Pediatric Oncology Group of Ontario
ABOUT POGO CARE EDUCATION RESEARCH MEDIA POGONIS DATABASE SAVTI PRIVACY
WAYS TO HELP HEALTHCARE PROFESSIONALS PATIENTS & FAMILIES SURVIVORS

Frequently Asked Questions About Information Privacy Protection at POGO

Authority

Q: How is POGO authorized to use health information collected in Ontario?

A: POGO is named as a prescribed entity for purposes of section 45 of the Personal Health Information Protection Act, 2004. Under this designation, POGO can receive and use personal health information without consent for analyzing and compiling statistical information that helps manage, evaluate, monitor, allocate resources and plan for our health care system.

POGO receives personal health information from many sources, including persons or organizations in the health sector defined as “health information custodians” under the Personal Health Information Protection Act, 2004, such as the Ministry of Health and Long-Term Care, physicians, hospitals, laboratories, pharmacies and long-term care homes.

In order to have this privilege, however, POGO must have in place policies, practices and procedures to protect the privacy of individuals whose personal health information POGO receives and to maintain the confidentiality of that information. These policies, practices and procedures must be reviewed and approved by the Information and Privacy Commissioner of Ontario every three years.

Q: Why does POGO need health information?

A: POGO uses personal health information to improve the circumstances of Ontario’s children with cancer, their families and caregivers, through the development and implementation and continual refinement of an accessible, well integrated provincial childhood cancer system.

This personal health information helps POGO assess how well the childhood cancer health system is performing, identify areas of strength, recommend areas that need improvement and then plan and coordinate programs and services to meet the ongoing needs of children with cancer, caregivers and healthcare professionals.

The scope of POGO’s activities includes:
• Identifying and analyzing trends, patterns and outcomes of children with cancer
• Identifying gaps in the delivery of cancer care services
• Developing, implementing and evaluating new programs of care, and identifying the optimal location of such programs
• Evaluating the financial and economic implications of childhood cancer control programs
• Assessing the status of survivors and their related quality of life
• Providing information to policy makers and government to help shape decision making to reflect the needs of children in Ontario with cancer.

In addition, POGO may collect and use personal health information to conduct research related to childhood cancer treatment. However, prior to collecting and using personal health information for research purposes, POGO complies with all the requirements of the Personal Health Information Protection Act, 2004.

Q: How is the health information reported?

A: POGO reports health information only through the interpretation of aggregate data, not individual data. That is to say, no individual can be identified from the reports. Most information is published in medical journals or in special reports for a variety of stakeholders, including the Ministry of Health and Long-Term Care.

Q: Can I see these reports?

A: Anyone can access these reports.  You can find lists of publications by clicking here.

Information Collection

Q: What types of health information does POGO collect?

A: POGO receives personal health information abstracted from medical records of hospitals in the province of Ontario who treat childhood cancer  patients or childhood cancer survivors. POGO also receives personal health information from other administrative databases, registries and surveys, such as those from patients and their families and Vital Statistics Canada. In addition, POGO receives personal health information from other entities and persons who maintain registries of personal health information that are prescribed in the Personal Health Information Protection Act, 2004, such as Cancer Care Ontario.

Q: What other types of information does POGO collect?

A: POGO collects information related to the financial assistance received by families from POGO, as well as information from community nursing services provided by the Pediatric Interlink Community Cancer Nurses and information related to hospital staffing, which is used to help understand how many professionals are needed and where. Publicly available information, such as population estimates and Statistics Canada census area profiles, are also collected.

Q: How do you know the health information is correct?

A: POGO conducts regular audits with the persons or organizations that supply personal health information to POGO.

Q: Am I identified by name in the database held by POGO?

A: The POGO database (POGONIS) contains personal identifiers. However, only a limited number of staff who require access to these identifiers in carrying out their responsibilities have access to these identifiers in a secured data centre.

Information Sharing and Access

Q: Do you give other people information that could identify me?

A: POGO only discloses your personal information or personal health information with your consent or as permitted or required by law, including the Personal Health Information Protection Act, 2004 and its regulation.

Q: Can I see the information that POGO has about me?

