FAQs about FIPPA

Below is a list of common questions regarding the Freedom of Information and Protection of Privacy Act (FIPPA). If the questions you have are not addressed here, please contact our Freefom of Information (FOI) office at 416-243-3600 Ext. 2607.

  1. What is FIPPA? 
  2. Why were hospitals brought under FIPPA? 
  3. When does FIPPA apply to hospitals? 
  4. What is the purpose of FIPPA? 
  5. What information/records does the Act apply to? 
  6. What is a Freedom of Information (FOI) request? 
  7. How do I know if a record is in the “custody or control” of the hospital? 
  8. What records are not covered by the Act? 
  9. How do I find out what information West Park Healthcare Centre has? 
  10. Do I always need to make a formal FOI request in order to obtain hospital information? 
  11. How do I make a FOI request? 
  12. How do I correct my own personal information? 
  13. How do I request my personal health information? 
  14. Who can make a FOI request? 
  15. Is the requestor required to provide a reason for his or her request? 
  16. If I make a request for information or contact the organization about a privacy breach, is my identity protected? 
  17. Can the purpose of the request be used to justify denying access to records? 
  18. When can I expect a response to an FOI request? 
  19. How do I appeal a decision? 

1. What is FIPPA?

FIPPA stands for the Freedom of Information and Protection of Privacy Act. As of January 1, 2012, hospitals are designated as institutions under FIPPA so that anyone has the right to make a request for access to a wide range of information held by hospitals.

back to top 

2. Why were hospitals brought under FIPPA?

Access to information held by public institutions is vital for a culture of transparency and accountability. West Park Healthcare Centre welcomes this step, which reflects its core value of Accountability. 

back to top 

3. When does FIPPA apply to hospitals?

The Act applies to hospitals as of January 1, 2012 but it is retroactive to January 1, 2007. As a result, records that came into a hospital’s custody and/or control on or after January 1, 2007 are subject to FIPPA.

back to top 

4. What is the purpose of FIPPA?

FIPPA has two main purposes: granting access to information and protecting the privacy of individuals.

Access: The purpose of FIPPA is to provide a right of access to information under the control of institutions in accordance with the principles that: 

Information held by the government and the broader public sector should be available to the public;
Limitations on the right of access should be narrow and specific; and, decisions on the disclosure of information should be reviewed independently of the hospital’s control of the information.

Privacy: FIPPA protects the privacy of individuals with respect to personal information about themselves held by institutions and provides individuals with a right of access to the information. These concepts are similar to those the hospital already employs with respect to personal health information under the Personal Health Information Protection Act, 2004.

back to top 

5. What information/records does the Act apply to?

FIPPA provides access to information that is recorded, or that can be made into a record, whether in print, audio or electronic form, including:

 

  • Paper and electronic files and documents
  • Emails (including those on networks, desktops and personal devices)
  • Photographs, video and audio recordings
  • Non-final drafts and working notes
  • Expense claims/accounts
  • Minutes of meetings, agendas, communication books
  • Handwritten notes and personal notes
  • Spreadsheets and sketches

 

back to top 

6. What is a Freedom of Information (FOI) request?

An FOI request is an official written request for information form an organization covered by the Freedom of Information and Protection of Privacy Act (FIPPA). Visit the Information and Privacy page for more information.

back to top 

7. How do I know if a record is in the “custody or control” of the hospital?

In general, “custody” means that the hospital keeps, cares for, watches over, preserves and ensures the security of the record for business purposes. The hospital’s physical possession of a record may not be sufficient to constitute custody; it must have some right to deal with the record.

In general, “control” of a record does not mean having physical possession but rather the power to make a decision about the use or disclosure of the record. 

back to top 

8.What records are not covered by the Act?

Personal Health Information (links Government of Canada definition of personal health information) is subject to PHIPA legislation and is excluded from FOI legislation

Other exclusions include:

 

  • Personal Health Information as defined by PHIPA, 2004;
  • Quality of Care Information as defined by QCIPA, 2004;
  • Ecclesiastical records of a church or religious organization that is affiliated with a hospital;
  • Records relating to the operations of a hospital foundation;
  • Administrative records of a member of a regulated health profession that relate to that person’s personal practice;
  • Records relating to the provision of abortion services;
  • Records relating to certain labour relations, employment and placement matters;
  • Records relating to certain appointment and privileging matters;
  • Certain records respecting or associated with research (including clinical trials);
  • Certain records of teaching materials collected, prepared or maintained by an employee of the hospital or a person associated with the hospital for use at the hospital;

 

back to top 

9. How do I find out what information West Park has?

A List of Records is available online and contains a list of categories of records and personal information held by West Park Healthcare Centre. 

back to top 

10. Do I always need to make a formal FOI request to obtain hospital information?

Information held by West Park may be available to you without making a request in writing under the Act. Visit the List of Records section or contact the Freedom of Information and Privacy Office. 

back to top 

11. How do I make a FOI request?

FOI requests must be submitted in writing and accompanied by a $5 to the Freedom of Information and Protection of Privacy Office. Visit the Information and Privacy page for more details. 

back to top 

12. How do I correct my own personal information?

Visit the Information and Privacy page for more information on correcting inaccuracies in your personal information held by the hospital. 

back to top 

13. How do I request my personal health information?

Access to personal health information, such as in a patient’s medical chart, is not available under FIPPA. The Personal Health Information Protection Act (PHIPA) applies to a patient’s medical information and the hospital protects medical information in accordance with PHIPA. You are able to access or correct your own personal health information. 

back to top 

14. Who can make a FOI request?

Any person, organization or company can make a request for access to records. A person includes individuals and organizations such as corporations, partnerships and sole proprietorships. The right of access is not limited by citizenship or place of residence. There may be situations where one person represents another individual based on consent or through power conferred on an individual by FIPPA or another Act. (Subsection 10(1) and Section 66). 

back to top 

15. Is the requestor required to provide a reason for his or her request?

The West Park Freedom of Information and Protection of Privacy Office is permitted to ask for the purpose of a request if this will assist in identifying the specific records that the requestor is looking for. However, the requestor has no obligation to provide reasons. 

back to top 

16. If I make a request for information or contact the organization about a privacy breach, is my identity protected?

Yes. If you make a request for information or contact an organization about a privacy breach, your identity must not be disclosed to individuals outside of that organization without your consent. Within the organization, your identity may only be disclosed to employees who need the information to perform the duties of their job, and that disclosure must be necessary and proper to carry out the organization’s functions. 

back to top 

17. Can the purpose of the request be used to justify denying access to records?

No. The purpose of a freedom of information (FOI) request is irrelevant. The requester has a right of access under FIPPA and the purpose of their exercise of that right cannot be used to deny access. 

back to top 

18. When can I expect a response to an FOI request?

You will receive a written response to your FOI request within 30 days after the form and fee are received. 

back to top 

19. How do I appeal a decision?

The organization must provide a notice in writing to the requestor if your request for information is denied. Requestors do have a right to appeal a decision to the Information and Privacy Commissioner, Ontario. The IPC’s website provides more information on how to make an appeal.

back to top