PERSONAL INFORMATION BANK
|
DETAILS
|
Board of Directors Membership |
Location: AdministrationAuthority: Public Hospitals ActTypes of PI: Names and contact information.Uses: Information is used to elect or appoint individuals, including to confirm eligibility to serve, administer meetings and for contact purposes.Individuals Included: Members of the Board of Directors
Retention and Destruction: 5 years after dissolution of the corporation
back to top |
Catering and conference records |
Location: DietaryAuthority: Freedom of Information and Protection of Privacy Act S. 28(2)Types of PI: Names, contact information, booking informationUses: information used to administer the use of facilitiesIndividuals Included: Anyone engaging catering services
Retention and Destruction: 2 years
back to top |
Patient Health Records
- Cerner Patient Record
- RadNet (Diagnostic Imaging)
- Dietary
- Emergency
- PathNet (Laboratory)
- PathNet (Pathology)
- PharmNet (Pharmacy)
- Physiotherapy
- SurgiNet (Surgical)
- Transcription
- Registration
- EMPI (master Patient index)
- OHIP billings
- ERNI (emergency national ambulation care reporting information)
|
Location: Health Records ServicesAuthority: Public Hospitals Act; Personal Health Information Protection Act, 2004; Mental Health ActTypes of PI: This bank contains some or all of the following types of information: admission and separation records, medical history, laboratory tests and reports, diagnostic services reports, requisitions, doctor’s orders, nursing notes, counseling notes, accounting statements, x-rays, operating room reports, pharmacy, social services and other patient and treatment and services records.Uses: Primarily to provide health servicesIndividuals Included: All registered in-patients and out-patients of MHA
Retention and Destruction: 10 years
back to top |
Contracts Management System |
Location: SharePointAuthority: ContractsTypes of PI: Name, address, telephone numbers, e-mail address, banking information and fee amount.Users: To manage the contract or agreement arrangements of payments upon delivery of products or services.Individuals Included: Individuals who are under contract or agreement to provide products or services to the public body.
Retention and Destruction: 5 years after dissolution of the corporation – only to the extent necessary to explain financial records; otherwise, 15 years
back to top |
Employee files/Employment related records |
Location: Human ResourcesAuthority: Employment Standards ActTypes of PI: May include name, birth date, gender, social insurance number, home and office addresses, telephone and fax numbers, employment authorization, email address, employee identification number, resume/application for employment, confidentiality agreement, education, employment history, appointment records, performance appraisals, employee relations, attendance records, pay and benefits information, staff development and training, learning accounts, occupational health and safety, employee assistance, health and life insurance records, employee conflict of interest disclosure statements, grievances, recognition awards, job classification, professional association memberships and certifications, security clearance, parking/building passes, correspondence with regulatory colleges, employee authentication log-on, and other personal data related to employment.Uses: to administer the hiring process from start to finishIndividuals Included: All employees of MHA
Retention and Destruction: 7 years from termination
back to top |
Employee incident files |
Location: Human Resources / Occupational Health and SafetyAuthority: Workplace Safety and Insurance ActTypes of PI: names, contact information, employee number, employment information, medical informationUses: investigation, preventionIndividuals Included: Employees involved in incidents at MHA
Retention and Destruction: Year of record +6 years
back to top |
Expense Claims |
Location: Accounts PayableAuthority: Freedom of Information and Protection of Privacy Act S. 28(2)Types of PI: Names, contact information, financial information, event attendanceUses: reimbursementIndividuals Included: MHA staff
Retention and Destruction: Year of Record + 6 years
back to top |
Freedom of Information Requests |
Location: Freedom of Information and Protection of Privacy Coordinator’s office.Authority: Freedom of Information and Protection of Privacy ActTypes of PI: Name of the person making the request, address, telephone numbers, description of information requested and/or reasons and evidence to correct information, fees paid, banking information, correspondence and copies of requested records.Uses: Respond and process requests, compile statistics.Individuals Included: Individuals submitting requests under the Act, including individuals acting on behalf of another person (third parties).
Retention and Destruction: Kept for the required retention period or remainder of the calendar year plus a further five years (whichever is longer).
back to top |
Hospital Directory |
Location: Human ResourcesAuthority: Employment Standards ActTypes of PI: Name, department, telephone number, email, address, date of birthUses: To contact members of the MHA community and to authenticate users for restricted resources. Contact information available for public search on the internet; personal information required for identity management restricted to relevant staff.Individuals Included: MHA employees, professional staff and external persons with specific need to be included in the MHA directory.
Retention and Disposal: TBD
back to top |
Human rights case files |
Location: Human ResourcesAuthority: Human Rights CodeTypes of PI: Name of the person making the claim, address, telephone numbers, description of claim, response to claim.Uses: Respond and process human rights claims; compile statisticsIndividuals Included: Individuals submitting requests under the Act, including individuals acting on behalf of another person (third parties).
Retention and Destruction: 21 years
back to top |
Images, photographs, consent forms for public relations |
Location: CommunicationsAuthority: Freedom of Information and Protection of Privacy Act S. 28(2)Types of PI: Photographs,Uses: public relations, newslettersIndividuals Included: Individuals involved in public relations efforts to promote MHA
Retention and Destruction: TBD
back to top |
Insurance Claims (non-litigation) |
Location: AdministrationAuthority: Insurance ActTypes of PI: Name of the person making the complaint or potential claimant, address, telephone numbers, description of complaint or concerns, response to complaint or concerns.Uses: Respond and process human rights claims; compile statisticsIndividuals Included: Individuals submitting requests under the Act, including individuals acting on behalf of another person (third parties).
