Privacy & Security

The Resource Matching & Referral (RM&R) program is dedicated to protecting patient privacy. We ensure personal health information is kept confidential and shared only with the right clinicians at the right time to support safe, coordinated care.

How RM&R uses patient health information

The RM&R application collects personal health information (PHI) to help connect patients with the right healthcare programs and services. This information allows referrals to be reviewed, managed, and acted on so patients can receive appropriate care.

Who can access patient information

PHI may be shared with healthcare organizations and professionals involved in patients’ care, known as Health Information Custodians (HICs). Access is limited to those who need the information to review referrals and provide treatment.

Patient privacy and safeguards

All organizations and clinicians using RM&R handle PHI with care and respect. They follow Ontario’s Personal Health Information Protection Act (PHIPA), other applicable privacy laws, and RM&R policies and procedures to protect patients’ information.

All participating organizations have signed the RM&R Data Sharing Agreement
Organizations must follow privacy‑compliant policies and procedures
RM&R staff complete annual privacy training and a privacy quiz

These measures ensure everyone understands their responsibility to protect patient privacy.

Patient consent

Clinicians sending referrals through RM&R rely on implied patient consent, unless they are aware that consent has been withheld or withdrawn. This means patients’ information is shared only to support patients’ care.

Technical safeguards

Storing referral data on secure servers
Regularly updating, reviewing, testing, and backing up systems
Using technical protections such as firewalls and automatic session time‑outs

Oversight and accountability

RM&R’s privacy program is overseen by:

The RM&R Privacy & Security Working Group
The RM&R Executive Committee

University Health Network (UHN) supports RM&R as the Health Information Network Provider (HINP) and also participates as a referring and receiving organization.

Learn more about privacy and security at RM&R

Explore the resources below to learn more about how RM&R protects privacy and secures personal health information.

Privacy Reference Materials

University Health Network’s Privacy Policies
The Personal Health Information Protection Act, 2004
Guidelines for the Protection of Health Information Canada’s Health Informatics Association (COACH)
Privacy Best Practices Guidelines Canadian Institute of Health Research (CIHR)
Health Information Privacy Code Canadian Medical Association (CMA)
Model Code for the Protection of Personal Information Canadian Standards Association (CSA)
Canada Health Infoway Privacy & Security Architecture Canada Health Infoway (CHI)
Guide to Information Security for the Health Sector eHealth Ontario