Privacy Notice

Privacy of Your Personal Health Information

Ontario’s Personal Health Information Protection Act (PHIPA) provides rules for health care providers, organizations and electronic hosting systems for the collection, use and sharing of your personal health information.

The ONE Health Information Technology Services (ONE HITS) is responsible for delivery and operational support for the shared health information system.   In providing this service, ONE HITS is considered as a Health Information Network Provider under the Personal Health Information Protection Act.

ONE HITS has put in place several safeguards to protect your personal health information.  The types of safeguards we have in place as well as actions we take to protect your personal health information are noted below:

Organizational safeguards

We have many technical, physical and administrative safeguards to help protect the security, confidentiality and integrity of the health information system. These include:

  • Servers housed in a secure space, with redundant and backup power supplies;
  • Anti-virus solutions to help protect our infrastructure from infection and malware;
  • Automated systems log and monitoring of all access to confidential patient and personal information;
  • Complex passwords (enforced on all systems);
  • Data backed up on a regular basis and distributed across multiple sites;
  • Legal terms in our agreement with service providers committing them to protect personal information/personal health information;
  • Role based access strictly enforced for all personal information / personal health information;
  • Privacy and security awareness training for all staff; vendors and contractors.
  • Continuous monitoring of network traffic to help identify threats;
  • Policies, procedures and standards to govern related operations; and
  • Patching of servers on an ongoing basis.

Policies, practices and standards

ONE HITS has comprehensive privacy and security policies in place to govern the collection, use and disclosure of personal/personal health information.  Our staff are required to follow privacy and security policies.  Noncompliance to policies and procedures may result in disciplinary action including termination of employment.

ONE HITS Commitment 

ONE HITS commits to:

  • Not use any personal health information accessed while providing services for a health care facility, except as necessary while providing the services;
  • Not disclose any personal health information to which we have access while providing services for the health care facility;
  • Not allow our employees, or anyone acting on their behalf, to access personal/personal health information unless they agree to abide by our policies and procedures;
  • Notify participating health care facilities of any privacy breaches detected;
  • Provide each participating health care facility with a copy of this statement;
  • Make a copy of this statement publicly available on our website;
  • Maintain appropriate logging and monitoring of personal/ personal health information that will be made available to participating health care facility on request and;
  • Perform regular privacy and security assessments of the operation of our systems.


For more information, or to ask questions about our privacy and security practices, contact us at