Health Quality Ontario is an agency of the Ontario Ministry of Health and Long Term Care, and is subject to the Freedom of Information and Protection of Privacy Act (FIPPA). HQO has developed an enterprise-wide privacy program to support its compliance with the requirements of the Act and, more broadly, with recognized standards in management and safeguarding of personal information.
Accountability for privacy
HQO will obtain knowledgeable consent from any individual from whom it collects personal information, meaning that HQO will inform an individual of its specific purposes for collection, use and disclosure of the individual’s personal information before collecting this information.
Each HQO program area determines the manner in which it will identify its purposes for collection, use and disclosure of personal information, following standards set out in HQO’s privacy procedures.
Each program area also determines whether it will rely on express or implied consent for the collection, use and disclosure of personal information.
HQO’s privacy program
The CPO has developed and implemented an enterprise-wide privacy program through which HQO has defined and will meet its privacy obligations.
Privacy and information management procedures to ensure that HQO employees appropriately limit their access to and use, disclosure and retention of personal information according to the purposes for which the information was collected by HQO
Privacy training and awareness for all new employees, with refresher privacy training provided on a periodic basis
Processes for identification and management of privacy risks
Privacy audit activities to determine whether HQO is in compliance with its privacy requirements as defined in legislation and its own policy
HQO has implemented information security safeguards to protect personal information in its custody from all unauthorized collection, use, disclosure, and retention, including but not limited to:
Access controls on HQO information management systems (electronic and hard copy) to ensure that access by employees to personal information has been appropriately limited
Data protection measures, including protection (e.g., encryption) of personal information when transmitted between HQO and third parties is required
Network protections, including firewalls, intrusion detection and prevention measures, and anti-malware protections
Contacting the Chief Privacy Officer
Individuals can contact the HQO CPO for the following purposes:
Submitting requests for access or correction to the individual’s records of personal information in the custody of HQO
The Chief Privacy Officer can be reached by emailing: firstname.lastname@example.org