Mackenzie Health’s Privacy Principles

Your Privacy

Mackenzie Health is committed to protecting your privacy and the confidentiality of your personal health information.

Our Privacy program is based on international standards for privacy protection developed by the Canadian Standards Association (CSA) and adopted as the basis for Canadian federal privacy legislation.

As part of this commitment, Mackenzie Health has adopted the 10 Privacy Principles established by the Canadian Standards Association's Model Code for the protection of Information. PIPEDA Fair Information Principles

Mackenzie Health's Privacy Principles

All Mackenzie Health staff, physicians and volunteers are responsible for information under their custody or control. Mackenzie Health’s Chief Privacy Officer oversees compliance with the Privacy Principles as well as the Personal Health Information Protection Act (PHIPA), and the Freedom of Information and Protection of Privacy Act (FIPPA).  Mackenzie Health has implemented policies and procedures to protect your personal health information and all other confidential information relating to patients, staff, and affiliates.  Our staff, volunteers and physicians all receive Privacy related training and education. 

Mackenzie Health’s privacy practices are governed by PHIPA and FIPPA. In accordance with these Acts, we collect information about you either from you or from the person/organization authorized to act on your behalf. 

Mackenzie Health will identify the purposes for which personal health information is collected at or before the time of collection.  These purposes will be conveyed by means including our website, digital notifications, and brochures.  The primary purpose for collecting, using, and sharing personal health information is to deliver safe and efficient patient care.  We may also use your information for administrative purposes, research, teaching, fundraising, quality improvement and risk management, planning, to comply with our legal and regulatory requirements or other purposes as permitted by law. 

Mackenzie Health collects, uses and discloses your Information with your knowledge and consent, except where otherwise required or permitted to do so by law.   

We rely on your implied consent for some purposes but will seek your expressed consent for other purposes (for example, if you are going to have a surgical procedure).   

You have the right to know why we are collecting your information and how it is being used.  You also have the right to withdraw your consent at any time, unless the collection, use or sharing is required or permitted by law. 

Mackenzie Health limits the collection of your Information to only those details that are necessary for the purposes identified. 

Your information will only be used or disclosed for the purpose for which it was collected, unless you have otherwise consented, or when it is required or permitted by law. Mackenzie Health retains your information for the period of time prescribed by our retention policy and is securely destroyed in accordance with legislation and hospital policies and guidelines. 

There are other health care providers outside of Mackenzie Health who can access your electronic health record but they or their team must be involved in your care, and they must sign an agreement with Mackenzie Health.  

You can limit access to your personal health information for health care purposes by asking for a Consent Directive, also known as a “Lockbox”. There are several kinds of consent directives. You can lockbox your entire record, or a specific visit.   

Mackenzie Health keeps information that is collected as accurate, complete, and up to date as necessary to fulfill the purposes for which it was collected.  Patients have the right to challenge the accuracy of their personal health information. 

Mackenzie Health takes reasonable steps to ensure your personal information is protected.  Security safeguards are applied appropriate to the sensitivity or personal health information to protect it against loss, theft, unauthorized access, disclosure, copying, use or modification, regardless of its format. 

The following are some examples of the specific steps we take to protect your privacy while delivering safe, quality care: 

  • Physical measures: for example, the use of lockable filing cabinets and restricting access to offices; 
  • Organizational measures: for example, limiting access to personal information on a need-to-know basis; 
  • Technological measures: for example, the use of passwords, system access controls and encryption where appropriate; 
  • Regular audits of system access and use, including appropriate disciplinary action for non-compliance with legal or hospital requirements governing access to information. 

Information about our policies and practices is readily available on our website as well as through digital posters and other resources.  

See Mackenzie Health's Privacy Policy.

You have the right to access and/or correct records of your information.

For access to personal health information please contact Health Information Services.

For access to general records please proceed to our Freedom of Information webpage

If you believe your health information is incorrect, you have the right to request a correction to this information.   For more information, please contact Health Information Services.


Individuals may challenge the hospital’s compliance with its Privacy policies or Privacy law through the Chief Privacy Officer/Privacy Office. Mackenzie Health has procedures in place to receive and respond to complaints or inquiries about its policies and practices relating to the handling of personal health information. Mackenzie Health will take appropriate measures to review all complaints.

For more information about our privacy practices, see Your Privacy at Mackenzie Health page or contact Mackenzie Health’s Privacy Office.

Contact Our Privacy Office

Privacy Office 

10 Trench Street 
Richmond Hill, ON 
L4C 4Z3 

You may also make a complaint to the Information and Privacy Commissioner of Ontario if you believe we have violated your privacy rights. The Commissioner can be reached at: 

Information and Privacy Commissioner of Ontario 

2 Bloor Street East, Suite 1400 
Toronto, ON 
M4W 1A8 
Phone: 416-326-3333