- Can I access my personal health information in BORN?
- How does BORN Ontario protect personal health information?
- What kinds of information does BORN collect?
- Why does BORN collect personal health information?
- Who can use the personal health information collected by BORN Ontario?
- How does BORN support external research?
- Who can I contact if I have questions, complaints or concerns about BORN privacy practices?
PHIPA does not require BORN to provide individuals with access to records of their own personal health information. However, as a privacy best practice, if you make a request to BORN to access your own personal health information, BORN will confirm whether or not your information exists in the system and direct you to the health information custodian who was the source of the information. BORN will encourage you to contact the original healthcare provider for access to the information so you have the best information and the best opportunity to have it explained, if necessary.
Requests to correct or change your personal health information will be referred to the health information custodian who provided the information to BORN, where issues of accuracy and completeness can be best addressed.
BORN’s special registry status under the Personal Health Information Protection Act, 2004 (PHIPA) comes with certain obligations that BORN takes very seriously. To ensure personal health information is protected, BORN has put in place strong privacy protections for all the personal health information it receives.
Personal health information within BORN is protected by administrative, physical and technological controls that conform to industry best practices for security and safeguards against unauthorized accidental or intentional release of information.
Examples of these protections include:
- All staff complete mandatory privacy training and sign a confidentiality agreement
- Staff access to data is limited by specific authorization on a need-to-know basis
- Facilities have controlled access and secure areas for computer storage
- All data access is tracked
- Systems employ firewalls, passwords and encryption to ensure electronic information is secure
The BORN privacy and security policies and procedures are approved by the Ontario Information and Privacy Commissioner (IPC) and are reviewed by the IPC every three years. BORN also conducts audits and investigations to monitor and manage our privacy compliance.
The information BORN collects includes:
- Information about hospital births in the province, including interventions and outcomes in labour and birth
- Results and follow-up from prenatal screening provided to pregnant women for Down syndrome, trisomy 18 and neural tube defects
- Information about services provided to women whose babies have suspected or confirmed birth defects
- Information about pregnancies and births attended by midwives
- Newborn screening test results indicating whether a baby might be at risk a rare but treatable disease
BORN collects personal health information to facilitate or improve the provision of healthcare and conduct research. More specifically, BORN uses the information for purposes of:
- Supporting evidence-based decisions in maternal and infant care
- Monitoring maternal and perinatal system performance, including analyzing and identifying gaps in the delivery of maternal or perinatal services
- Facilitating access to specialized care and treatment for women who have screened positive during their pregnancy for congenital anomalies or metabolic disorders
- Ensuring screening for these anomalies and metabolic disorders are offered to all women and babies
- Providing advice to LHINs, hospitals, healthcare providers and the Ministry of Health and Long-Term Care on effective management and planning
- BORN staff who are trained in privacy, have a need to use personal health information in their specific role and have signed confidentiality agreements, are authorized by BORN to access and use personal health information to carry out required BORN functions.
- Hospitals and other healthcare organizations that provide information to BORN can, where specifically authorized by BORN and the organization, access and use only the personal health information that the organization provided to BORN.
- Researchers can obtain BORN information for specific research purposes where there is a research plan in place, research ethics board approval has been obtained, and agreements compliant with the strict requirements of the Personal Health Information Protection Act, 2004 (PHIPA) have been signed with BORN.
BORN is committed to supporting research that improves the quality, access to, and integration of services for mothers infants and children in Ontario. BORN considers applications from researchers who require BORN information to conduct research. BORN undertakes a rigorous process of review for all requests from researchers, including ensuring that only the minimum amount of personal health information is provided.
Where possible, BORN approves the use of de-identified or aggregate information for the research. If personal health information is required, the researchers must have research ethics board approval and must be compliant with the requirements set out in the Personal Health Information Protection Act, 2004 (PHIPA).
Questions or concerns about BORN privacy policies or procedures may be addressed to the BORN Privacy Officer:
BORN Ontario Privacy Officer
CHEO Research Institute | Centre for Practice-Changing Research Building
401 Smyth Road, Ottawa, ON | K1H 8L1