Health Quality Ontario is an agency of the Ontario Ministry of Health and Long Term Care, and is subject to the Freedom of Information and Protection of Privacy Act (FIPPA). HQO has developed an enterprise-wide privacy program to support its compliance with the requirements of the Act and, more broadly, with recognized standards in management and safeguarding of personal information.
Accountability for privacy
The HQO Board of Directors has designated the Vice-President, Corporate Services as the Chief Privacy Officer (CPO). The CPO is accountable for ensuring that HQO complies with its privacy obligations under FIPPA, and also with the requirements of the HQO privacy policy and associated procedures. To this end, the CPO is accountable for developing and managing the HQO privacy program.
Consent
HQO will obtain knowledgeable consent from any individual from whom it collects personal information, meaning that HQO will inform an individual of its specific purposes for collection, use and disclosure of the individual’s personal information before collecting this information.
Each HQO program area determines the manner in which it will identify its purposes for collection, use and disclosure of personal information, following standards set out in HQO’s privacy procedures.
Each program area also determines whether it will rely on express or implied consent for the collection, use and disclosure of personal information.
HQO’s privacy program
The CPO has developed and implemented an enterprise-wide privacy program through which HQO has defined and will meet its privacy obligations.
The foundation of this program is HQO’s privacy policy, which defines the full scope of HQO’s commitments regarding the appropriate collection, use and disclosure of personal information. The CPO will make the privacy policy available to any individual or organization that requests it (requests can be submitted through the contact information provided at the end of this notice).
The CPO has developed and implemented the following measures to support HQO in meeting the requirements of its privacy policy:
-
Privacy and information management procedures to ensure that HQO employees appropriately limit their access to and use, disclosure and retention of personal information according to the purposes for which the information was collected by HQO
-
Privacy training and awareness for all new employees, with refresher privacy training provided on a periodic basis
-
Processes for identification and management of privacy risks
-
Privacy audit activities to determine whether HQO is in compliance with its privacy requirements as defined in legislation and its own policy
Safeguards
HQO has implemented information security safeguards to protect personal information in its custody from all unauthorized collection, use, disclosure, and retention, including but not limited to:
-
Access controls on HQO information management systems (electronic and hard copy) to ensure that access by employees to personal information has been appropriately limited
-
Data protection measures, including protection (e.g., encryption) of personal information when transmitted between HQO and third parties is required
-
Network protections, including firewalls, intrusion detection and prevention measures, and anti-malware protections
Contacting the Chief Privacy Officer
Individuals can contact the HQO CPO for the following purposes:
-
Submitting requests for access or correction to the individual’s records of personal information in the custody of HQO
-
Submitting an inquiry or complaint about HQO’s privacy program, privacy policy, and practices for management and safeguarding of personal information
The Chief Privacy Officer can be reached by emailing: privacy@hqontario.ca