Privacy Code

The College of Physicians and Surgeons of Ontario (the CPSO) is committed to protecting the privacy and confidentiality of information it receives or creates in the course of fulfilling its regulatory functions.

The CPSO fulfils this commitment to privacy and confidentiality by complying with its statutory obligations under the Regulated Health Professions Act, 1991, and the Personal Health Information Protection Act, 2004, and by voluntarily adopting the practices set out in this Privacy Code.

Scope

This Code applies to all information that the CPSO receives or creates while performing its regulatory functions.

This may include information about physicians,1 members of the public, and, CPSO employees and appointees.

Legislation

The CPSO is subject to the Regulated Health Professions Act, 1991 and some aspects of the Personal Health Information Protection Act, 2004 and has specific obligations under each statute to maintain the privacy and confidentiality of information.

With respect to the CPSO’s obligations under the Regulated Health Professions Act specifically, the CPSO collects, uses, discloses and retains information in accordance with its objects,2 and in compliance with its confidentiality obligations, contained in Section 36. Section 36 of the Regulated Health Professions Act, 1991 requires that the CPSO, including all persons employed, retained or appointed for the purposes of the regulatory functions of the CPSO, and members of the governing body of the CPSO keep confidential all information that comes to their knowledge in the course of their duties.

Section 36 contains a number of exceptions, which allow people acting on behalf of the CPSO to disclose information in specific circumstances.

Principles

Purposes for which information is collected, used or disclosed

The CPSO may collect, use, disclose or retain information in order to perform its regulatory functions and fulfil its statutory objects (see footnote #2), or where it is permitted or required by law to do so.

Examples of regulatory functions that may result in the collection, use, disclosure or retention of information include, but are not limited to, issuing certificates of registration to enable physicians to practice medicine, monitoring and maintaining standards of practice through peer assessment and remediation, investigating complaints against physicians on behalf of the public, and conducting discipline proceedings into allegations of professional misconduct or incompetence of physicians.

Consent

The CPSO respects and values an individual’s right to provide or withhold consent in relation to his or her information; however, there are many instances in which obtaining consent will impede the CPSO’s ability to fulfil its regulatory functions and statutory objects.

The CPSO will collect, use, disclose or retain information without consent only when it is permitted or required by law to do so. In all other situations, the CPSO will obtain consent.

Examples of situations where the CPSO is permitted or required by law to collect, use, disclose and/or retain information without consent include, but are not limited to the assessment of a physician’s practice by the CPSO’s quality assurance program, the investigation of a physician and the disclosure of information that is permitted under Section 36 of the Regulated Health Professions Act.

Accuracy

Accurate information is vital to the CPSO’s ability to fulfil its regulatory functions.

In recognition of this fact, the CPSO will take reasonable steps to ensure that the information it collects, uses, discloses and retains is accurate. This may include contacting individuals who have provided the CPSO with information in order to verify accuracy.

Access

In accordance with the CPSO’s legal obligations under the Regulated Health Professions Act, 1991, and the Personal Health Information Protection Act, 2004, the CPSO is obliged to keep all information that comes to its knowledge confidential, and is not permitted to communicate this information to any other person unless a specific statutory exception applies.

As a result, the CPSO is not permitted to provide individuals with access to much of the information in its possession. The CPSO, however, can provide individuals with access to information that is considered public information under the legislation. Public information includes, but is not limited to registration information about physicians, such as name, business address, class of registration, and specialist status; terms, conditions, or limitations that have been imposed on a physician’s certificate of registration; allegations of professional misconduct or incompetence which have been referred to the Discipline Committee of the College but not yet decided; and results of discipline or incapacity proceedings.

Individuals can gain access to public information on the CPSO’s website under Doctor Search or by contacting the CPSO directly and making a request.

Requests for publicly available information about groups of physician are addressed by the College in accordance with the CPSO’s Release of Physician Information in Batch Form policy.

Safeguards

The CPSO recognizes that adequate safeguards are fundamental to maintaining the privacy and confidentiality of information. The CPSO will take reasonable steps to ensure that the information it receives or creates is protected against theft, loss or other misuse.

While the specific safeguards implemented will be tailored in accordance with the degree of sensitivity of the information, the CPSO will ensure that:

  • Information will be stored in a secure manner. This may include keeping information in secure or restricted access storage rooms, maintaining information in password protected databases, and/or requiring that information is signed-out when it is removed from the CPSO.
  • Information which is no longer needed will be shredded through a professional and confidential service.
  • Access to the CPSO building will be restricted to CPSO staff, and individuals who have been cleared through security.
  • Reasonable steps are taken to ensure that staff, members of Council, members of Committees, and other individuals who conduct work for the CPSO are made aware of their obligations to keep information confidential, and understand the importance of upholding this obligation at all times.
  • Disclosure of private information will only be done pursuant to a data sharing agreement which will contain safeguards regarding a member’s private information.

Openness, Accountability and Compliance

The CPSO is committed to implementing the principles described in this Code, and to ensuring that members of the public and physicians are aware of the CPSO’s privacy practices.

To that end, any additional documents or policies that are developed in relation to this Code will be available on the CPSO’s website, or by contacting the CPSO directly.

The Registrar is responsible for making sure the CPSO follows this Privacy Code and any related policies and procedures. Any inquiries or questions related to this Code can be directed to the Registrar.

Please contact the College for more information about the Code described above or any of your privacy concerns.

Endnotes

1This can include publicly accessible information and private information (information that is not publicly accessible).

2 The College’s objects are:
  • regulating the practice of the profession and governing the members; 
  • developing, establishing and maintaining standards of qualification for entry into the profession; 
  • developing, establishing and maintaining programs and standards for quality assurance; 
  • developing, establishing and maintaining standards for continuing evaluation, competence and improvement; 
  • developing, in collaboration and consultation with other colleges, standards relating to the performance of controlled acts common among health professionals; 
  • developing, establishing and maintaining standards of professional ethics; 
  • assisting individuals to exercise their rights under the legislation; 
  • administering the legislation; 
  • promoting and enhancing relations between the College and its members, other health profession colleges, key stakeholders and the public; 
  • promoting inter-collaboration with other health profession colleges; 
  • developing standards and programs to promote the ability of members to respond to changes in practice environments, advances in technology and other emerging issues; and 
  • fulfilling any other objects relating to human health care that the Council considers desirable. 
  • S. 3(1) of the Health Professions Procedural Code