HDIRS' Privacy Notice
Hospital Diagnostic Imaging Repository Services (HDIRS) is one of three regional diagnostic imaging repositories (DIRs) in Ontario that enables hospitals and independent health facilities (e.g., diagnostic imaging facilities) to share your personal health information (PHI) to support diagnosis, treatment, and care.
HDIRS is a health information network provider (HINP), a type of service provider under Ontario’s Personal Health Information Protection Act (PHIPA) regulations, O. Reg. 329/04. As a HINP, HDIRS works on behalf of connected hospitals and independent health facilities to make your diagnostic images (e.g., X-rays, MRIs, CT scans) and related reports available to one another. HDIRS services include:
- Enabling hospitals to access your diagnostic imaging information from other hospitals and independent health facilities through the HDIRS DIR.
- Safeguarding your PHI in the DIR.
- Coordinating the secure transmission of your PHI in the HDIRS DIR between the hospitals and independent health facilities using the eHealth Ontario network and other third-party service providers vetted and closely monitored by HDIRS.
HDIRS also provides additional services to its members sites that support them with other important activities (e.g., peer review of radiologists) or help make your images in the DIR available to you through third-party technology (e.g., PocketHealth).
As a service provider, HDIRS has an enterprise-wide privacy program to support our compliance with the requirements of PHIPA and its regulations as well as our agreements with the member and client sites. We follow recognized standards in privacy and information management to safeguard your PHI more broadly. Below is a summary of our privacy program and practices for PHI.
Accountability for Privacy
The Chief Privacy and Security Officer (CPSO) is accountable for ensuring that HDIRS complies with its privacy obligations.
HDIRS’ Privacy Program
The CPSO has developed and implemented an enterprise-wide privacy program through which HDIRS has defined and meets its privacy obligations.
- Privacy and information management procedures to ensure that HDIRS employees appropriately limit their access to and use, disclosure, and retention of your PHI for the purposes of providing and managing the DIR services.
- Privacy training and awareness for all new employees, with refresher privacy training provided on a periodic basis.
- Processes for identification and management of privacy risks.
- Privacy review activities to confirm that HDIRS complies with its privacy requirements.
Getting your consent to collect, use, and disclose your diagnostic images and reports is the responsibility of the hospital or health facility that captures, accesses, and shares your diagnostic images in the DIR.
If you want to withdraw your consent for your images and related reports to be accessed or shared, you must contact the hospital or health facility that created your diagnostic images.
HDIRS has implemented information security safeguards to protect your PHI in the DIR from unauthorized collection, use, disclosure, and retention. Key safeguards include, but are not limited to:
- Access controls on HDIRS information management systems (electronic and hard copy) to ensure that access to your PHI by employees and third-party service providers has been appropriately limited.
- Data protection measures, including protection (e.g., encryption) of your PHI when transmitted between HDIRS, the hospitals, the independent health facilities, and third parties.
- Network protections, including firewalls, intrusion detection and prevention measures, and anti-malware protections.
Your Privacy Rights
You must contact the healthcare provider that ordered or reviewed your diagnostic tests and results for the following privacy matters:
- Request a copy of your information in the DIR.
- Request access to information about how the hospitals or health facilities have been using, accessing, and sharing your information in the DIR.
- Request a correction to your diagnostic image and/or report in the DIR.
- Make a privacy inquiry or complaint about how the hospitals and health facilities are managing and ensuring the privacy of your information in the DIR.
If you contact HDIRS regarding any of the above, we will forward your request to the hospital or health facility that placed your information in the DIR.
Contacting the HDIRS CPSO
If you have a general inquiry or complaint about the service that we provide to hospitals and diagnostic imaging clinics or our privacy and security program, contact us.