St. Joseph's General Hospital Health Care with Compassion  
Respecting Privacy

Information Access & Privacy – Your Health Record


While you are receiving care within our organization, staff, physicians and other authorized individuals associated with St. Joseph's (e.g. contracted service providers) will collect personal and current information from you to provide you with physical, emotional, psychological and spiritual care, treatment and services. In some cases, your family, friends or legally authorized representative may provide us with information, or we may obtain copies of records from other health care organizations that will be helpful to your care. We may also obtain information from external sources such as medication information from PharmaNet, diagnostic results from laboratories and confirmation of your personal health number from the Ministry of Health Services.

If you have any questions about this information, please contact the
Freedom of Information Coordinator at
(250) 339-1441 (telephone), (250) 339-1442 (fax) or

Why We Collect

We require this information to assist us in providing you with care and services. We also require your information for purposes of determining eligibility, as applicable, for various benefits and services.

Under What Authorization Do We Collect

We collect this information under the primary authority of the Hospital Act and Regulations and the Health Authorities Act, however, other legislation, including but not limited to the Hospital Insurance Act, Continuing Care Act, Health Act and Mental Health Act, also allow us to collect your personal information. We will collect, use and/or share your personal information only as our authorizations allow or with your consent.

Our Commitment to Protect Your Information

We will take measures to ensure that your personal information is treated in a confidential manner according to the Freedom of Information and Protection of Privacy Act (FOIPPA) and will share the necessary and relevant information only for the purposes of:

  • your ongoing care and services;
  • maintaining contact with you and/or to assist us in continually improving the quality of our care and services;
  • education and research with consent or as authorized under the FOIPPA; and
  • as prescribed by law, including the FOIPPA.

Accessing your Health Record

Everyone treated at St. Joseph’s has a health record. These records contain documents such as reports from care providers, test results, treatments and pharmacy information. Health records can be paper based, electronically generated or a combination of both.

Authorization for Release of Information (pdf)

How do I request my health records?

You or your authorized representative can request access to or copies of your health record by completing the Authorization for Release of Information form and submitting it in person or by mail to the Health Records Department, St. Joseph’s General Hospital, 2137 Comox Avenue, Comox, BC V9M 1P2 or via fax at 250-339-1442. We will assist you in accessing the records you wish to see and are entitled to receive.

How long will it take to obtain copies of my health record?

You will receive a response within 30 business days from the date we receive your written request.

Is there a fee?

Generally no, but you may be charged for special processing of your request. For example, courier fees, special delivery or other special processing services.

Release of Information

The Freedom of Information & Protection of Privacy Act, in addition to assuring confidentiality and privacy, sets the rules enabling us to disclose information that pertains to you or that we can lawfully disclose to the public. For assistance with the release of information, please contact the Health Records Department at 250-339-1441 or email

Privacy Code

The access to and privacy of personal health information will be guided by St. Joseph’s General Hospital's Privacy Code principles, consistent with provincial and federal legislation.


Principle 1 - Accountability

St. Joseph’s General Hospital is responsible for all personal information under its control.

Accountability for our compliance with the Privacy Principles rests with the Chief Privacy Officer, even though other individuals within St. Joseph’s General Hospital have responsibility for the day-to-day collection and processing of personal information and may be delegated to act on behalf of the Chief Privacy Officer.

We are responsible for personal information in our possession or custody, including information that has been transferred to a third party for processing. We will use contractual or other means to provide a comparable level of protection when the information is being processed by a third party.

Principle 2 - Identifying Purposes

We will identify and document the purposes for which we collect, use or disclose personal information at or before the time of collection.

The purposes will be limited to those which are related to the provision of health care which a reasonable person would consider are appropriate in the circumstances. We collect, use and disclose personal information concerning our patients for the following reasons:

  • to provide health care services,
  • to meet requirements under federal and provincial laws.

We collect, use and disclose personal information concerning our employees for the following reasons:

  • to recruit, train, recognize and retain a highly qualified and motivated workforce;
  • to establish and maintain harmonious employer-employee relations;
  • to administer St. Joseph’s General Hospital policies and procedures, including investigations related thereto;
  • to manage and promote the health care services of St. Joseph’s General Hospital;
  • to administer compensation and benefits;
  • to develop, manage and promote employee services; and
  • to meet requirements imposed by law.

Principle 3 - Consent

Personal information will be collected, used or disclosed with the knowledge and consent of the individual, except where inappropriate.

The consent to treatment will be the manner in which we obtain consent for the collection of patient information, and the employment application will be the means by which we collect employee information.

In certain circumstances, as permitted or required by law, we may collect, use or disclose personal information without the knowledge or consent of the individual. These circumstances include:

  • personal information which is subject to provider/patient, employer/employee privilege or is publicly available as defined by regulation;
  • where collection or use is clearly in the interests of the individual and consent cannot be obtained in a timely way;
  • to investigate a breach of an agreement or a contravention of a law;
  • to act in respect to an emergency that threatens the life, health or security of an individual;
  • for debt collection; or to comply with a subpoena, warrant or court order.

Principle 4 - Limiting Collection

We will limit the amount and type of personal information collected to that which is necessary for our identified purposes, and we will only collect personal information by fair and lawful means.

Principle 5 - Limiting Use, Disclosure and Retention

Personal information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information will be retained only as long as necessary to fulfill the identified purposes and in accordance with health care and labor standards.

Principle 6 - Accuracy

We will use our best efforts to ensure that personal information is as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.

Principle 7 - Safeguards

We will protect personal information with safeguards appropriate to the sensitivity of the information.

Our safeguards will protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held. We will make our employees aware of the importance of maintaining the confidentiality of personal information, and we will exercise care in the disposal or destruction of personal information to prevent unauthorized parties from gaining access to the information.

Our methods of protection will include physical measures (for example, locked filing cabinets and restricted access to offices), organizational measures (for example, security clearances and limiting access on a "need-to-know" basis), and technological measures (for example, the use of passwords and encryption).

Principle 8 - Openness

We will make specific information about our policies readily available, except to the extent this is confidential commercial information.

The information we will make available will include: how to gain access to personal information; the type of personal information held by us, including a general account of its use; general information concerning our code and policies; what personal information is made available to related agencies; and how to contact the Chief Privacy Officer.

Principle 9 - Individual Access

Upon written request, we will inform an individual of the existence, use and disclosure of his or her personal information and we will give the individual access to that personal information. An individual can challenge the accuracy and completeness of his or her personal information and have it amended as appropriate.

We will respond to an individual’s written request within a reasonable time (generally within 30 days). We will assist any individual who informs us that they need assistance in preparing a request. We may require an individual to provide sufficient information to permit us to provide an account of the existence, use and disclosure of personal information.

If an individual successfully demonstrates the inaccuracy or incompleteness of personal information, we will amend the information as required. If a challenge is not resolved to the satisfaction of the individual, we will record the substance of the unresolved challenge. Where appropriate, the amended information or the existence of the unresolved challenge, as the case may be, will be transmitted to third parties having access to the information in question.

In certain situations, we may refuse a request or not be able to provide access to all the personal information we hold about an individual. Exceptions to the access requirement will be limited and specific, as permitted or required by law. Where permitted, the reasons for denying access will be provided to the individual upon request.

Principle 10 - Challenging Compliance

Any individual can address a challenge concerning our compliance with any of the privacy principles to the Chief Privacy Officer.

We will investigate all written complaints. If we find a complaint to be justified, we will take all appropriate measures including, if necessary, amending our policies and practices.