Retention and Destruction: 7 years (if under 18, kept 7 years after 18th birthday)
back to top |
Incident Reports |
Location: Human Resources and Occupational Health and SafetyAuthority: Workplace Safety and Insurance ActTypes of PI: Names, names, contact information, employee number, employment information, medical informationUses: investigation, preventionIndividuals included: Employees at the MHA
Retention and Destruction: Year of Record + 6 years
back to top |
IT Security Investigations |
Location: Information TechnologyAuthority: Freedom of Information and Protection of Privacy Act S. 28(2)Types of PI: Names, IT historyUses: InvestigationIndividuals Included: Subjects of investigations including anyone with access to MHA information systems
Retention and Destruction: 2 years
back to top |
Job Competitions |
Location: Human ResourcesAuthority: Employment Standards ActTypes of PI: May include name, home and office addresses, telephone numbers, application form, resume, references, samples of work, job advertisement, screening and evaluation results, and appointment of successful candidate.Uses: Document the hiring process and provide statistics.Individuals Included: Applicants for employment opportunities at MHA
Retention and Destruction: Current Calendar Year + 6 years after position staffed
back to top |
Litigation files |
Location: AdministrationAuthority: Public Hospitals ActTypes of PI: names, claims, background informationUses: Respond and process litigation claims; compile statisticsIndividuals Included: Individuals suing MHA or MHA sues; including individuals acting on behalf of another person (third parties).
Retention and Destruction: 15 years from date of notice of dismissal or settlement
back to top |
Occupational Health and Safety Records |
Location: Occupational Health and Safety DepartmentAuthority: Occupational Health and Safety ActTypes of PI: Names, date of birth, employment information, medical informationUses: Conduct inspections and investigations, reporting purposesIndividuals included: MHA employees
Retention and Destruction: 7 years from termination
back to top |
OHIP Payments |
Location: FinanceAuthority: Health Insurance ActTypes of PI: OHIP numbers, account number, service dateUses: ReimbursementIndividuals Included: Physicians
Retention and Destruction: Year of record +6
back to top |
Patient Payments |
Location: FinanceAuthority: Public Hospitals Act, Health Insurance ActTypes of PI: Name, address, telephone numbers, e-mail address, financial information, amount paid or outstanding.Uses: Settlement of accountsIndividuals Included: Individuals who pay or owe money to MHA.
Retention and Destruction: Year of Record + 6 years
back to top |
Patient Relations Compliments and Complaints |
Location: AdministrationAuthority: Public Hospitals ActTypes of PI: names, health information, visit historyUses: Respond and process compliments and complaints about MHA; compile statisticsIndividuals Included: Individuals submitting compliments or complaints, including individuals acting on behalf of another person (third parties).
Retention and Destruction: 10 years
back to top |
Pay equity records |
Location: Human ResourcesAuthority: Pay Equity ActTypes of PI: Names, salaryUses: EvaluationIndividuals Included: MHA staff
Retention and Destruction: Permanent
back to top |
Professional Staff contracts Professional Staff credentialing files |
Location: AdministrationAuthority: Public Hospitals ActTypes of PI: May include name, birth date, gender, home and office addresses, telephone and fax numbers, email address, MHA identification number, application for appointment, reappointment documentation, letters of reference, curriculum vitae, confidentiality agreement, education, employment history, performance appraisals, training, occupational health and safety, insurance, description of privileges, conflict of interest disclosure statements, recognition awards, professional association memberships and certifications, security clearance, parking/building passes, correspondence with regulatory colleges, log-on, and other personal data related to appointment to the Professional Staff.Uses: credentialing, appointment to medical staffIndividuals Included: All members of the Professional Staff
Retention and Destruction: for tenure of professional staff member, plus 15 years.
back to top |
Privacy complaints, breaches, audits |
Location: Office of the Chief Privacy OfficerAuthority: Personal Health Information Protection Act, 2004Types of PI: Name (name of the person making the complaint, subject of a privacy breach, name of person audited), address, telephone numbers, description of information relevant to the complaint, breach or audit and responses, correspondence and copies of relevant records.Uses: Respond and process complaints, breaches and audits, compile statistics.Individuals Included: Individuals submitting complaints, individuals whose information was compromised, individuals whose information is audited, including individuals acting on behalf of another person (third parties).
Retention and Destruction: TBD
back to top |
Professional Staff privileges case files |
Location: AdministrationAuthority: Public Hospitals ActTypes of PI: Names, address, privileging informationUses: Legal casesIndividuals Included: All applicants to the Professional Staff, all members of the Professional Staff
Retention and Destruction: For tenure of professional staff member plus 15 years
back to top |
Security Reports |
Location: Environmental ServicesAuthority: Freedom of Information and Protection of Privacy Act S. 28(2)Types of PI: Names, address, incident reportsUses: Investigation and to ensure security within the organization.Individuals Included: Employees, individuals outside the organization.
Retention and Destruction: TBD
back to top |
Security Surveillance |
Location: Environmental ServicesAuthority: Freedom of Information and Protection of Privacy Act S. 28(2)Types of PI: Video imagesUses:Iinvestigate incidents relating to safety or securityIndividuals Included: MHA employees, physicians, individuals external to the Hospital.
Retention and Destruction: 120 Days
back to top |
Student Placement |
Location: Volunteer ServicesAuthority: Employment Standards ActTypes of PI: Names, educational history, home addressUses: Contacting students for the purpose of facilitating placementIndividuals Included: Students with placements at MHA
Retention and Destruction: 7 years from termination
back to top |
Volunteers |
Location: Volunteer ServicesAuthority: Employment Standards ActTypes of PI: Names, employment history, police record checkUses: To track volunteer availabilityIndividuals Included: Volunteers with placements at MHA
Retention and Destruction: 7 years from termination
back to top |