The data will be used by Ontario Health (OH) as a Prescribed Entity for the following purposes:
- Planning: to better understand the quality, volume, and feasibility of data to support system performance measurement (e.g. wait times).
- Generation of provider reports for contributing HSPs: The reports will provide insights into service access and utilization, support local service planning efforts, and facilitate performance measurement across contributing organizations.
Information collected can be accessed by the client’s health care team and Ontario Health once the PDS has been submitted. Any personal health information (PHI) collected from clients will remain confidential and stored securely. Ontario Health will produce aggregate level reports from the PDS data, but these would not include any personal or identifying information.
Ontario Health employs role-based access controls. Access and use are limited for individuals requiring access to the PHI as indicated in their employment or contractual responsibilities. Disclosure of the sectoral data is only permitted in accordance with PHIPA.
Ontario Health has in place administrative, physical, and technical controls to protect the privacy of the sector patients/clients and ensure the confidentiality and security of their PHI that is provided to Ontario Health for the Mental Health and Addictions Centre of Excellence.
Ontario Health is subject to regulatory oversight by the Information and Privacy Commissioner of Ontario who reviews and approves our privacy, security, and information management practices on a triennial basis.
Ontario Health’s privacy statement is available at: Privacy | Ontario Health
OH has implemented technical and administrative safeguards to prevent the overcollection of client data. OH and each contributing site have entered into a data sharing agreement specifying the data elements to be shared to OH. Additionally, vendor solutions do not permit the submission of data elements beyond those specified in the data sharing agreement.
Ontario Health will be collecting this data as a Prescribed Entity under the Personal Health Information Protection Act, 2004 (PHIPA), which is the legislation that applies to the management of personal health information (PHI) in the province. Ontario Health is identified in ss.18(1)5 of Ontario Regulation 329/04 made under PHIPA (the Regulation) as a Prescribed Entity for the purposes of ss.45(1) of the Act.
PHIPA is “role-based” legislation, which means that it identifies and defines a number of roles of “health system actors”. It then sets out the rights and responsibilities of each of the roles as they relate to the management of PHI. Ontario Health is a prescribed entity and collects personal health information for health system management and planning from organizations that are involved in the care and treatment of patients. Ontario Health will use this information to plan, fund and report on the performance of the healthcare system.
Accountability for Ontario Health’s compliance with applicable privacy legislation rests with the Chief Executive Officer (CEO), who delegates accountability for compliance to the Chief Privacy Officer (CPO). The CPO oversees the day-to-day responsibilities of the privacy program, together with Privacy Managers and Privacy Specialists. The CPO is responsible for updating senior leadership and the CEO on material related to privacy matters.
As a Prescribed Entity, Ontario Health is subject to regulatory oversight by the Information and Privacy Commissioner of Ontario on a triennial basis. Ontario Health must submit a report to the Commissioner that details how our privacy, information security and management practices comply with the requirements mandated in the Manual for the Review and Approval of Prescribed Persons and Prescribed Entities. Ontario Health received its latest approval from the Information and Privacy Commissioner on October 30, 2020.
Ontario Health’s triennial report is publicly available at:
Community health and mental health services are what are known as Health Information Custodians (HICs), as are other healthcare practitioners, hospitals, and pharmacies. In addition to outlining the authority by which information can be collected, it also outlines the roles and responsibilities of HICs.
PHIPA sets out the circumstances in which HICs:
- Have the authority to collect, use and disclose PHI
- When they need the consent of the patient/client to do so, and what type of consent is necessary (express, implied, or assumed implied)
- May use and disclose PHI without the consent of the client/patient to whom the individual relates
No, client consent is not needed to collect data for the PHI.
Community health and mental health services are what are known as Health Information Custodians (HICs), as are other healthcare practitioners, hospitals, and pharmacies. In addition to outlining the authority by which information can be collected, it also outlines the roles and responsibilities of HICs.
PHIPA sets out the circumstances in which HICs:
- Have the authority to collect, use and disclose PHI
- When they need the consent of the patient/client to do so, and what type of consent is necessary (express, implied, or assumed implied)
- May use and disclose PHI without the consent of the client/patient to whom the individual relates
No, client consent is not needed to disclose MHA PDS data to Ontario Health.
Ontario Health is a Prescribed Entity under PHIPA and is able to receive PHI without consent under certain provisions.
Under PHIPA, Prescribed Entities may receive and collect data without consent for the purpose of analysis or compiling statistical information with respect to the management of, evaluation or monitoring of, the allocation of resources to or planning for all or part of the health system, including the delivery of services.
To continue receiving PHI from health information custodians (HICs) without consent, Ontario Health as a Prescribed Entity must have its privacy and security practices and procedures (Ps&Ps) reviewed and approved by the IPC every three years.
The Ps&Ps must, at minimum, include those set out in the Manual:
The IPC most recently reviewed and approved OH’s Ps&Ps on October 30, 2020. The IPC’s Approval Letter is posted on its website at: By E-mail (ipc.on.ca)
No, consent directives will not be applied to this data.
