The CPSO fulfils this commitment to privacy and confidentiality by complying with its statutory obligations under the Regulated Health Professions Act, 1991 (RHPA), and the Personal Health Information Protection Act, 2004, (PHIPA) and by voluntarily adopting the practices set out in this Privacy Code.

Scope

This Code applies to all information that the CPSO collects, receives, creates, uses or discloses while performing its regulatory functions.

This may include information about physicians,¹ members of the public, and, CPSO employees and appointees.

Legislation

The CPSO is subject to the RHPA and some aspects of PHIPA and has specific obligations under each statute to maintain the privacy and confidentiality of information.

With respect to the RHPA specifically, the CPSO collects, uses, and discloses information in accordance with its objects,² and in compliance with its confidentiality obligations, contained in Section 36. Section 36 of the RHPA requires that the CPSO, including all persons employed, retained or appointed for the purposes of the regulatory functions of the CPSO, and members of the governing body of the CPSO keep confidential all information that comes to their knowledge in the course of their duties.

Section 36 contains a number of exceptions, which allow people acting on behalf of the CPSO to disclose information in specific circumstances.

Principles

Purposes for which information is collected, used or disclosed

The CPSO may collect, use, or disclose information in order to perform its regulatory functions and fulfil its statutory objects (see endnote #2), or where it is permitted or required by law to do so.

Examples of regulatory functions that may result in the collection, use, or disclosure of information include, but are not limited to, issuing certificates of registration to enable physicians to practice medicine, monitoring and maintaining standards of practice through peer assessment and remediation, investigating complaints against physicians on behalf of the public, and conducting discipline proceedings into allegations of professional misconduct or incompetence of physicians.

Consent

The CPSO will collect, use, or disclose information without consent only when it is permitted or required by law to do so.

Examples of situations where the CPSO is permitted or required by law to collect, use, or disclose information without consent include, but are not limited to, the assessment of a physician’s practice by the CPSO’s quality assurance program, the investigation of a physician and other disclosure of information that is in accordance with CPSO’s objects and is permitted under Section 36 of the RHPA.

Accuracy

The CPSO requires that all information it receives or collects from others is accurate. Should the CPSO have reason to believe information is inaccurate, it will take reasonable steps to verify its accuracy.

Access

In accordance with the CPSO’s legal obligations under the RHPA and PHIPA the CPSO is obliged to keep all information that comes to its knowledge confidential, and is not permitted to communicate this information to any other person unless the information is public and/or the CPSO is required or permitted by law to share the information.

Public information includes, but is not limited to registration information about physicians, such as name, business address, class of registration, and specialist status; terms, conditions, or limitations that have been imposed on a physician’s certificate of registration; allegations of professional misconduct or incompetence which have been referred to the Ontario Physicians and Surgeons Discipline Tribunal but not yet decided; and results of discipline or incapacity proceedings.

Individuals can gain access to public information on the CPSO’s website under the Public Register tab. Requests for publicly available information about groups of physician or other CPSO information will be assessed in accordance with the CPSO’s Decision Tool.

Safeguards

The CPSO will take reasonable steps to ensure that the information it receives or creates is protected against theft, loss or other misuse.

While the specific safeguards implemented will be tailored in accordance with the degree of sensitivity of the information, the CPSO will take reasonable steps to ensure that:

• Information will be stored in a secure manner. This may include keeping information in secure or restricted access storage rooms, maintaining information in password protected databases, and/or requiring that information is signed-out when it is removed from the CPSO.
• Information which is no longer needed will be destroyed or shredded through a professional and confidential service.
• Access to the CPSO building will be restricted to CPSO staff, and individuals who have been cleared through security.
• Staff, members of Council, members of Committees, and other individuals who conduct work for the CPSO are made aware of their obligations to keep information confidential, and understand the importance of upholding this obligation at all times.
• Disclosure of private information will only be done with appropriate safeguards regarding a member’s private information, which may include a data sharing agreement.

Openness, Accountability and Compliance

The CPSO is committed to implementing the principles described in this Code, and to ensuring that members of the public and physicians are aware of the CPSO’s privacy practices.

To that end, any additional documents or policies that are developed in relation to this Code will be available on the CPSO’s website, or by contacting the CPSO directly.

The Registrar is responsible for making sure the CPSO follows this Privacy Code and any related policies and procedures. Any inquiries or questions related to this Code can be directed to the Registrar.

Please contact the College for more information about the Code described above or any of your privacy concerns.

Endnotes

¹This can include publicly accessible information and private information (information that is not publicly accessible).

²The College’s objects are:

• regulating the practice of the profession and governing the members; 
• developing, establishing and maintaining standards of qualification for entry into the profession; 
• developing, establishing and maintaining programs and standards for quality assurance; 
• developing, establishing and maintaining standards for continuing evaluation, competence and improvement; 
• developing, in collaboration and consultation with other colleges, standards relating to the performance of controlled acts common among health professionals; 
• developing, establishing and maintaining standards of professional ethics; 
• assisting individuals to exercise their rights under the legislation; 
• administering the legislation; 
• promoting and enhancing relations between the College and its members, other health profession colleges, key stakeholders and the public; 
• promoting inter-collaboration with other health profession colleges; 
• developing standards and programs to promote the ability of members to respond to changes in practice environments, advances in technology and other emerging issues; and 
• fulfilling any other objects relating to human health care that the Council considers desirable. 
• S. 3(1) of the Health Professions Procedural Code