Your Javascript is DISABLED. This site is best viewed with javascript enabled.
This site does not support your browser, Internet Explorer 6. Please upgrade your browser now.

Privacy Policy

Personal Health Information Privacy:  It’s Your Right and Our Obligation

Statement of Information Practices

CMHA Huron Perth will provide a statement of information practices to all clients who provide personal health information to CMHA Huron Perth. This statement will be provided to all clients as they begin to receive services from CMHA Huron Perth. The statement is also displayed on the agency’s website.

Client Consent to Collect, Use and Share Personal Health Information

The purpose of this policy is to describe the circumstances in which the CMHA Huron Perth Branch will obtain the express consent of its clients to collect, use and share their personal health information.

CMHA Huron Perth is a health information custodian (HIC) subject to the provisions of the Personal Health Information Protection Act, 2004 (PHIPA). PHIPA permits HICs such as CMHA Huron Perth to collect, use and share the PHI of their clients with other HICs who are involved in the provision of health care to the client without obtaining the express consent of the individual. These HICs are often described as being within the client’s Circle of Care. HICs may collect, use and share a client’s PHI with other HICs within the client’s Circle of Care on the basis of assumed implied consent. This means that, unless the HIC is aware that the client has expressed otherwise, it may assume that the client has provided his/her consent to collect, use and share their PHI with the other HICs within their Circle of Care.

CMHA Huron Perth will obtain the express (written) consent of its clients to collect, use and share the PHI of its clients with other HICs within the client’s Circle of Care. CMHA Huron Perth will document the client’s consent on the form: Client Consent Form to Collect, Use and Share Personal Health Information.  

Disclosure without Consent

There are special circumstances where an individual’s PHI can be disclosed even if a client has not provided consent to share this information. If CMHA Huron Perth believes “on reasonable grounds” that sharing of information is necessary to eliminate or reduce a significant risk of serious bodily harm to the individual or to another person. An example would be when information is provided to a psychiatrist if a person has made a suicide intention. CMHA Huron Perth’s Case Manager may provide this information without the consent of the person.

Other circumstances include situations where police with an executed court order request disclosure of a client’s file or specific information in the file. CMHA Huron Perth is required to disclose the information even if the client has refused to provide consent. PHIPA also provides situations where both mandatory and discretionary disclosures may override a client’s consent. The fact that a client has declined consent does not mean that information cannot be disclosed under certain situations.


All clients will be provided with an explanation of how Personal Health Information (PHI) is collected, used and shared within CMHA Huron Perth and others within the Circle of Care. Clients will be provided with a copy of this policy by the CMHA Huron Perth intake staff person.
The intake staff will explain the difference between implied and express consent to the client. It is CMHA Huron Perth policy to have a consent form completed to avoid any confusion about the client’s wishes.

Clients will be advised that sharing information with other service providers, medical practitioners and family members is an important aspect of supporting their recovery goals.

The client is also advised that they may withhold their consent to release information or later withdraw their consent to all or specific organizations or individuals. To withdraw consent the client will advise the Case Manager and a new Client Consent Form will be completed and dated. This new form is entered into the electronic file replacing the original consent.

The client will complete and sign the consent form which will become part of the electronic client file. The consent remains in effect until it is withdrawn, changed, or the client leaves the Agency’s services. 

Client Requests for Access to Personal Health Information

The purpose of these procedures is to explain how CMHA Huron Perth responds to requests from clients for access to, or the correction of personal health information in the custody of, or under the control of the agency.

The Personal Health Information Protection Act, 2004 (PHIPA) provides that, subject to certain limited exceptions, individuals or their substitute decision makers (SDM’s) have a right to access and correct their personal health information within the custody or control of health information custodians (HIC’s). CMHA Huron Perth is a HIC and must respond to requests for access to PHI within 30 days of the receipt of the request.


When a client requests to see their file the following steps are taken:

  1. The Case Manager meets with the client and assists him/her to clarify what information is being requested. The Case Manager will forward the request, within 5 business days to the Information Privacy Officer (Program Analyst). If the Case Manager meets with a SDM there should be verification to confirm their legal authority. 
  2. The Privacy Officer provides a written decision to the client, with a copy to the Case Manager indicating the decision about access to the information. If access is denied to any of the information the reasons for the denial is included in the written decision.
  3. The Case Manager and client establish a mutually agreeable time for the client to meet in either of CMHA Huron Perth’s office locations.
  4. Some sources of information are protected if these have not originated from CMHA Huron Perth. This may include law enforcement notes, comments from family members or others involved with the client, reports or documents from another health provider.
  5. A printed copy of all information which can be shared with the client will be provided by the Case Manager at the meeting with the client. The Case Manager will remain in attendance while the client reviews the information.
  6. The Case Manager completes a note to document that the information was provided and reviewed by the client.
  7. If the client requests correction to any of the reviewed information a written request will be made to the Privacy Officer with the assistance of the Case Manager.
  8. The Privacy Officer will advise the client, and copy the Case Manager about the decision to correct the information within 5 business days.

 For More Information, Comments or Complaints


If you would like more information or to raise a concern you have with our privacy practices or for information on how to contact the Information and Privacy Commissioner of Ontario, contact John Robertson, Executive Director at 273-1391 or 527-2442 extension 310.