Overview

For certain permitted purposes set out under the Freedom of Information and Protection of Privacy Act (FIPPA), the Data Integration Unit (DIU), which is comprised of an administrative division at the Ministry of Health (MOH) and the Ministry of Long-Term Care (MLTC), is authorized to indirectly collect and use personal information, primarily for de-identification and linkage. The MOH is designated as both an inter-ministerial (IMDIU) and ministerial (MDIU) data integration unit.

Data integration will enable the government to gather data by linking information from different ministries in a privacy protected way to generate insights that can support policy development and program enhancements. This will support the design and implementation of citizen centered programs in Ontario.

Your safety and privacy

The government is committed to ensuring the safety and privacy of Ontarians. Personal information used for data integration will be done so under thorough safety and privacy measures in compliance with legislation and privacy safeguards, ensuring that only the necessary information is collected.

In addition, the Ontario Public Service Data Integration Data Standards help protect the confidentiality of personal information by expanding on the obligations under FIPPA and ensuring a consistent approach to the ministry’s transparent, accountable use of data in a way that protects the privacy of individuals.

Personal information collected for data integration is used to:

  • link or de-identify data for use by Ontario ministries for program planning or evaluation
  • conduct an audit where there are reasonable grounds to believe that there has been inappropriate receipt of a payment, service or good, including any Government of Ontario funded benefits

Transparency

Prior to each new collection of personal information for data integration, the DIU will publish a notice. The notice(s) posted below outline the general legal authority of the DIUs followed by information specific to each collection of personal information and the data integration projects for which it will be used, as required by FIPPA and the Data Integration Standards.

For more information about how Government is enabling data integration in a privacy protective way. Please visit the Ontario Data Integration Framework overview.

Personal Information

Legal authority to collect personal information

The MOH’s DIU may only collect personal information for the purposes set out in FIPPA Part III.1 s. 49.2. This includes:

  • the management or allocation of resources (for example, funding)
  • the planning for the delivery of programs and services provided or funded by the Government of Ontario, including services provided or funded in whole or in part or directly or indirectly
  • the evaluation of those programs and services

Limits on collection of personal information

Any collection of personal information by the MOH’s DIU must be in accordance with the rules under FIPPA Part III.1 and the OPS Data Integration Standards. As such, the ministry will take all necessary steps to safeguard the personal information collected. To this effect the MOH’s DIU will not collect or use more personal information than is reasonably necessary to meet the purpose.

Inter-ministerial data integration unit

The IMDIU is authorized to indirectly collect personal information from Ontario or municipal institutions, MDIUs, other IMDIUs, and extra-ministerial data integration units. IMDIUs allow cross-sectoral data integration across ministries within the Ontario Public Service (OPS). An IMDIU can provide cross sectoral data integration services for other OPS ministries who do not have a designated IMDIU.

Ministerial data integration unit

The MOH is the only MDIU permitted to indirectly collect personal health information by means of the Electronic Health Record (EHR) for the purposes of the Personal Health Information Protection Act (PHIPA) s. 59.9, and FIPPA Part III.1.

Disclosure of personal information

The MOH DIU may only disclose personal information in accordance with FIPPA Part III.1 s. 49.9, including:

  • to another inter-ministerial data integration unit and/or an extra-ministerial data integration unit
  • as required by law
  • to an institution or law enforcement agency in Canada in relation to an investigation
  • for the purpose of a proceeding before a court or tribunal
  • to the Information and Privacy Commissioner of Ontario
  • for certain research purposes

Accessing or correcting your personal information

Under FIPPA individuals have a right to request information from institutions that are subject to the Act, including the MOH.

Individuals may request:

  • access to MOH records under s. 10 of FIPPA
  • access to their personal information held by the ministry under s. 47 of FIPPA
  • correction of their personal information if they believe it is incorrect under s. 47 of FIPPA

Note: the MOH is not required to provide access to records that are subject to an exemption or exception within FIPPA, for example, s. 10 of FIPPA does not apply to personal information collected under Part III.1 (Data Integration) or to integrated or linked data that are not de-identified.

Access to information requests or requests for correction of personal information should be made in writing and directed to the Access and Privacy Office. The Access and Privacy Office responds within 30 days unless an extension of time is required.

Notices of Collection

When the MOH’s DIU collects personal information, the ministry will publish a notice which will:

  • cite the legal authority that permits the collection
  • describe the project and the purpose for the collection and use of the personal information including the general nature of the linkages that may be made
  • describe the types of personal information being collected and the period of collection
  • list the sources and datasets from where personal information will be collected

If you have questions about the collection, use and disclosure of personal information described in the above notices, please contact the DIU undertaking the project.

Project-specific contact information can be found by consulting the Notices of Indirect Collection of Personal Information.

Making a privacy complaint or inquiry related to data integration

To make a complaint or inquiry related to the MOH’s DIU, please start by contacting the Director, Health Data Branch by email or mail. You will receive a response to your complaint or inquiry within five business days.

Please note that e-mail is not a secure form of communication, please do not send confidential personal information in your initial email.

Once your inquiry/complaint has been reviewed, you may be asked to provide personal information to validate your identity.

In compliance with privacy legislation, the MOH has a process in place for determining when notification must be provided to the Information and Privacy Commissioner of Ontario (IPC) based on the scope of the complaint or inquiry and other relevant factors.

If a complaint or inquiry relates to an actual or suspected privacy or security breach, it will be addressed in accordance with MOH’s breach management procedure.

You can also make a complaint to the IPC if you feel your complaint was improperly addressed by the ministry, or for any other reason.

Contact information

Data Integration Unit

Aileen Chan
Director
Health Data Branch
Data And Analytics Strategy Division
Ministry of Health and Ministry of Long-Term Care
5700 Yonge Street, 4th Floor
Toronto, Ontario
M2M 4K5
 IMsupport@ontario.ca

Access and Privacy Office

If individuals have questions about the collection, use, and disclosure of personal information by the MOH in general, they can contact the Access and Privacy Office at:

Access and Privacy Office
Corporate Management Services Division
Ministry of Health, Ministry of Long-Term Care
99 Adesso Drive
Concord, Ontario
L4K 3C7
 GeneralAPO@ontario.ca

Information and Privacy Commissioner (IPC)

The IPC provides oversight of Ontario’s access and privacy laws. These laws establish the rules for how the following Ontario institutions may collect, use and disclose your personal information:

  • public institutions
  • health care providers
  • children’s aid societies
  • other child and family service providers

The IPC also assists with resolving privacy complaints and has broader powers to investigate and research privacy issues.

Collection, use and disclosure of personal information under Part III.1 of FIPPA is subject to triannual review by the IPC. The Commissioner may conduct a review of the practices and procedures of the DIU if the Commissioner has reason to believe that the requirements under Part III.1 of FIPPA are not being met.

If individuals have questions or concerns about the proper management of personal information, they can contact:

Information and Privacy Commissioner of Ontario

2 Bloor Street East, Suite 1400
Toronto, Ontario
M4W 1A8