Page 13 - Policies
P. 13
Definitions
Agent: A person that, with the authorization of UHN, acts for or on behalf of the
organization in respect of personal health information for the purposes of UHN and not
the agent’s own purposes, whether or not the agent has the authority to bind the
custodian, whether or not the agent is employed by UHN and whether or not the agent is
being remunerated. Examples of agents of UHN include, but are not limited to,
employees, volunteers, students, physicians, residents, fellows, consultants,
researchers, vendors.
Confidential information: Confidential information maintained at UHN can fall under
three categories, Personal Health Information, Personal Information, and Corporate
Confidential Information.
Corporate confidential information (CCI): Information maintained by UHN that is not
routinely made publicly available, including financial, administrative, commercial and
technical information, and can also include records containing legal advice and
employee-related information. These records may be subject to the Freedom of
Information and Protection of Privacy Act (FIPPA).
Health information custodian: Listed persons or organizations under the Personal
Health Information Protection Act, such as hospitals, who have custody or control of
personal health information as a result of the work they do. As a public hospital, UHN is
considered to be a health information custodian (as per Personal Health Information
Protection Act, 2004, Schedule A, Explanatory Note).
Personal health information (PHI): Any identifying information about an individual
relating to the individual’s health or to the provision of health care to the individual. For
example, an individual’s health number and/or medical record would be considered
personal health information, subject to the Personal Health Information Protection Act
(PHIPA).
Personal information (PI): Identifying information about an individual that does not
contain health care information. Examples include an individual’s age, religion, address
and telephone number. Records that contain PI may be subject to the Freedom of
Information and Protection of Privacy Act (FIPPA).
Record of personal health information: The Personal Health Information Protection
Act defines a record as personal health information in any form or in any medium,
whether in written, printed, photographic or electronic form or otherwise.
References
1. ISO/IEC 29100:2011
2. Personal Health Information Protection Act, 2004
This material has been prepared solely for use at University Health Network (UHN). UHN accepts no responsibility for use of this material by
any person or organization not associated with UHN. No part of this document may be reproduced in any form for publication without
permission of UHN. A printed copy of this document may not reflect the current, electronic version on the UHN Intranet.
Policy Number 1.40.007 Original Date 08/02
Section Privacy & Information Security Revision Dates 07/05; 11/14; 11/16
Issued By Privacy Office Review Dates
Approved By Senior Vice-president & Chief Information Page 7 of 8
Officer