A consent directive, also known as a lockbox is a privacy control through which individuals can withdraw or withhold consent for the collection, use, and disclosure of their personal health information for health care purposes. PHIPA grants individuals the right to request a consent directive.
Consent directives will not apply to the data that is collected by Ontario Health under the authority of a Prescribed Entity if the data is collected for the purpose of analysis or compiling statistical information with respect to the management of, evaluation or monitoring of, the allocation of resources to or planning for all or part of the health system, including the delivery of services, if the entity has received the approval of its practices and procedures by the Office of the Information and Privacy Commissioner/Ontario (the “IPC”) [ s.45]
Ontario Health receives PHI without client consent from agencies in Ontario involved in care and treatment of patients such as Cancer Care Ontario, CorHealth Ontario, and Trillium Gift of Life Network.
The PHI received is used for health system management and planning purposes. For instance, Cancer Care Ontario uses the PHI they collect to plan, fund, and assess the performance of the cancer care program.
Please see the following link for further information: https://www.ontariohealth.ca/privacy
Ontario Health has a long-term goal to collect PHI once in support of multiple initiatives. This initiative is a part of a long-term roadmap, which includes legislative changes and consultations which will last for the next couple of years. Updates will be provided about the progress of this change.
If there are updates to the PDS such as requirements of additional data elements, HSPs will be notified through changes in the data sharing agreements. Any necessary changes to system configurations will be implemented on the vendor side. This process will be part of a release update, and any modifications to the PDS will follow this procedure.
This feature is currently in development with the vendors. Ontario Health has contracted all compliant vendors to create a new set of standard reports to present the information. Data submissions are automatic and cannot be manually reviewed before they are sent; however, this new feature will allow HSPs to review the data after submissions.
While migrating to a PDS compliant vendor, HSPs can retain their data within the new data set. Ontario Health will begin receiving data once the PDS submission is activated in the compliant vendor system.
Historical data will not be submitted to Ontario Health unless it includes active clients. Clients without a discharge date will be considered active if they are still enrolled in a service. Data for closed or inactive clients will be managed according to the HSP’s retention policies, and they may decide to close records before migration, as per them. Ontario Health has no specific requirements during the migration.
On the ADH side, there is a long-term retention period for the data. However, the data processed through the Provincial Data Set (PDS) product has a retention period of seven years. This data is archived and stored in a designated location with restricted access. Access is only permitted for specific troubleshooting purposes and requires prior approval from privacy. There is no set timeline for data removal unless explicitly required by retention policies.
Socio-demographic data (SDoH) data is considered clinical data in the context of MHA PDS and as outlined in the data sharing agreement. The data sharing agreement lists all elements allowed to be collected. According to the data sharing agreement “you will not begin collecting any new data elements as part of this MHA-PDS Project that, in your clinical opinion, are not necessary for the care and treatment of your clients”. SDoH elements are optional and considered beneficial for clinical care.
No, optional data elements are not considered a component of data quality or compliance. Health Service Providers will not be penalized for this.
However, Ontario Health monitors the completion rates for socio-demographic information and is working to address barriers to completion. Collecting these elements is important for provincial planning, monitoring, and informed decision making.
In the next iteration of the Provincial Data Set, Ontario Health plans to align with the provincial directive on socio-demographic data collection for clinical care. HSPs are encouraged to collect these optional elements wherever possible, and additional resources are being developed to support this effort.
In PDS 1.0, the "health card number" field is optional. In PDS 2.0, which will be rolled out after March 2025, completing the "health card number" field will be mandatory.
For PDS 1.0, a valid health card number is not required for submission. If service providers are unable to collect a valid health card number, they can input either: "client does not have a health card" or "client does not want to provide health card."
It is suggested that clients are asked about their OHIP card at their point of intake or as early as possible. Service providers can leave the field blank or input a placeholder such as "health card pending intake" (depending on the configuration of your CMS) until the health card number is collected.
Staff can let clients know that the OHIP card number and any other personal information will be confidential and stored securely.
More information can be found in the OHIP FAQ
There may be duplication of certain data elements, such as social determinants of health, when assessments are submitted to both systems. Efforts are made to ensure interoperability, allowing shared data elements to populate automatically between the two systems where possible. However, since the data is sent to two separate databases, some duplication is expected. The configuration and security of these data elements should be managed according to the specific requirements of each system.
Ontario Health does not currently provide standardised language or resources for privacy and confidentiality regarding the PDS. However, this will be further explored and organizations are encouraged to check with Ontario Health for further guidance in the future.
If a client has any questions, concerns, complaints about the provincial data collection they can contact their HSP’s Privacy office.
If a client feels that their concerns regarding compliance with PHIPA have not been addressed, they may also contact the Information and Privacy Commissioner of Ontario (IPC):
Information and Privacy Commissioner/Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario Canada M4W 1A8. Web: www.ipc.on.ca.Telephone: 4163263333 or 1800-387-0073
