PAC systems from the partnered organizations. Only those staff and affiliates who require this type of information have access to PACS, e.g. Physicians, Nurses, Radiology Technicians. A complete list of the hospitals that we are connected can be found by going to the following website: .

Will X-Ray Associates disclose my health information to outside companies or to my employer?

Unless the disclosure is permitted or required by law, X-Ray Associates requires your written permission or a court order to disclose health information to any organization or person not directly involved with the provision of your care.

Where is my health information stored and for how long?

All of your medical images are stored at a secure facility that requires biometric identification to access the facility. Only authorized staff members have access to this facility. X-Ray Associates is legally required to keep a patient's health record for at least 10 years past the date of the last admission. There are situations, e.g. health records of children, where X-Ray Associates is required to keep a record longer.

How do I access or request a copy of my health information?

You have the right to access your personal health record and X-Ray Associates has an obligation to make it available to you with limited exceptions.

What if some of the information in my health record is incorrect?

X-Ray Associates only use the information that is on your OHIP card. If this information is incorrect, i.e. incorrect spelling of your name, or date of birth, please contact service Ontario to take the necessary steps to correct your information.

Can my family see my health information?

Although you have the right to access your health record, this right does not automatically extend to family members and/or friends. If you provide written authorization for a friend or family member to see your record, then the friend/family member may access the part(s) that you have consented to let them see.

What if I am unable to give consent to release my health information?

Like consenting to treatment, if you are unable to give consent for access, use and/or disclosure of your health information, the consent decision falls to the appointed substitute decision maker, such as a spouse, parent or guardian.

Will my family and friends be able to call in to get information about me over the phone?

We do not provide information over the phone because we have no way to verify who is calling and what their relationship is to you.

Can all staff access my health information?

The only persons whom X-Ray Associates authorizes to access a patient record are the staff and radiologists involved in a patient's care, or staff who need information from a patient record to conduct the business of X-Ray Associates, e.g., the Finance department staff that sends a bill to OHIP. All staff are bound by X-Ray Associates' policies and practices related to privacy and confidentiality. These policies aim to ensure that staff only access information on a need-to-know basis. Regulated Health Professionals are also bound by privacy and confidentiality requirements from their professional associations.

I have noticed that many areas of the clinic are open and I can sometimes overhear staff talking to patients and family about health information. Is this not a breach of patient privacy?

Despite the pressures of an acute-care clinic setting, staff makes every effort to discuss health information privately.

Can my family physician access my health information?

X-Ray Associates sends information to your family physician that is listed in your requisition. We will provide additional information to your family physician if requested and unless you tell us otherwise.

What if I have concerns about my privacy?

Please direct your questions and /or concerns to our privacy policy administrator:
Lori Myers
X-Ray Associates
955 Major Mackenzie Drive, W Vaughan, ON. L6A 4P9
Telephone: (289) 553-5040 | Fax: (289) 553-5042 | E-mail: .