FIPPA Frequently Asked Questions

Freedom of Information and Protection of Privacy Act (FIPPA) Frequently Asked Questions (FAQ)

What is FIPPA?

As of January 1, 2012, hospitals are designated as institutions under the Freedom of Information and Protection of Privacy Act (FIPPA). After that date, the public has the right to make a request for access to a wide range of records which came into the custody or control of the hospitals on or after January 1, 2007. There are certain exclusions and exemptions from the right of access.

Return to Questions

What is the purpose of FIPPA?

FIPPA has two main purposes: granting access to information and protecting the privacy of individuals.

Access: The purpose of FIPPA is to provide a right of access to information in the custody or under the control of institutions in accordance with the principles that:

  • Information held by the government and the broader public sector should be available to the public;
  • Limitations on the right of access should be narrow and specific; and,
  • Decisions on the disclosure of information should be reviewed independently of the hospital's control of the information.

Privacy: FIPPA protects the privacy of individuals with respect to personal information about themselves held by institutions and provides individuals with a right of access to the information. These concepts are similar to those the hospital already employs with respect to personal health information under the Personal Health Information Protection Act, 2004.

Return to Questions


What kind of information can be accessed under FIPPA?

FIPPA provides access to information that is recorded, or that can be made into a record, whether in print, audio or electronic form that came into the custody or control of the Hospital on or after January 1, 2007.

Return to Questions


What records are not covered by the Act?

Personal Health Information is subject to the Personal Health Information Protection Act (PHIPA) legislation and is excluded from FOI legislation. In addition, records subject to the Quality of Care Information Protection Act (QCIPA) are excluded.

Other exclusions include:

  • Administrative records of a regulated health professional, re: personal practice
  • Records re: operations of a hospital foundation
  • Records re: charitable donations made to the hospital
  • Records re: the provision of abortion services
  • Records re: certain labour relations, employment matters
  • Records re: certain appointment, privileging matters
  • Certain records respecting or associated with research (including clinical trials)
  • Certain records of teaching materials
  • Certain records re: ecclesiastical matters

Return to Questions

How do I find out what information AMGH has?

A Directory of Records and Personal Information Banks FORM is available online and contains a list of categories of records and personal information held by AMGH.

Return to Questions

What is a Freedom of Information (FOI) access request?

An FOI (or access to information) request is an official written request for information form an organization covered by the Freedom of Information and Protection of Privacy Act (FIPPA). Visit the Make a FOI Access Request section for more information.

Return to Questions


Who can make a FIPPA request?

Anyone can make a FIPPA request. The requester does not have to live in Ontario—or even in Canada. The requester does not need to be a Canadian citizen.

  • General Records Request - Any person can request access to general records. A person includes individuals and organizations, such as corporations, partnerships and sole proprietorships.
  • Request for One’s own information - Only an individual (or his/her personal representative) can make a personal information request for access to his/her own personal information.

Return to Questions

How do I make a FIPPA request?

All FIPPA requests must be submitted in writing and accompanied by a fee of $5.00 to the Freedom of Information Coordinator. Please see Making a FIPPA Request and Fees Section.

Return to Questions

Is the requestor required to provide a reason for his or her request?

AMGH is permitted to ask for the purpose of a request if this will assist in identifying the specific records that the requestor is looking for. However, the requestor has no obligation to provide reasons.

Return to Questions

Do I always need to make a formal FOI access request in order to obtain hospital information?

Some hospital records may already be available to you without making a request in writing under FIPPA. Browse the hospital website or contact the Freedom of Information Office if you have a question about whether the information may be available without submitting a formal FOI Access Request.

Return to Questions


When can I expect a response to an FOI access request?

In most cases, you will receive a written response to your FOI access request within 30 days after the form and fees are received. In some cases, it may take longer to receive a response, depending on the size and complexity of the request.

Return to Questions

How do I appeal a decision?

AMGH must provide a notice in writing to the requestor if your request for information is denied. Requestors have a right to appeal a decision to the Information and Privacy Commissioner (IPC) of Ontario. The IPC's website provides more information on how to make an appeal.

Return to Questions

How do I correct my own personal information?

Visit the Request Access to or Correct Personal Information section for more information on correcting inaccuracies in your personal information held by the hospital.

Return to Questions

How do I request my personal health information?

Access to personal health information, such as in a patient's medical chart, is not available under FIPPA. The Personal Health Information Protection Act (PHIPA) applies to a patient's medical information and the hospital protects medical information in accordance with PHIPA. You are able to access or correct your own personal health information by contacting the Health Records Department.

Return to Questions


If I make a request for information or contact the organization about a privacy breach, is my identity protected?

If you make a request for information or contact an organization about a privacy breach, your identity must not be disclosed to individuals outside of that organization without your consent. Within the organization, your identity may only be disclosed to employees who need the information to perform the duties of their job, and that disclosure must be necessary and proper to carry out the organization's functions.

Return to Questions


Who Do I Contact for Information Regarding Freedom of Information and my Health Card?

Email questions to


Return to Questions