What is FIPPA?
FIPPA stands for the Freedom of Information and Protection of Privacy Act. As of January 1, 2012, hospitals will be designated as institutions under FIPPA so after that date anyone has the right to make a request for access to a wide range of information held by hospitals.

What is the purpose of FIPPA?
FIPPA has two main purposes: granting access to information and protecting the privacy of individuals.

Access

The purpose of FIPPA is to provide a right of access to information under the control of institutions in accordance with the principles that:

• information held by the government and the broader public sector should be available to the public;
• limitations on the right of access should be narrow and specific; and
• decision on the disclosure of information should be reviewed independently of the hospital’s control of the information.

Privacy

The other main purpose of FIPPA is to protect the privacy of individuals with respect to personal information about themselves held by institutions and to provide individuals with a right of access to the information. These concepts are similar to those the Hospital already employs with respect to personal health information under the Personal Health Information Protection Act, 2004.

Why were hospitals brought under FIPPA?
Access to information held by public institutions is vital to a free and functioning democratic society. Women’s College Hospital, along with other teaching hospitals, welcomes this step toward a culture of greater transparency and accountability.

Hospitals have very sensitive information, are other health care organizations subject to FIPPA too?
Yes. Many health-related organizations and agencies have been made subject to the Act, for example, Local Health Integration Networks (LHINs) have been subject to the Act since 2005; Cancer Care Ontario has been subject to the Act since 2010 and the Ministry of Health and Long-Term Care and other provincial institutions involved in the delivery of care are also subject to this Act.

The extension of FIPPA to Ontario’s hospitals is consistent with a nation-wide trend. Public hospitals or regional health authorities are subject to similar freedom of information laws in Alberta, British Columbia, Saskatchewan, Manitoba and Quebec.

When does FIPPA apply to hospitals?
The Act applies to hospitals as of January 1, 2012 but it is retrospective to January 1, 2007. As a result, records that came into a hospital’s custody and/or control on or after January 1, 2007 are subject to the Act.

Who can make a request for access to records?
Any person, organization or company can make a request for access to records. There are no restrictions related to a person’s citizenship or place of residence.

Do I have to tell you the reason for my request?
The Hospital is permitted to ask for the purpose of a request if this will assist in identifying the specific records that you may be looking for. However, you have no obligation to provide reasons. When we ask you “why?” you want a particular record, it is merely a mechanism to try and narrow down the request so we can properly assist you in finding the exact document you are looking for.

What information can I request?
FIPPA will apply to “records” that have been in the “custody or control” of a hospital since January 1, 2007, unless the record is subject to an express exclusion under the Act. FIPPA describes “records” as any information whether it is recorded in hard or soft copy, whether it’s in a paper file or on a computer.

How can I make a request?
In order to make a request for access to information under FIPPA, you must complete the attached form and send it in to the Hospital along with your $5 application fee. 

What is a “record”?
The concept of a record is extremely broad and includes reports, emails, letters, audio and visual recordings, and records that can be created from existing data stored on a computer. Also, it is not limited to the final form of a document; working copies and drafts or reports and letters are also records that can be requested by and produced to a requester. Handwritten notes and other notations made on working copies, drafts and final forms of documents are also considered records.

Can I be refused access to a record?
The decision to refuse access to a record will be made by the Hospital’s Freedom of Information Coordinator in conjunction with other relevant staff and advisors.  However, it’s important to understand that the Hospital cannot simply refuse access to a record in our custody or control unless we have clearly laid out the exemptions we are claiming under the Act to deny access.  Once we deny access to a record (or partial access to a record), you have the right to appeal our decision to the Office of the Information and Privacy Commissioner/Ontario (IPC).  The IPC will then determine if we have made a reasonable argument for denying access under the Act.

What records are NOT covered by FIPPA? What records are excluded from FIPPA?
Where the Act states a type of record is excluded requesters do not have a right to access those records. For example, records that relate to:

• employment
• labour relations
• the appointments or privileges of health professionals
• regulated health professionals’ private practice records
• research records
• teaching records
• hospital foundation records
• charitable donation records
• abortion records

It will be up to the Hospital’s Freedom of Information Coordinator to determine whether a record falls into one of these categories.

What about personal health information and health records? Are they subject to disclosure under FIPPA?
No. Personal health information is still subject to the Personal Health Information Protection Act, 2004 (PHIPA). Personal health information and health records are still private and confidential. They should not be released for any freedom of information (FOI) requests.

What is the role of the Information and Privacy Commissioner (IPC) under FIPPA?
The Information and Privacy Commissioner provides an independent review of the decisions and practices of institutions covered by FIPPA. To safeguard access and privacy rights established under FIPPA, the IPC has the following key roles:

• investigating privacy complaints related to personal information under FIPPA;
  • including writing public reports about the investigation and any recommendations
• ensuring that institutions comply with FIPPA;
• resolving appeals when institutions refuse access to information;
  • including issuing orders to resolve issues and requiring institutions to disclose records
• researching access and privacy issues; and
• educating the public about Ontario’s access and privacy laws.

For more information about the IPC, please visit their website at www.ipc.on.ca

Does the Hospital have to report to the Information and Privacy Commissioner (IPC)?
Yes. The Hospital must submit an annual report to the IPC. The report must set out:

• the number of access requests received;
• the number of requests refused, the provisions of the Act relied upon for refusal, and the number of times each provision was relied upon;
• the number of appeals commenced for each provision of the Act;
• the number of times personal information was used or disclosed for a purpose which is not included in the states of use and the purposes set forth in section of the Act relating to Personal Information Banks;
• the amount of fees collected for FOI requests; and
• any other information indicating an effort by the institution to put into practice the purposes of the Act.