Skip to navigation content (Press Enter).

McMaster University

Privacy at McMaster

The Privacy Governance and Accountability Framework

The Privacy Governance and Accountability Framework applies to all McMaster University faculty, staff and students when handling personal information or personal health information on behalf of the institution. The Framework came into effect on June 16, 2015, and was updated July 1, 2017.


All University employees who have access to personal health information during their employment and are involved directly or indirectly in the provision of patient care, must complete mandatory training.   

Personal health information is information about an individual that:

  • Identifies a person
  • Connects that person to receiving care at a hospital or another health care provider
  • Personal Health Information is defined in PHIPA as identifying information about an individual in either oral or recorded form that relates to the physical or mental health of the individual; relates to the provision of healthcare to the individual, including the identification of a provider of healthcare to the individual;
  • Any employees who interact with patients may unknowingly have access to personal health information. Examples include: Administering tests, managing appointments, diagnoses, prescriptions etc.

Please direct all inquiries regarding any difficulties registering for the PHIPA course to the Faculty of Health Sciences Chief Operating Officer.

The mandatory training, PHIPA for Health Professionals is available online through Avenue to Learn. Employees can access Avenue to Learn through Mosaic and need to request access to the training. If you aren’t sure if the training applies to you or your role, speak to your manager, or contact the Privacy Office.



All McMaster employees (faculty, staff, and students) are invited to take the new Primer on Privacy course. This self-directed course is available for self-registration through Mosaic. Here are instructions on how to register, and an FAQ. Please note that the course name is privacy.


Freedom of Information and Protection of Privacy Act (FIPPA)

The purpose of the Freedom of Information and Protection of Privacy Act (FIPPA) is to provide a right of access to information under the control of McMaster University and to protect personal information held by McMaster. 


Notice of Collection

The University has developed a Notice of Collection statement, outlining the kind of personal information that is collected and the use that is made of such information.


Canadian Anti-Spam Legislation (CASL)

The purpose of the Canadian Anti-Spam Legislation (CASL) is to more carefully control the use of spam (ie. unwanted Commercial Electronic Messages or CEMs) in electronic messaging. CASL came into effect on July 1, 2014.


New IPC Guidance – Personal Email Accounts and Instant Messaging Tools

The Information and Privacy Commissioner of Ontario has released a new guidance document today: Instant Messaging and Non-Institutional Email Accounts: How to Meet Your Access and Privacy Obligations.

This document was developed to help Ontario’s public institutions manage the use of instant messaging and personal email accounts when doing business. All employees should be aware records relating to an institution’s business that are created, sent or received through instant messaging or personal email accounts are subject to Ontario’s access and privacy laws.