A: POGO does not provide individuals with access to their personal health information, but rather, refers the individuals or their substitute decision-makers to the responsible health care provider.

Information Security

Q: How do you protect my health information?

A: Rigorous privacy policies, practices and procedures for the protection of personal health information have been implemented and are based on Ontario’s Personal Health Information Protection Act, 2004 and on the ten guiding principles found in the Canadian Standards Association Model Code, which is part of the federal Personal Information Protection and Electronic Documents Act.

All POGO staff undergo mandatory privacy training and annually sign a confidentiality agreement.

POGO’s comprehensive security controls address the organization’s operational, technological and physical space. For example, there are strict policies that limit access to personal information in POGO’s custody. POGO’s facility has 24/7 tracked key access and video surveillance. Personal information, including personal health information, is stored in a secure area within the POGO office. This area is accessed only by a few designated staff. The database server has no external connection to ensure the security of the information. Computer passwords are frequently changed, firewalls and computer software are in place for tracking activity and data encryption techniques are always employed.

Finally, the expertise of external security personnel is used to test the integrity of POGO’s security and to ensure it is up to date with technology.

Q: How long do you keep the health information and how is the health information destroyed?

A: POGO’s mandate requires that it hold personal health information on an on-going basis in order to satisfy long-term follow-up of pediatric oncology treatment and outcomes. For specific research purposes, POGO retains personal health information as long as necessary to fulfill the purpose of the research project/s for which the personal health information was collected.

Electronic files are securely deleted (magnetized or erased), paper is shredded by bonded professional shredding companies, CDs are perforated and broken and tapes are securely destroyed with a magnetizing device.

Research Ethics

Q: How do you ensure that research studies done at POGO are conducted ethically?

A: All research studies conducted by POGO are conducted in compliance with the requirements of the Personal Health Information Protection Act, 2004, which includes the preparation of a written research plan and obtaining Research Ethics Board approval of the research plan prior to using personal health information. In addition, all research studies undergo review by POGO scientists to ensure that the research plan investigates important health questions and that the study methodology is appropriate.

Q: Do you have a commercial interest in the research? Who supports research at POGO?

A: No, as a non-profit charitable organization, POGO research is not supported by commercial interests. Funding is received from a variety of sources, including the Ontario Ministry of Health and Long-Term Care, the POGO Development Office (fundraising), the POGO Chair in Childhood Cancer Control and other granting foundations.

Q: Do you sell the information you have about me?

A: No.

Accountability

Q: Who makes sure that POGO is conducting its work appropriately?

A: POGO is accountable to the Ontario Ministry of Health and Long-Term Care.

POGO’s Privacy Officers ensure that all collections, uses and disclosures of personal information, including personal health information, comply with all applicable laws including the Personal Health Information Protection Act, 2004. As an example, POGO’s Privacy Officers ensure that prior to the use of personal health information for research purposes and prior to the disclosure of personal health information for research purposes without consent, that a research plan is prepared in accordance with the requirements in the Personal Health Information Protection Act, 2004 and that the research plan has received Research Ethics Board approval.

POGO also undergoes electronic security audits by external security experts to protect the confidentiality and security of personal information and personal health information.

Additionally, policies, practices and procedures implemented by POGO to protect the privacy of individuals whose personal health information POGO receives and to maintain the confidentiality of that information are reviewed and approved by the Information and Privacy Commissioner of Ontario every three years.

Q: Who is responsible for the security of the health information and protecting privacy interests?

A: The Executive Director of POGO and the POGO Privacy Officers are responsible for ensuring the security and confidentiality of the personal health information.

For more information, please direct inquires to:

Bruna DiMonte RN, BScN
Senior Database Administrator & Co-Privacy Officer

Madeline Riehl MHSc
Senior Associate Research and Planning & Co-Privacy Officer


About POGO Care Education Research POGONIS Contact Us

Copyright © Pediatric Oncology Group of Ontario (POGO) 2006. All Rights Reserved.
480 University Avenue, Suite 1014, Toronto, Ontario, M5G 1V2, Canada
Charitable Registration Number: 871067245RR0001
x   |  Website Disclaimer  |  Website Privacy Policy  |